office communications server 2007 r2 walk through - how to replace a mediation server
TRANSCRIPT
Microsoft Office Communications Server 2007 R2
Mediation Server Replacement Walkthrough
Published: July 2009
Updated: April 2010
For the most up-to-date version of the Mediation Server Replacement Walkthrough
documentation and the complete set of the Microsoft® Office Communications Server 2007 R2
online documentation, see the Office Communications Server TechNet Library at
http://go.microsoft.com/fwlink/?LinkID=132106.
Note: In order to find topics that are referenced by this document but not contained within it,
search for the topic title in the TechNet library at http://go.microsoft.com/fwlink/?LinkID=132106.
1
This document is provided “as-is”. Information and views expressed in this document, including
URL and other Internet Web site references, may change without notice. You bear the risk of
using it.
Some examples depicted herein are provided for illustration only and are fictitious. No real
association or connection is intended or should be inferred.
This document does not provide you with any legal rights to any intellectual property in any
Microsoft product. You may copy and use this document for your internal, reference purposes.
Copyright © 2010 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Outlook, SQL Server, Visio, Visual C++, Windows, Windows Media,
Windows PowerShell, Windows Server, and Windows Vista are trademarks of the Microsoft group
of companies. All other trademarks are property of their respective owners.
2
Contents
Mediation Server Replacement Walkthrough..................................................................................1
Walkthrough: Planning the Mediation Server Replacement............................................................1
Walkthrough: New Server Recommendation...............................................................................2
Required Software...................................................................................................................2
Required Hardware for Mediation Server.................................................................................2
Interface Cards for Mediation Server.......................................................................................3
Media Bandwidth Requirements..............................................................................................3
Walkthrough: IP Addressing for New Mediation Server...............................................................4
Walkthrough: Building Mediation Server host and Join to the Domain........................................4
Operating System....................................................................................................................4
Testing the Host Server Build...................................................................................................5
Walkthrough: Installing a New Mediation Server.............................................................................5
Next steps in installing a new Mediation Server.......................................................................7
Walkthrough: Install and Activate the new Mediation Server.......................................................7
Walkthrough: Configure the new Mediation Server...................................................................10
Walkthrough: Configure a Certificate on the new Mediation Server..........................................13
Walkthrough: Start the new Mediation Server...........................................................................16
Walkthrough: Transition Route to New Mediation Server..............................................................17
Walkthrough: Configure Media Gateway...................................................................................17
Gateway Configuration Requirements...................................................................................17
Walkthrough: Add new Mediation Server to route......................................................................19
Walkthrough: Remove old Mediation Server from route............................................................19
Walkthrough: Remove old Mediation Server.................................................................................20
Walkthrough: Deactivate the old Mediation Server....................................................................20
Walkthrough: Removing the old Mediation Server.....................................................................21
Remove Server Components.................................................................................................21
Required Order of Operations for Removing Mediation Server Components........................22
To remove a server................................................................................................................22
3
Mediation Server Replacement Walkthrough
The Mediation Server exists in two forms: the stand-alone Mediation Server, and the basic hybrid
gateway. In both cases, the management of the Mediation Server role is the same.
In certain situations (for example, when you experience a hardware failure or network
reconfiguration), you need to replace one Mediation Server with another Mediation Server. The
focus of this document is on replacing the Mediation Server (that is, either a stand-alone or a
gateway device) with a stand-alone Mediation Server. This document does not cover how to size
or replace the media gateway device. For details, see Enterprise Voice Server-Side Components
in the Planning and Architecture documentation.
This document is targeted at IT Professionals who have a thorough understanding of Microsoft
server technologies, networking technologies, and complex Active Directory topologies.
In This Document
Walkthrough: Planning the Mediation Server Replacement
Walkthrough: Installing a New Mediation Server
Walkthrough: Transition route to new Mediation Server
Walkthrough: Remove old Mediation Server
Walkthrough: Planning the Mediation Server Replacement
When you are planning to replace your Mediation Server, you need to acquire a new server that
meets the recommended minimum requirements, including arranging for IP addressing for the
new server, building the new host server hardware, and joining the new server to the Active
Directory domain. Ensure that you choose server hardware that can support your expected call
load, that has two network interface cards, and that is 64-bit. Virtualization of the Mediation
Server is not recommended. In addition, arranging for discrete IP addressing before you start can
make the new server deployment run more smoothly.
