locked
OCS 2007 R2 does not work after install - has no users and can't add any RRS feed

  • Question

  • I've just installed OCS 2007 R2 to eval, trying to get IM working with the ICT team to start with. Install worked without errors, all services started all appears OK on the surface.
    In management snap-in the User container of the Standard edition server I installed on gives an error when I try to find users. The error is: Could not create the query dialog. Can't find any refernce to what this error means.
    In the events log I found only one error event below.

    I can't find any mention of a location proile on any property sheet for the only pool I have and I don't know if this is directly related to the Users container not being populated. So far a total show stopper for the eval.

    Log Name:      Office Communications Server
    Source:        OCS Conferencing Attendant
    Date:          12/02/2009 4:03:27 PM
    Event ID:      33046
    Task Category: (1300)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      OCS.TURSA.local
    Description:
    Location profile is empty or invalid.

    Location Profile should not be empty. Conferencing Attendant may not function correctly.
    Cause: Configuration issues.
    Resolution:
    Ensure that the pool is configured with a valid location profile.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="OCS Conferencing Attendant" />
        <EventID Qualifiers="50452">33046</EventID>
        <Level>2</Level>
        <Task>1300</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2009-02-12T05:03:27.000Z" />
        <EventRecordID>280</EventRecordID>
        <Channel>Office Communications Server</Channel>
        <Computer>OCS.TURSA.local</Computer>
        <Security />
      </System>
      <EventData>
        <Data>Location Profile should not be empty. Conferencing Attendant may not function correctly.</Data>
      </EventData>
    </Event>

    Thursday, February 12, 2009 10:49 PM

Answers

  • Here is info from the deployment doc. You should go download the OCS Deployment docs, all this info is right there.

    Create and Verify DNS SRV and A Records for Client Automatic Client Sign-in

    You must create DNS SRV records in your internal DNS for every SIP domain. The following procedure assumes that your internal DNS has zones for your SIP user domains.

     

    To create a DNS SRV record

    1.       On the DNS server, click Start, click Control Panel, click Administrative Tools, and then click DNS.

    2.       In the console tree for your SIP domain, expand Forward Lookup Zones, and then right-click the SIP domain in which your Office Communications Server will be installed.

    3.       Click Other New Records.

    4.       In Select a resource record type, click Service Location (SRV), and then click Create Record.

    5.       Click Service, and then type _sipinternaltls.

    6.       Click Protocol, and then type _tcp.

    7.       Click Port Number, and then type 5061.

    8.       Click Host offering this service, and then type the FQDN of the Standard Edition Server.

    9.       Click OK.

    10.    Click Done.

    After you have created the DNS SRV record, create a DNS A for the Standard Edition Server.

    To create a DNS A record

    1.       On the DNS server, click Start, click Control Panel, click Administrative Tools, and then click DNS.

    2.       In the console tree for your domain, expand Forward Lookup Zones, and then right-click the domain in which your Office Communications Server will be installed.

    3.       Click New Host (A).

    4.       Click Name (uses parent domain name if blank), and then type the name of the pool.

    5.       Click IP Address, and then enter the IP address of the Standard Edition Server.

    6.       Click Add Host, and then click OK.

    7.       Click Done.

    To verify that the required records have been created successfully, wait for DNS replication (if you have just added the records), and then verify that the records were created as described in the next procedure.

    Note

    For illustrative purposes, the following procedure uses example.com as the domain portion of the SIP URI namespace. When executing these steps, use your actual SIP domain name instead.


     

    To verify the creation of a DNS SRV record

    1.       Log on to a client computer in the domain with an account that is a member of the Administrators group or has equivalent permissions.

    2.       Click Start, and then click Run. In the Open box, type cmd, and then click OK.

    3.       At the command prompt, type nslookup, and then press ENTER.

    4.       Type set type=srv, and then press ENTER.

    5.       Type _sipinternaltls._tcp.example.com, and then press ENTER. The output displayed for the TLS record is as follows:

    Server:  <dns server>.corp.example.com

    Address:  <IP address of DNS server>

    Non-authoritative answer:

    _sipinternaltls._tcp.example.com SRV service location:

              priority       = 0

              weight         = 0

              port           = 5061

              svr hostname   = server1.example.com

    server1.example.com       internet address = <IP address of the Standard Edition Server>

     

    6.       When you are finished, at the command prompt, type exit, and then press ENTER.

    After you configure the DNS records, verify that the FQDN of the Standard Editon Server can be resolved by DNS.

