On This PageOverviewBefore you can connect your Live Communications Server 2005 Standard Edition users, you must deploy Windows Messenger on all client computers. Communicator 2005 running on Windows XP SP2 is the recommended client configuration, but Windows Messenger 5.1 is also supported. After you have installed Standard Edition Server, you must configure client access. Configuring client access involves the following tasks: | • | Installing and configuring the client. | | • | Ensuring your clients can connect to Live Communications Server. | | • | Creating and configuring users in Active Directory. | | • | Configuring your clients to recognize certificates issued by your CA. |
Installing and Configuring Your ClientYou must install and configure Communicator (recommended) or Windows Messenger 5.1 to test and verify the implementation of your servers running Live Communications Server. These clients can be downloaded from the Microsoft Web site. Ensuring Your Clients Can Connect to Live Communications ServerYour clients using a Standard Edition Server must be able to resolve to the FQDN of the Standard Edition Server to communicate within the Live Communications Server 2005 environment. There are two methodologies for provisioning the client to connect to the Standard Edition Server:  Note Before you can configure certificates and TLS you must assign a static IP for each Live Communications Server within the deployment. | • | Automatic Configuration: Creating a DNS Record and Enabling Auto Configuration. Client will automatically query for DNS SRV resource record and will either directly connect or be redirected to the correct Live Communications Server. This requires creating a DNS SRV resource record for your Live Communications Server deployment. | | • | Manual Configuration: Modify the Host File or Registry and Manually Connecting. Client can be preconfigured to connect to the FQDN of a specific server. This can be achieved by configuring the relevant registry key by using Group Policy settings. Alternatively, this can also be achieved by manually providing the FQDN of the server. |
Automatic ConfigurationAutomatic configuration of your clients using a Standard Edition Server involves creating a DNS resource, which contains the IP address of the Standard Edition Server. Step 1 Configuring DNSConfiguring DNS involves creating a DNS server (SRV) record for the FQDN that points to the IP address of the Standard Edition Server. Creating a DNS SRV Record By configuring a DNS SRV resource record for Live Communications Server, you can test the bootstrapping process of the client in which it locates Live Communications Server without the client having been preconfigured with the name of its server or pool. An example of a DNS SRV resource record is: _sipinternaltls._tcp.example.com, where _sipinternaltls represents the service, _tcp represents the transport protocol, and example.com represents the SIP URI namespace for the example domain. To perform this procedure, you must be a member of the administrators group of the DNS server. Note The client only uses the first A record of multiple A records returned as a response to the DNS query. If this server is unavailable, the client does not try any other of the records until the query result is flushed from the DNS cache and replaced with a DNS response with a different record ordering. To create a DNS SRV record 1. | To open DNS, click Start, point to Settings, click Control Panel, double-click Administrative Tools, and then double-click DNS. | 2. | In the console tree for your domain, expand Forward Lookup Zones, and right-click the domain. | 3. | Click Other New Records. | 4. | In Select a resource record type, select Service location (SRV). | 5. | Click Create Record. | 6. | Select one of the following: | • | If your organization uses only Communicator clients: | • | If you are using TLS, type _sipinternaltls for the Service, type _tcp in Protocol, and then type 5061 in Port Number. | | • | If you are using TCP, type _sipinternal for the Service, type _tcp in Protocol, and then type 5060 in Port Number. |
| | • | If your organization uses Windows Messenger clients: | • | If you are using TLS, type _sip for the Service, type _tls in Protocol, and then type 5061 in Port Number. | | • | If you are using TCP, type _sip for the Service, type _tcp in Protocol, and then type 5060 in Port Number |
| | • | If your organization uses a mix of clients, publish one of each SRV record, and point both SRV records to the internal FQDN of your Enterprise pool used by your clients. Add cross reference to cert portion. |
| 7. | In Host offering this service, type the FQDN of the server and enter the IP address assigned to the Standard Edition Server to which the client connects. |
To verify the creation of a DNS SRV resource record To verify the existence of the created DNS SRV resource record from any computer on the network, use the network diagnostic tool, Nslookup.exe. For illustration purposes, the following steps use example.com for the domain portion of the SIP URI namespace. If you deployed TLS, use the following steps: 1. | Click Start, click Run, type cmd, and then press ENTER. | 2. | Type nslookup, and then press ENTER. | 3. | Type set type=srv, and then press ENTER. | 4. | Select one of the following options: | • | For deployments with Communicator clients only, type _sipinternaltls._tcp.example.com, and then press ENTER. The output displayed for the TLS record is as follows: Note: Some of the lines in the following code have been displayed on multiple lines for better readability. Server: <dns server>.corp.example.com