Walkthrough: New Server Recommendation
Walkthrough: IP Addressing for New Mediation Server
Walkthrough: Building Mediation Server host and Join to the Domain
1
Walkthrough: New Server RecommendationChoosing a new server is the first step in replacing your Mediation server. The general
requirements for a Mediation server are the same as for the other Office Communications Server
2007 R2 server roles: x64 CPU, multiple cores, dual network interface cards, and a RAID disk
array.
Required SoftwareOne of the following operating system is required for Mediation Server:
The 64-bit edition of Windows Server 2008 Standard, or the 64-bit edition of Windows Server
2008 Enterprise
Windows Server 2003 R2 Standard x64 Edition with SP2, or Windows Server 2003 R2
Enterprise x64 Edition with SP2
Windows Server 2003 Standard x64 Edition with SP2, or Windows Server 2003 Enterprise
x64 Edition with SP2
Required Hardware for Mediation ServerThe following table outlines the recommended hardware requirements for a Mediation Server.
Table 1. Mediation Server
Hardware component Minimum requirement
CPU Dual processor, quad-core 2.0 GHz+
4-way processor, dual-core 2.0 GHz+
Memory 8 GB
Disk 2x 72 GB, 15K or 10K RPM, RAID 0 (striped) or
equivalent
Network 2 x 1 Gbps network adapter
The minimum hardware configuration (for up to 125 concurrent calls or 5 T1) is as follows:
Single Processor Dual Core running at 3GHz
2GB RAM
30GB hard disk
2
Interface Cards for Mediation ServerTo help ensure the physical as well as logical separation of your Enterprise Voice infrastructure
from the media gateways, install Mediation Server on a computer that is equipped with two
network interface cards (NICs). One card faces the gateway, and the second card faces the
Office Communications Server 2007 R2 server that acts as the Mediation Servers internal next
hop.
When you install Mediation Server, the Deployment Wizard detects the presence of the two
network cards and writes their IP addresses to the Office Communications Server listening IP
address list and the Gateway listening IP address list, both on the General tab of the Mediation
Server Properties dialog box.
The Office Communications Server listening IP address is the address on an advanced media
gateway that listens for call traffic from Office Communications Server. Until advanced media
gateways are available, this address corresponds to the network card that serves as the internal
edge of the Mediation Server.
Important:
The IP address that you select from the Office Communications Server listening IP
address must match the address that is returned by a Domain Name System (DNS)
query on the fully qualified domain name (FQDN) of the Mediation Server. If the two
addresses do not match the IP address listed in DNS for your FQDN, you cannot connect
and call traffic will be directed to an interface that is not listening for Office
Communications Server traffic instead of to the one that is listening.
The Gateway listening IP address is the address on the Mediation Server that listens to traffic
from a basic media gateway or basic hybrid media gateway. For Office Communications Server
2007 R2, this address corresponds to the network card that serves as the external edge of the
Mediation Server.
Note:
It is possible to configure both edges on a single adapter card, but it is not recommended.
Media Bandwidth RequirementsFor basic media gateways, the bandwidth requirement between gateway and Mediation Server is
64 kilobits per second (Kbps) for each concurrent call. Multiplying this number by the number of
ports for each gateway is a fair estimate of the required bandwidth on the gateway side of the
Mediation Server. On the Office Communications Server side, the bandwidth requirement is
considerably lower.
When configuring Mediation Server, you are advised to accept the default media port gateway
range of 60,000 to 64,000. Reducing the port range greatly reduces server capacity and should
be undertaken only for specific reasons by an administrator who is knowledgeable about media
port requirements and scenarios. For this reason, we recommend that you do not alter the default
port range.
3
High-bandwidth traffic such as voice and video tends to stress poorly provisioned networks.
Limiting media traffic to a known range of ports makes it easier to troubleshoot these types of
problems.