    To verify that the FQDN of the Standard Edition Server can be resolved

    1.       Log on to a client computer in the domain.

    2.       Click Start, and then click Run. In the Open box, type cmd, and then click OK.

    3.       At the command prompt, type ping <FQDN of the Standard Editon Server>, and then press ENTER.

    4.       Verify that you receive a response similar to the following, where the IP address returned is the IP address of the Standard Edition Server.

    Reply from 172.27.176.117: bytes=32 time<1ms TTL=127

    Reply from 172.27.176.117: bytes=32 time<1ms TTL=127

    Reply from 172.27.176.117: bytes=32 time<1ms TTL=127

    Reply from 172.27.176.117: bytes=32 time<1ms TTL=127

    • Proposed as answer by Desmond LeeModerator Monday, February 16, 2009 11:08 PM
    • Marked as answer by MarkEmery Tuesday, February 17, 2009 12:04 AM
    Monday, February 16, 2009 12:47 AM
  • Did you make sure you added your SSL vertificate to the web site in IIS? You can try a manual test and enter https://serverFQDN/abs/int. You should get an authentication request, if not then your IIS is probably not configured for SSL.
    • Marked as answer by MarkEmery Tuesday, February 17, 2009 11:32 PM
    Tuesday, February 17, 2009 1:11 AM

All replies

  • Location profiles are used for number normalization with enterprise voice. You can find this by right clicking the forest, properties, voice settings. You will see it there.

    Mark
    Friday, February 13, 2009 12:36 AM
  • Found the Communications tab in AD Users & Computer on the OCS server and enabled some users. The users container in the pool now has some users, the Find Users still give the dialog error. If I try to look at the properties of a user in the OCS management snap-in the snap-in crashes (worked after a restart).

    Found the default location profile on the front-end properties but the Location Profile list is empty.

    OCS 2007 R2 is running on W2K8 in case that matters.

    The client gets the error that the they can't sign in because server is temporarliy unavailable and that I should contact my system administrator (myself).

    I don't think any of the problems so far are related to the server being temporarily offline to the client. Fron-end validation client works firewall is disabled.
    Friday, February 13, 2009 1:28 AM
  • It seems the problem with the client is that it is trying to logon to the DC on SIP port 5061 instead of the OCS server where there is a listener.
    How does the client work out who to authenticate with? Front-end validation is giving this error too. Am I supposed to install the SIP server on the DC? Can't see how to do that.
    Friday, February 13, 2009 1:44 AM
  • The MOC client queries the DNS SRV record _sipinternaltls._tcp.sipdomain.com which is suppose to point at the front end server on 5061. For external it used DNS SRV _sip._tls.sipdomain.com

    Mark 
    Friday, February 13, 2009 3:25 AM
  • Below is information copied from the installation guides posted on the MS web site.

    How Client DNS Queries Work

    During DNS lookup, SRV records are queried in parallel and returned in the following order to the client.

    1.       _sipinternaltls._tcp.<domain> - for internal TLS connections

    2.       _sipinternal._tcp. <domain>  - for internal TCP connections (performed only if TCP is allowed)

    3.       _sip._tls. <domain>  - for external TLS connections

    4.       _sip._tcp.<domain>  - for external TCP connections

    where <domain> is the SIP domain used by your internal clients

    The last two queries are useful when clients are connecting from outside your network. For more information on remote user access, see the Microsoft Office Communications Server 2007 Edge Server Deployment Guide.

    The client uses the SRV record that is returned successfully, and it does not try any other SRV records.

    After the SRV record is returned, a query is performed for the DNS A record for the host name that is returned by the SRV record. If no records are found during the DNS SRV query, the client performs an explicit lookup of sip.<domain>. If the explicit lookup does not produce results, the client performs a lookup for sipinternal.<domain>. If the client does not find sipinternal.<domain>, it performs a lookup for sipexternal.<domain>.

    Friday, February 13, 2009 3:28 AM
  • None of these DNS entries exist. Any idea how to have them created?

    Cheers.
    Monday, February 16, 2009 12:02 AM
  • You have to create them on your DNS server.... If your using MS DNS servers then its an easy as right clicking and say NEW, Other Record, SRV Record, then type in the info from above..


    Mark
    Monday, February 16, 2009 12:45 AM
  • Here is info from the deployment doc. You should go download the OCS Deployment docs, all this info is right there.

    Create and Verify DNS SRV and A Records for Client Automatic Client Sign-in

    You must create DNS SRV records in your internal DNS for every SIP domain. The following procedure assumes that your internal DNS has zones for your SIP user domains.

