Category Archives: Office Communications Server

Microsoft Office Communications Server 2007 Resources

If you are finding it hard to find documentation related to OCS 2007 here are the links (download and read in this order)

  1. Documentation Roadmap
  2. Planning Guide
  3. Standard Edition Deployment Guide
  4. Enterprise Edition Deployment Guide
  5. Integrating Telephony with Office Communications Server 2007
  6. Enterprise Voice Planning and Deployment Guide
  7. Online Training for Introducing Microsoft® Office Communications Server 2007 

As I find additional (relevant) documentation, I will be updating these links.


LCS Server starts and then shuts down if you have used trial certificates from either Verisign/Thawte/etc

The trial certificates are valid for some days. Now you must have tried using the trial certificates, & after being satisfied that they work, unchecked the MTLS 5061 from the “General” tab for the server. Additionally you must also delete the certificate from the “Security” tab.

If you do not delete the certificate from the “security” tab, after the trial expires so does your LCS server. You can’t even get to the “security” tab & delete the old certificate as it dissapears. When you click on “security” you get a prompt about invalid certificates.

A workaround is “GET” another trial certificate, assign it, check MTLS 5061 and then remove it. Uncheck MTLS 5061 and delete the certificate from the “security” tab.

Some errors I had in the event log were:

The service is shutting down due to an internal error.

Unable to initialize the protocol stack. The service has to stop.

Server could not retrieve its initial configuration for a class from the WMI Provider.
Class: MSFT_SIPRoutingSetting
Cause: This can occur if the connection to Active Directory or SQL back-end database is down or if permissions to the service account are altered. Retrieval can also fail if an invalid entry is entered in the class using the UI or WMI or if corruption occurs in local WMI repository.
Make sure the account the service is running under has proper privileges and that connection to Active Directory or SQL back-end database is functional. Verify an identical entry does not exist as a direct federation partner and an IM service provider.

A configured certificate could not be loaded from store. The serial number is attached for reference.
Extended Error Code: 0x800B0101.
Cause: This could happen if the certificate is not found. This could also happen if the server has insufficient privileges to read the certificate or to access the store containing the certificate.

LCS Certificates, DNS and Firewall Ports

One of the common requests on the newsgroup is about – you guessed it right – Certificates, DNS and Firewall Ports. I will try to make this simple by explaining in as few words as possible – but providing as many details as I can.


First of all – When are certificates needed? – If you deploy only a Standard Edition you don’t need certificates. If you deploy Enterprise Edition with only one front end – you don’t need certificates. Certificates are needed on the following common scenarios (if you deploy these you need certificates)

  • Enterprise Edition with 2 or more Front End servers
  • Access Proxy
  • Director
  • Standard Edition – if deploying Access Proxy and Director, all will need certificates.

You have realised now that certificates are needed only when there is a server to server communication (except SQL server). If you want the traffic from the LCS servers to the SQL servers encrypted/secure, you can. That is however beyond the current context scope.

Secondly – You don’t need a public certificate for all these servers. Only the Access Proxy’s external edge needs a public certificate. All others can have a certificate issued by an internal Certificate Authority. Install the Internal CA chain on all servers.


The Microsoft documentation assumes you have internal and external Domain Name Servers under “your” control. Well mostly that’s true but in cases where your external Domain Name Servers are hosted services you need to provide your hosting provider details on creating SRV records. A breakdown is provided in the image below.


Another common request is – which ports do I need to open up on the firewall. A breakdown is provided in the image.

For a detailed explaination on protocols/ports see;EN-US;903056


Follow the path from the “Remote Users” to the LCS pool and you will know (1) what DNS entries are required (2) what certificates are needed and (3) what ports need to be open. Print the following linked image on a legal sized paper.

Architecture Design

The above images are in a Draft Format.

LCS Communicator Mobile (COMO)

Link to COMO on Microsoft site is here.

Setup is as follows (1) LCS Enterprise Edition – only one front end server (2) SQL Server (3) Access Proxy (4) Director.

Installed Office Communicator Mobile Edition (COMO) on my PocketPC. Pictures are worth more than me rambling about this. Click on a thumbnail to view larger image. Of course, the conversation, the people and the context is fictitious in these images. Listed in order of progression.

1. Add Root cer

2. Sign In

3. Sign In

4. Today Screen

5. Incoming Message

6. Contact List

7. Find Contacts

Find a contact (#7) and
Start conversation (#8)

8. Conversation Menu Options

9. COMO Conversation

Compare how the conversation looks like in
COMO (#9) v/s
Office Communicator (#10)

10. Communicator Conversation