locked
How to re-run the exchucutil.ps1 script? RRS feed

  • Question

  • Hi!

    I have a few questions on the UM configuration steps linking Exchange with OCS for voice enable access.

    In my previous post I have pointed out that the Exchange UM setup was not succesful.

    http://forums.microsoft.com/Ocs2007publicbeta/ShowPost.aspx?PostID=1708740&SiteID=57

    I thought of executing the steps again but I have encountered the following issue:

    I found out that my UMIP gateway was pointing to the OCS server (SOCS0001SEL) and not the Mediation Server on port (SGTW0001SEL). The mediation server is already working fine with OCS; we are able to make calls to the outside world via the Office Communicator clients so I assume that it has been configured correctly.

    So I thought of changing the gateway settings in the UM server in Exchange.

    My old settings were looking like this:
    __________________________________________________________
    [PS] C:\Documents and Settings\Administrator.SGTIOCS>get-umipgateway

    Name                 Address       HuntGroups    OutCallsAllowed  Status
    ----                 -------       ----------    ---------------  ------
    SOCS0001SEL          SOCS0001SE... {SGTIOCS}     True             Enabled
    __________________________________________________________

    Changed it to the new settings by filling up the mediation server:

    __________________________________________________________
    [PS] E:\Support\en_exchange_srv_2007\sp1\scripts>set-umipgateway -identity sgtw0001sel.sgtiocs.nl -port 5061
    __________________________________________________________

    Verifying the UM setup it seems that there are indeed no UMIPGateway and Dailplan registered in the Directory.

    __________________________________________________________
    [PS] E:\Support\en_exchange_srv_2007\sp1\scripts>./exchucutil.ps1 -verify


    ObjectName                        AccessRights                     Configured
    ----------                        ------------                     ----------
    Company BV                ListChildren                     True
    UM DialPlan Container             ListChildren, ReadProperty       True


    PoolFqdn                          UMIPGateway                      DialPlans
    --------                          -----------                      ---------
    SOCS0001SEL.SGTIOCS.nl            (not found)                      (not found)
    __________________________________________________________

    After that I was trying to run the exchucutil script again but encountered an error:
    __________________________________________________________
    [PS] E:\Support\en_exchange_srv_2007\sp1\scripts>./exchucutil.ps1

    Configuring permissions...
      Company BV : Configured, skipping.
      UM DialPlan Container : Configured, skipping.

    Configuring UMIPGateway objects...
      Pool:  SOCS0001SEL.SGTIOCS.nl
      UMIPGateway: Not Found, creating.
    Failed to create Exchange UMIPGateway objects. Please verify you are a member of the Exchange Organization Administrators group or have sufficient privilege to write to this Active Directory container
    . Additional information follows: Active Directory operation failed on SADY0001SEL.SGTIOCS.nl. The object 'CN=SOCS0001SEL,CN=UM IPGateway Container,CN=Company BV ,CN=Microsoft Exchange,CN=Serv
    ices,CN=Configuration,DC=SGTIOCS,DC=nl' already exists.
    __________________________________________________________


    I have the following questions:

    * How can I run the exchucutil.ps1 again without getting the errors above? How can I change the privillages so that I can execute the script? Or should I manually remove/rename the entry (object 'CN=SOCS0001SEL,CN=UM IPGateway Container,CN=Company BV,CN=Microsoft Exchange,CN=Serv
    ices,CN=Configuration,DC=SGTIOCS,DC=nl') in the directory so that I can run the "exchucutil.ps1" script again?

    On the AD machine I was trying to use the "adisedit" tool to search in the LDAP tree but I was not able to find the entry above.

    * Am I right that the mediation server should always be set as the UMIPGateway on the Exchange Server and not the OCS server?

    Please advice.

    Thanks,

    Thomas
    Tuesday, June 12, 2007 3:03 PM

Answers

  • I wish I knew the answer myself Thomas.  ;-)

     

    Reading your post actually got me a little further in this process myself.   I noticed you were running the script from the actual script directory, which got me past the error you originally posted on.

     

    My "DialPlans" still show as ((not found)) but I'm making progress.

     

    I wonder if the mediation server is having issues with 5061 requests coming form the Exchange server?   


    Can anyone confirm that this should be the gateway for the UM server?  (I've been reading and assumed the same, but is this correct?)

     

    - Steve

    Thursday, June 21, 2007 12:24 PM
  • Ok, we got it working. ...finally. And Steven, the answer is yes. OCS is the UM gateway for Exchange if you would like to use UM and OCS together. Let me explain the steps....