     

    To create a DNS SRV record

    1.       On the DNS server, click Start, click Control Panel, click Administrative Tools, and then click DNS.

    2.       In the console tree for your SIP domain, expand Forward Lookup Zones, and then right-click the SIP domain in which your Office Communications Server will be installed.

    3.       Click Other New Records.

    4.       In Select a resource record type, click Service Location (SRV), and then click Create Record.

    5.       Click Service, and then type _sipinternaltls.

    6.       Click Protocol, and then type _tcp.

    7.       Click Port Number, and then type 5061.

    8.       Click Host offering this service, and then type the FQDN of the Standard Edition Server.

    9.       Click OK.

    10.    Click Done.

    After you have created the DNS SRV record, create a DNS A for the Standard Edition Server.

    To create a DNS A record

    1.       On the DNS server, click Start, click Control Panel, click Administrative Tools, and then click DNS.

    2.       In the console tree for your domain, expand Forward Lookup Zones, and then right-click the domain in which your Office Communications Server will be installed.

    3.       Click New Host (A).

    4.       Click Name (uses parent domain name if blank), and then type the name of the pool.

    5.       Click IP Address, and then enter the IP address of the Standard Edition Server.

    6.       Click Add Host, and then click OK.

    7.       Click Done.

    To verify that the required records have been created successfully, wait for DNS replication (if you have just added the records), and then verify that the records were created as described in the next procedure.

    Note

    For illustrative purposes, the following procedure uses example.com as the domain portion of the SIP URI namespace. When executing these steps, use your actual SIP domain name instead.


     

    To verify the creation of a DNS SRV record

    1.       Log on to a client computer in the domain with an account that is a member of the Administrators group or has equivalent permissions.

    2.       Click Start, and then click Run. In the Open box, type cmd, and then click OK.

    3.       At the command prompt, type nslookup, and then press ENTER.

    4.       Type set type=srv, and then press ENTER.

    5.       Type _sipinternaltls._tcp.example.com, and then press ENTER. The output displayed for the TLS record is as follows:

    Server:  <dns server>.corp.example.com

    Address:  <IP address of DNS server>

    Non-authoritative answer:

    _sipinternaltls._tcp.example.com SRV service location:

              priority       = 0

              weight         = 0

              port           = 5061

              svr hostname   = server1.example.com

    server1.example.com       internet address = <IP address of the Standard Edition Server>

     

    6.       When you are finished, at the command prompt, type exit, and then press ENTER.

    After you configure the DNS records, verify that the FQDN of the Standard Editon Server can be resolved by DNS.

    To verify that the FQDN of the Standard Edition Server can be resolved

    1.       Log on to a client computer in the domain.

    2.       Click Start, and then click Run. In the Open box, type cmd, and then click OK.

    3.       At the command prompt, type ping <FQDN of the Standard Editon Server>, and then press ENTER.

    4.       Verify that you receive a response similar to the following, where the IP address returned is the IP address of the Standard Edition Server.

    Reply from 172.27.176.117: bytes=32 time<1ms TTL=127

    Reply from 172.27.176.117: bytes=32 time<1ms TTL=127

    Reply from 172.27.176.117: bytes=32 time<1ms TTL=127

    Reply from 172.27.176.117: bytes=32 time<1ms TTL=127

    • Proposed as answer by Desmond LeeModerator Monday, February 16, 2009 11:08 PM
    • Marked as answer by MarkEmery Tuesday, February 17, 2009 12:04 AM
    Monday, February 16, 2009 12:47 AM
  • In addition to the required DNS SRV records, the Windows client machines should be joined to the AD domain. Users running MOC would then transparently login in automatically with the need to explictly supply account credentials.


    TechNet Forum Moderator - http://www.leedesmond.com/weblog/
    Monday, February 16, 2009 11:10 PM
    Moderator
  • Thanks for the help, we have the client working now and signing in.

    All clients have the same error that it cannot synchronise with the corporate address book because the file could not be found.

    All are Vista Enterprise SP1 with Office 2007 SP1 Outlook talking to Exchange Server 2003 SP2.

    Any clues on this error?

    Cheers.
    Tuesday, February 17, 2009 12:04 AM
  • Did you make sure you added your SSL vertificate to the web site in IIS? You can try a manual test and enter https://serverFQDN/abs/int. You should get an authentication request, if not then your IIS is probably not configured for SSL.
    • Marked as answer by MarkEmery Tuesday, February 17, 2009 11:32 PM
    Tuesday, February 17, 2009 1:11 AM