Address: <IP address of DNS server>
Non-authoritative answer:
_sipinternaltls._tcp.example.com SRV service location:
priority = 0
weight = 0
port = 5061
svr hostname = sipinternaltls.example.com
sipinternaltls.example.com internet address =
<Standard Edition Server IP Address >
sipinternaltls.example.com internet address =
<Standard Edition Server IP Address> | | • | For deployments with Windows Messenger 5.1 clients, type _sip._tls.example.com, and then press ENTER. The output displayed for the TLS record is as follows: Server: <dns server>.corp.example.com
Address: <IP address of DNS server>
Non-authoritative answer:
_sip._tls.example.com SRV service location:
priority = 0
weight = 0
port = 5061
svr hostname = sip.example.com
sip.example.com internet address = <Standard
Edition Server IP address>
sip.example.com internet address = <Standard
Edition Server IP address> |
|
If you plan to use TLS as a secure transport protocol, you will need to deploy a PKI infrastructure including certificates. Next verify that the FQDN of the Standard Edition Server can be resolved by DNS. To verify the FQDN of the Standard Edition Server can be resolved 1. | Click Start, click Run, type cmd, and then press ENTER. | 2. | Type ping <FQDN of the SE Server> and press ENTER. | 3. | Verify that you receive a response similar to the following: where the IP addressed returned is the IP address of a single Standard Edition server. Reply from 172.27.176.117: bytes=32 time<1ms TTL=127
Reply from 172.27.176.117: bytes=32 time<1ms TTL=127
Reply from 172.27.176.117: bytes=32 time<1ms TTL=127
Reply from 172.27.176.117: bytes=32 time<1ms TTL=127 |
If you deployed TCP, use the following steps: 1. | Click Start, click Run, type cmd, and press ENTER | 2. | Type nslookup, and then press ENTER. | 3. | Type set type=srv, and then press ENTER. | 4. | Select one of the following: | • | For deployments with Communicator clients only, type _sipinternal._tcp.example.com, and then press ENTER. The output displayed for the TCP record is as follows: Note: Some of the lines in the following code have been displayed
on multiple lines for better readability.
Server: <dns server>.corp.example.com
Address: <IP address of DNS server>
Non-authoritative answer:
_sipinternal._tcp.example.com SRV service location:
priority = 0
weight = 0
port = 5060
svr hostname = sip.example.com
sip.example.com internet address = <Standard
Edition Server IP address>
sip.example.com internet address = <Standard
Edition Server IP address> | | • | For deployments with Windows Messenger 5.1 clients, type _sip._tcp.example.com, and then press ENTER. The output displayed for the TCP record is as follows: Note: Some of the lines in the following code have been displayed
on multiple lines for better readability.
Server: <dns server>.corp.example.com
Address: <IP address of DNS server>
Non-authoritative answer:
_sip._tcp.example.com SRV service location:
priority = 0
weight = 0
port = 5060
svr hostname = sip.example.com
sip.example.com internet address = <IP address
the Standard Edition Serverr>
sip.example.com internet address = < IP address
the Standard Edition Serverr> |
|
Step 2 Enabling Automatic ConfigurationAfter configuring the DNS SRV resource record you can choose to automatically configure the connection settings in either Communicator or Windows Messenger 5.1 To enable automatic configuration for Communicator clients 1. | With Communicator open, click the Actions menu, and then click Options. | 2. | Click the Accounts tab. | 3. | Click Advanced, and then click Automatic Configuration. | 4. | Click OK twice. |
To enable automatic configuration for Windows Messenger clients 1. | With Windows Messenger open, click Tools, and then click Options. | 2. | Click the Accounts tab.  Figure 21 Windows Messenger Options | 3. | If necessary, click the My contacts include users of a SIP Communications Service check box and type your sip:<Username>@<SIP namespace>. For example, sip:tedb@contoso.com. | 4. | Under the SIP Communications Service Account, click Advanced. | 5. | In the SIP Communications Service Connection Configuration dialog box, click the Automatic configuration option. | 6. | Click OK twice. |
Manually Enabling Client Connectivity to Live Communications ServerTo manually enable client connectivity to Live Communications Server 2005 Standard Edition, without using the SRV records, you must manually configure each client to connect to the FQDN of the Standard Edition Server. If you do not publish an A record for your Standard Edition Server, you must modify the Hosts file for clients to resolve the server FQDN. Note Modifying the host file is not a requirement for Live Communications Server and is only needed if your organization does not use DNS. To modify the host file on a client computer 1. | Log on to the client computer. | 2. | Click Start, click Run, type %windir%\system32\drivers\etc, and then press ENTER. | 3. | Open the Hosts file using Notepad. | 4. | Add the following line to the end of the host file, for example: Note: Some of the lines in the following code have been displayed
on multiple lines for better readability.