     

    1) We did a clean installation of AD (which is also the domain controller machine), OCS and Exchange 2007. We were not (re)installing Edge server yet because you don't need it for only testing and configuring UM and OCS. We were lucky to have OCS and the AD installed on seperate virtual instances so it is easy to replace them with 'fresh' installations....

     

    Reinstalling Exchange will take the longest but in this case it was worth it.

     

    2) Re configuring OCS is not a problem at all. Just follow the steps again from the Ignite documentation and it will be working quick enough.

     

    3) The tricky thing is still to connect Unified Messaging with OCS. At first it seems that our UM dailplan was not configured well after running the ocsumutil script on the OCS machine. Keeping the names the same on both Exchange and OCS is the safest option (we have even kept small/bigs caps the same). At the end we were not getting any errors anymore after running the scripts (I have descibed in my previous post how to run the scipts).

     

    After the first restart of both the Unified Messaging service (on Exchange) and the OCS front End service (on OCS) we though that we were experiencing the same problem as before. There was no reaction form Exchange after calling one of the users. But there was one difference with the problem that we have experienced before: we heard a 'line busy' tone. Looking at the log files we saw the following errors (OCS log):

     

    -------------------------------------------------------------

    Event Type: Error
    Event Source: OCS Inbound Routing
    Event Category: (1037)
    Event ID: 45024
    Date:  22-6-2007
    Time:  15:21:41
    User:  N/A
    Computer: SOCS0001SEL
    Description:
    An attempt to use an Exchange UM Server for a missed call notification failed: smex0001sel.sgtiocs.nl.
    Failure occurrences: 3, since 22-6-2007 15:19:48.
    Failure Details: Failure occurred while connecting. The certificate chain was issued by an authority that is not trusted outgoing TLS negotiation failed; HRESULT=-2146893019

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    -------------------------------------------------------------

    -------------------------------------------------------------
    Event Type: Error
    Event Source: OCS Exchange Unified Messaging Routing
    Event Category: (1040)
    Event ID: 44022
    Date:  22-6-2007
    Time:  15:21:31
    User:  N/A
    Computer: SOCS0001SEL
    Description:
    An attempt to route to an Exchange UM server failed.

    The attempt failed with response code 504: smex0001sel.sgtiocs.nl.
    Failure occurrences: 4, since 22-6-2007 15:19:48.
    Resolution:
    Check this server is correctly configured to point to the appropriate Exchange UM server. Also check whether the Exchange UM server is up and whether it in turn is also properly configured.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: OCS Inbound Routing
    Event Category: (1037)
    Event ID: 45024
    Date:  22-6-2007
    Time:  15:20:18
    User:  N/A
    Computer: SOCS0001SEL
    Description:
    An attempt to use an Exchange UM Server for a missed call notification failed: smex0001sel.sgtiocs.nl.
    Failure occurrences: 2, since 22-6-2007 15:19:48.
    Failure Details: Failure occurred while connecting. The certificate chain was issued by an authority that is not trusted outgoing TLS negotiation failed; HRESULT=-2146893019

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    -------------------------------------------------------------

    -------------------------------------------------------------

     

    Event Type: Error
    Event Source: OCS Exchange Unified Messaging Routing
    Event Category: (1040)
    Event ID: 44022
    Date:  22-6-2007
    Time:  15:20:18
    User:  N/A
    Computer: SOCS0001SEL
    Description:
    An attempt to route to an Exchange UM server failed.

    The attempt failed with response code 504: smex0001sel.sgtiocs.nl.
    Failure occurrences: 2, since 22-6-2007 15:19:48.
    Resolution:
    Check this server is correctly configured to point to the appropriate Exchange UM server. Also check whether the Exchange UM server is up and whether it in turn is also properly configured.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    -------------------------------------------------------------

    -------------------------------------------------------------

    Event Type: Error
    Event Source: OCS Protocol Stack
    Event Category: (1001)
    Event ID: 14428
    Date:  22-6-2007
    Time:  15:19:48
    User:  N/A
    Computer: SOCS0001SEL
    Description:
    TLS outgoing connection failures.

    Over the past 0 minutes Office Communications Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0x80090325 (The certificate chain was issued by an authority that is not trusted.) while trying to connect to the host "smex0001sel.sgtiocs.nl".
    Cause: Wrong principal error could happen if the peer presents a certificate whose subject name does not match the peer name. Certificate root not trusted error could happen if the peer certificate was issued by remote CA that is not trusted by the local machine.
    Resolution:
    For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the computer.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    -------------------------------------------------------------

    -------------------------------------------------------------

     

    So there were some problemes with the certificates on the Exchange machine! 