Walkthrough: IP Addressing for New Mediation ServerMediation Servers communicate with internal pool servers and the media gateway. You can use
two IP addresses on one network interface, but it is not recommended. In general, you want to
use one address in the internal network IP subnet for the Mediation Server and an IP address
from the subnet that hosts the media gateway. In addition, you need to know the addresses of
the Mediation Server-facing network card in the media gateway device.
For example, if your internal network (that is, the network with the pool) is 192.0.2.x, and the
telephony subnet is 172.16.1.x, you should get two addresses for the Mediation Server:
192.0.2.50 and 172.16.1.50. You use the 192.0.2.50 address to face the pool, and the
172.16.1.50 address to face the media gateway. As part of the Mediation Server configuration,
you also need to know the IP address of the media gateway.
Note:
Office Communications Server 2007 R2 uses IPv4 only.
Walkthrough: Building Mediation Server host and Join to the DomainBefore you install Mediation Server, you must prepare the host server and join the host server to
your Active Directory domain.
Operating SystemAfter assembling the host server hardware, install one of the following operating systems:
The 64-bit edition of Windows Server 2008 Standard, or the 64-bit edition of Windows Server
2008 Enterprise
Windows Server 2003 R2 Standard x64 Edition with SP2, or Windows Server 2003 R2
Enterprise x64 Edition with SP2
Windows Server 2003 Standard x64 Edition with SP2, or Windows Server 2003 Enterprise
x64 Edition with SP2
Note:
Follow your organization’s guidance for applying updates and patches to the host server
operating system.
When your host server is prepared with Windows Server, join the server to your Active Directory
domain.
4
Note:
Follow your organization’s procedures for joining servers to the Active Directory domain.
No other software is needed before you install the Mediation Server.
Testing the Host Server BuildAfter the host server is prepared and joined to the domain, you need to verify the following items:
Check the Domain Name System (DNS) to ensure that the new Mediation Server host is
registered and that the fully qualified domain name (FQDN) is valid.
Verify that the other Office Communications Servers can ping the new Mediation Server host
by name and by IP.
Verify that the new Mediation Server host can ping the other Office Communications Servers
by name and by IP.
Verify that the new Mediation Server host can ping the media gateway device that you plan to
use as the next hop server for the new Mediation Server.
Walkthrough: Installing a New Mediation Server
You can deploy a third-party Basic Media Gateway either before or after you deploy a Mediation
Server, but whichever order you choose, these two components must be configured to function as
a logical unit. For details about configuring a Mediation Server, see Configuring a Mediation
Server in the Deploying Enterprise Voice documentation.
The settings that you must configure on your Basic Media Gateway are specified in the following
list, but for details about how to configure these settings on a given gateway, refer to the
manufacturer's product documentation. For details about selecting gateways for Enterprise Voice,
see Enterprise Voice Server-Side Components in the Planning and Architecture documentation.
Each gateway must be configured according to the vendor's documentation. Depending on the
vendor, there are potentially many attributes that must be set, but the attributes specific to
Enterprise Voice are as follows:
The fully qualified domain name (FQDN) or IP Address of the Mediation Server that is
associated with the gateway.
The listening port (5060) that is used for Transmission Control Protocol (TCP) or Transport
Layer Security (TLS) connections to the Mediation Server.
Important:
The previous settings must match those of corresponding settings for the Mediation
Server. If the settings do not match, the connection between the gateway and
Mediation Server will fail.
Session Initiation Protocol (SIP) Transport – specify either TLS (recommended) or TCP.
5
Important:
If you specify TLS as the SIP transport to be used by your basic or basic-hybrid
media gateway, you must also configure the corresponding Mediation Server for TLS.
For details about how to configure a Mediation Server for TLS, see Configuring a
Mediation Server in the Deploying Enterprise Voice documentation.
If the SIP transport for the link between the gateway and the Mediation Server is set to TLS,
the gateway must be configured with a certificate for purposes of authentication during the
mutual TLS (MTLS) handshake with the Mediation Server. The certificate on the gateway
must be configured as follows:
The certificate may be directly signed by the trusted certification authority (CA) configured
in the Mediation Server. Alternatively, a certificate chain may have to be traversed to
verify the certificate provided by the gateway. The gateway must provide this chain as
part of its TLS handshake with the Mediation Server.