<IP_address_of_Standard_Edition_Server>
<FQDN_of_Standard_Edition_Server> |
To manually configure connectivity 1. | Open Windows Messenger. | 2. | On the Tools menu, click Options. | 3. | Click the Accounts tab. | 4. | Click Advanced. | 5. | Click Configure Settings. | 6. | In Server name or IP address, type either the FQDN of the server or the IP address. | 7. | Click the option for the protocol that you want to use for the connection. |
Creating and Configuring Users in Active DirectoryThe following procedures are required to add users to their respective Live Communications Server. The Live Communications Servers periodically request and store its user information from Active Directory. Creating User AccountsFollow these steps to create the user accounts in Active Directory that will be using the Live Communications Server services. To create user accounts 1. | Open the Active Directory Users and Computers snap-in. | 2. | Create an organizational unit that contains all the users you want to create for the Live Communications Server services or create users by right-clicking the Users container, clicking New, and then clicking User. | 3. | Complete the New Object - User Wizard. |
Configuring User Accounts for Live Communications ServerConfigure user accounts for Live Communications Servers in one of two environments: 1. | Configure mail-enabled or mailbox-enabled user accounts. | 2. | Configure user accounts that are not mail-enabled or mailbox enabled. |
To configure mail-enabled or mailbox-enabled user accounts for Live Communications Server 1. | Log on to a Live Communications Server or a computer with the Live Communications Server Administration tools installed and joined to an Active Directory domain with an account that has RTCDomainUserAdmins permissions. | 2. | Open Active Directory Users and Computers. Click Start, click Run, type dsa.msc, and then click OK. | 3. | Right-click the user or users who you want to enable, and click Enable users for Live Communications. | 4. | On the Welcome to Enable Users Wizard page, click Next. | 5. | In Select a Pool, select the server that will host these users, and then click Next. | 6. | Click Finish. | 7. | The SIP URI for these users is automatically populated by using the default e-mail address of the user. |
To configure a user account for Live Communications Server that is not e-mail enabled or mailbox enabled 1. | Open Active Directory Users and Computers. Click Start, click Run, type dsa.msc, and then click OK. | 2. | Right-click the user account you want to enable for Live Communications Server, and then click Properties. | 3. | Click the Live Communications tab, and then click Enable Live Communications for this user. Note The Live Communications tab will not be available unless you have either the server configuration or administration tools installed on the computer that you are managing user properties from. | 4. | In the Primary SIP URI field type: sip:username@dns root domain.com. This example uses sip:user1@woodgrovebank.com. | 5. | Click the drop-down list, click the server that you want to assign this user account to — keeping in mind that careful planning should take place to determine the number of users per server. | 6. | Click OK.  Important Ensure that the domain portion of the SIP URI used in step 4 is a supported domain. Supported domains are listed in the General tab of the Live Communications Global Setting Properties page of the forest node. |
Configuring Your Clients to Recognize CertificatesIn order to use TLS on your clients, the client computer must trust your certification authority and the certificate chain. Unless you use a CA that is one of the default trusted CAs on a Windows operating system, you must manually configure your clients to recognize the certificate issued by your CA and used by your Live Communications Server. To configure your client to trust the certification authority and certificate chain 1. | Log on to your client computer with local administrator rights. | 2. | Type http://<name of your CA>/certsrv and click OK. | 3. | Click Download a CA certificate, certificate chain or CRL. | 4. | Click Install this CA chain. | 5. | In the Potential Scripting Violation message box, click Yes. | 6. | Once the certificate is successfully installed, click Back. | 7. | In CA certificates, select the certificate. | 8. | Click Download a certificate. | 9. | Click Save, and save the certificate to a local drive on your computer. | 10. | Click Start, click Run, type mmc, and then click OK. | 11. | On the File menu, click Add/Remove Snap-in. | 12. | Click Add. | 13. | Select Certificates. | 14. | In Certificate Snap-in, click Computer account. | 15. | Click Next. | 16. | In Select Computer, ensure that Local computer (the computer this console is running on) is selected. | 17. | Click Finish. | 18. | Click Close and then click OK. | 19. | In MMC, expand Certificates, expand Trusted Root Certification Authorities. | 20. | Right-click Certificates, and then click Import. | 21. | In the Certificate Import Wizard, click Next. | 22. | On the File to Import page, click Browse. | 23. | In the Open dialog box, click Files of type, and select All Files (*.*). | 24. | Browse to your certificate and click Open. | 25. | Complete the wizard with the default selections. |
| |