     

    During the Microsoft Ignite training, the Exchange installations were preconfigured and most of them were installed on one machine together with AD and the domain controller. We have installed Exchange on a separate machine.

     

    What we did was (re)installing the certificates on the Exchange machine by getting them from the certificate server ( http://SADY0001SEL.sgtiocs.nl/certsrv/ ). We were re- installing the PKI certificate (certnew.p7b) and completely rebooting the Exchange machine.

     

    What we also did is to check if the UM dailplan on the Exchange machine is SIP secured (one of the options by looking at the properties of the UM dailplan in the Exchange Unified Messaging settings).

     

    If this is not the case please make it SIP secured since OCS will not communicate with Exchange UM otherwise. 

     

    After the reboot of Exchange we were able to divert to voice mail and get Unified Communcations working with OCS.

     

    I have one request to the guys from the OCS/UC development team:

     

    Please give more attention on proper documentation for rolling out certificates to Exchange 2007 Servers that needs to be connected with OCS. For OCS installations you can use a certificate wizard which works very good to roll out certificates to the OCS components like the Mediation, Edge and the OCS server. We didn't find this wizard in Exchange 2007 (SP1 beta). According to the documentation below there is something to get the certificates.

     

    http://technet.microsoft.com/en-us/library/bb232157.aspx

     

     "Use the Request New Certificate wizard to generate a certificate request by using the FQDN of the host computer as the subject name and identify the intended purpose as Server Authentication. Use a certification authority (CA) that is configured on your network to issue a certificate for the request"

     

    I think it is good to read the following documentation for debugging Exchange UM:

     

    http://technet.microsoft.com/en-us/library/bb124716.aspx

    http://technet.microsoft.com/en-us/library/bb232157.aspx

     

    That's it for now. I hope that this post will help a lot of other people.

     

    Cheers,

     

    Thomas

    Saturday, June 23, 2007 2:09 PM

All replies

  • Hi everybody,

     

    Adding to my previous post.

     

    Running the ocsUMUtil script on the OCS machine gives me the following error:

     

    C:\Documents and Settings\Administrator.SGTIOCS>ocsUMUtil /domainTongue Tiedgtiocs /verify

    Specified SIP domain is not valid. Please specify a SIP domain supported by your
     Microsoft Office Communications Server 2007.

     

    C:\Documents and Settings\Administrator.SGTIOCS>ocsUMUtil /domainTongue Tiedgtiocs /verbose Verbose output enabled.

    Specified SIP domain is not valid. Please specify a SIP domain supported by your Microsoft Office Communications Server 2007.

     

    C:\Documents and Settings\Administrator.SGTIOCS>

     

    I really would like to do the Exchange UM setup again but I can't set the UMIPGateway objects again using the "exchucutil.ps1" script as I have shown in my previous post. Any suggestions of thing I can try?

     

    Cheers,

     

    Thomas

    Friday, June 15, 2007 6:40 AM
  • I was able to re-run the scipts! I was following the Exchange/UM setup steps again after removing the DailPlan, IP Gateway, Mailbox policies and Auto attendent from the UM console in Exchange. Now my setup looks like this:

    -----------------------------------------------------------------
    ocsumutil verify command (on OCS machine)
    -----------------------------------------------------------------

    C:\Documents and Settings\Administrator.SGTIOCS>ocsumutil /domainTongue Tiedgtiocs.nl /verify
    Using default organizational unit: OU=RTC Special Accounts.

    UM Dial Plan: SGTIOCS.SGTIOCS.nl
    Corresponding Location Profile verified.

    UM Auto Attendant: SGTIOCS_AA
    Contact object found: CN=SGTIOCS_AA.SGTIOCS,OU=RTC Special Accounts,DC=SGTIOCS,D
    C=nl

    End.

    C:\Documents and Settings\Administrator.SGTIOCS>



    --------------------------------------
    exchucutil verify command (on Exchange machine)
    --------------------------------------

    [PS] E:\Support\en_exchange_srv_2007\sp1\scripts>./exchucutil -verify


    ObjectName                        AccessRights                     Configured
    ----------                        ------------                     ----------
    Sogeti Nederland BV               ListChildren                     True
    UM DialPlan Container             ListChildren, ReadProperty       True



    PoolFqdn                          UMIPGateway                      DialPlans
    --------                          -----------                      ---------
    SOCS0001SEL.SGTIOCS.nl            SOCS0001SEL                      {SGTIOCS}


    [PS] E:\Support\en_exchange_srv_2007\sp1\scripts>


    ---------------------------------------

    Now OCS has been configured but I still do not get any response from Exchange. I was both restarting Exchange UM and the OCS frontend service.

    In OCS I can see the following error:

    -----------------------------------------
    OCS Eventviewer message1
    -----------------------------------------

    Event Type:    Warning
    Event Source:    OCS Exchange Unified Messaging Routing
    Event Category:    (1040)
    Event ID:    44028
    Date:        15-6-2007
    Time:        10:39:56
    User:        N/A
    Computer:    SOCS0001SEL
    Description:
    Exchange Unified Messaging Routing Application did not find any Exchange UM servers.

    Cause: No Exchange UM servers are configured for SIP traffic or the RTCSRV service account does not have permission to read Exchange objects in Active Directory.
    Resolution:
    Configure one or more Exchange UM servers to handle SIP traffic.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    On exchange I get the same error that I have had before:
    -------------------------------------
    Exchange Eventviewer (1)
    -------------------------------------

    The IP gateway or IP-PBX SOCS0001SEL.SGTIOCS.nl did not respond to a SIP OPTIONS request from the Unified Messaging server. The error code that was returned is "0" and the error text is ":This operation has timed out.".


    According to the scripts above the Exchange UM server is linked to the OCS environment. How can I give the RTCSRV service account more permissions to read Exchange objects in Active Directory?

    Any help would be very much appreciated!!!

    Thomas
    Friday, June 15, 2007 11:53 AM
  • I wish I knew the answer myself Thomas.  ;-)

     

    Reading your post actually got me a little further in this process myself.   I noticed you were running the script from the actual script directory, which got me past the error you originally posted on.

     

    My "DialPlans" still show as ((not found)) but I'm making progress.

     

    I wonder if the mediation server is having issues with 5061 requests coming form the Exchange server?   


    Can anyone confirm that this should be the gateway for the UM server?  (I've been reading and assumed the same, but is this correct?)

     

    - Steve

    Thursday, June 21, 2007 12:24 PM
  • Ok, we got it working. ...finally. And Steven, the answer is yes. OCS is the UM gateway for Exchange if you would like to use UM and OCS together. Let me explain the steps....

     

    1) We did a clean installation of AD (which is also the domain controller machine), OCS and Exchange 2007. We were not (re)installing Edge server yet because you don't need it for only testing and configuring UM and OCS. We were lucky to have OCS and the AD installed on seperate virtual instances so it is easy to replace them with 'fresh' installations....

     

    Reinstalling Exchange will take the longest but in this case it was worth it.

     

    2) Re configuring OCS is not a problem at all. Just follow the steps again from the Ignite documentation and it will be working quick enough.

     

    3) The tricky thing is still to connect Unified Messaging with OCS. At first it seems that our UM dailplan was not configured well after running the ocsumutil script on the OCS machine. Keeping the names the same on both Exchange and OCS is the safest option (we have even kept small/bigs caps the same). At the end we were not getting any errors anymore after running the scripts (I have descibed in my previous post how to run the scipts).

     

    After the first restart of both the Unified Messaging service (on Exchange) and the OCS front End service (on OCS) we though that we were experiencing the same problem as before. There was no reaction form Exchange after calling one of the users. But there was one difference with the problem that we have experienced before: we heard a 'line busy' tone. Looking at the log files we saw the following errors (OCS log):

     

    -------------------------------------------------------------

    Event Type: Error
    Event Source: OCS Inbound Routing
    Event Category: (1037)
    Event ID: 45024
    Date:  22-6-2007
    Time:  15:21:41
    User:  N/A
    Computer: SOCS0001SEL
    Description:
    An attempt to use an Exchange UM Server for a missed call notification failed: smex0001sel.sgtiocs.nl.
    Failure occurrences: 3, since 22-6-2007 15:19:48.
    Failure Details: Failure occurred while connecting. The certificate chain was issued by an authority that is not trusted outgoing TLS negotiation failed; HRESULT=-2146893019

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    -------------------------------------------------------------

    -------------------------------------------------------------
    Event Type: Error
    Event Source: OCS Exchange Unified Messaging Routing
    Event Category: (1040)
    Event ID: 44022
    Date:  22-6-2007
    Time:  15:21:31
    User:  N/A
    Computer: SOCS0001SEL
    Description:
    An attempt to route to an Exchange UM server failed.

    The attempt failed with response code 504: smex0001sel.sgtiocs.nl.
    Failure occurrences: 4, since 22-6-2007 15:19:48.
    Resolution:
    Check this server is correctly configured to point to the appropriate Exchange UM server. Also check whether the Exchange UM server is up and whether it in turn is also properly configured.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: OCS Inbound Routing
    Event Category: (1037)
    Event ID: 45024
    Date:  22-6-2007
    Time:  15:20:18
    User:  N/A
    Computer: SOCS0001SEL
    Description:
    An attempt to use an Exchange UM Server for a missed call notification failed: smex0001sel.sgtiocs.nl.
    Failure occurrences: 2, since 22-6-2007 15:19:48.
    Failure Details: Failure occurred while connecting. The certificate chain was issued by an authority that is not trusted outgoing TLS negotiation failed; HRESULT=-2146893019

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    -------------------------------------------------------------

    -------------------------------------------------------------

     

    Event Type: Error
    Event Source: OCS Exchange Unified Messaging Routing
    Event Category: (1040)
    Event ID: 44022
    Date:  22-6-2007
    Time:  15:20:18
    User:  N/A
    Computer: SOCS0001SEL
    Description:
    An attempt to route to an Exchange UM server failed.

    The attempt failed with response code 504: smex0001sel.sgtiocs.nl.
    Failure occurrences: 2, since 22-6-2007 15:19:48.
    Resolution:
    Check this server is correctly configured to point to the appropriate Exchange UM server. Also check whether the Exchange UM server is up and whether it in turn is also properly configured.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    -------------------------------------------------------------

    -------------------------------------------------------------

    Event Type: Error
    Event Source: OCS Protocol Stack
    Event Category: (1001)
    Event ID: 14428
    Date:  22-6-2007
    Time:  15:19:48
    User:  N/A
    Computer: SOCS0001SEL
    Description:
    TLS outgoing connection failures.

    Over the past 0 minutes Office Communications Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0x80090325 (The certificate chain was issued by an authority that is not trusted.) while trying to connect to the host "smex0001sel.sgtiocs.nl".
    Cause: Wrong principal error could happen if the peer presents a certificate whose subject name does not match the peer name. Certificate root not trusted error could happen if the peer certificate was issued by remote CA that is not trusted by the local machine.
    Resolution:
    For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the computer.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    -------------------------------------------------------------

    -------------------------------------------------------------

     

    So there were some problemes with the certificates on the Exchange machine! 

     

    During the Microsoft Ignite training, the Exchange installations were preconfigured and most of them were installed on one machine together with AD and the domain controller. We have installed Exchange on a separate machine.

     

    What we did was (re)installing the certificates on the Exchange machine by getting them from the certificate server ( http://SADY0001SEL.sgtiocs.nl/certsrv/ ). We were re- installing the PKI certificate (certnew.p7b) and completely rebooting the Exchange machine.

     

    What we also did is to check if the UM dailplan on the Exchange machine is SIP secured (one of the options by looking at the properties of the UM dailplan in the Exchange Unified Messaging settings).

     

    If this is not the case please make it SIP secured since OCS will not communicate with Exchange UM otherwise. 

     

    After the reboot of Exchange we were able to divert to voice mail and get Unified Communcations working with OCS.

     

    I have one request to the guys from the OCS/UC development team:

     

    Please give more attention on proper documentation for rolling out certificates to Exchange 2007 Servers that needs to be connected with OCS. For OCS installations you can use a certificate wizard which works very good to roll out certificates to the OCS components like the Mediation, Edge and the OCS server. We didn't find this wizard in Exchange 2007 (SP1 beta). According to the documentation below there is something to get the certificates.

     

    http://technet.microsoft.com/en-us/library/bb232157.aspx

     

     "Use the Request New Certificate wizard to generate a certificate request by using the FQDN of the host computer as the subject name and identify the intended purpose as Server Authentication. Use a certification authority (CA) that is configured on your network to issue a certificate for the request"

     

    I think it is good to read the following documentation for debugging Exchange UM:

     

    http://technet.microsoft.com/en-us/library/bb124716.aspx

    http://technet.microsoft.com/en-us/library/bb232157.aspx

     

    That's it for now. I hope that this post will help a lot of other people.

     

    Cheers,

     

    Thomas

    Saturday, June 23, 2007 2:09 PM