The CN part of the subject field should be set to the FQDN of the gateway. If the FQDN in
the CN part of the subject field does not match the expected and configured FQDN for
the gateway, the certificate must also contain a subject alternate name (SAN) that lists
the expected and configured FQDN for the gateway.
The Mediation Server validates the certificate provided by the gateway by checking that
the FQDN on the certificate exactly matches the gateway FQDN configured on the
Mediation Server. If the FQDNs do not match, the session is terminated. Additional
validation includes checking the signature and expiration date, and making sure that the
certificate has not been revoked.
You must specify the port that each gateway is listening to for incoming SIP connections.
Note:
Port 5060 is the default destination port used by the Mediation Server.
If you configure TLS for the SIP transport link between the IP Gateway and the Mediation
Server, you must specify whether Secure RTP (SRTP) encryption is:
Required: SRTP should be attempted, but do not use encryption if negotiation for SRTP
is not successful.
Optional: Attempt to negotiate the use of SRTP to secure media packets. If SRTP cannot
be negotiated, use Real-time Transport Protocol (RTP).
Not used: Send media packets using RTP.
Note:
All three options for SRTP are supported by the Mediation Server. Gateways from various
manufacturers may not support all of these options.
Each gateway should be configured so that the E.164 numbers routed by Enterprise Voice to
the gateway are normalized to a locally dialable format.
6
Each gateway should be configured to pass only E.164 numbers to the Mediation Server.
Please see each gateway vendor's documentation for specific instructions on how to
normalize source phone numbers to E.164.
Each gateway should be configured to convert the source number (the number presented as
caller ID) to a normalized E.164 number. This ensures the caller ID can be matched to a
Communicator contact, an Outlook contact, or a member of the corporate directory, thereby
enabling Communicator to provide additional information about the caller. This number will
also appear in e-mails notifying the user of missed calls and voice mail, allowing the user to
click the phone number in order to quickly return a call. If the number has been normalized by
the gateway, no further processing is required. If for some reason the number cannot be
normalized by the gateway, the normalization rules defined by the location profile will be
applied when returning a call. It might be necessary to add normalization rules to a location
profile to handle numbers that cannot be normalized by the gateway. Please see each
gateway vendor's documentation for specific instructions on how to normalize source phone
numbers to E.164.
If you want the Mediation Server to strip the plus sign (+) prefix from the Request Uniform
Resource Identifier (URI), the To URI, and the From URI of E.164 numbers of outgoing calls
to the gateway, set the Windows Management Instrumentation (WMI) setting called
RemovePlusFromRequestURI to TRUE (the default value is FALSE). For details about this
setting, see the "New Configuration Options in Mediation Server" section in Enterprise Voice
Server-Side Components in the Planning and Architecture documentation.
For a list of media gateway vendors, see Partners by Capability: Hardware at the Microsoft Web
site: http://go.microsoft.com/fwlink/?LinkID=129616.
Next steps in installing a new Mediation Server1. Walkthrough: Install and Activate the new Mediation Server
2. Walkthrough: Configure the new Mediation Server
3. Walkthrough: Configure a Certificate on the new Mediation Server
4. Walkthrough: Start the new Mediation Server
Walkthrough: Install and Activate the new Mediation ServerOffice Communications Server 2007 R2 Mediation Server and a third-party basic media gateway
function as a single logical unit to enable communication between the users enabled for
Enterprise Voice and the public switched telephone network or a Session Initiation Protocol (SIP)
trunking provider. This step describes how to install and activate Mediation Server.
Mediation Server deployment is an integrated component of Office Communications Server 2007
setup. When you install and activate Mediation Server, the Microsoft Office Communications
Server 2007 Deployment Tool copies the required files to a local computer, but it does not
7
activate the service. The activation step becomes available only after installation is complete.
Activation performs two tasks:
Creates Mediation Server objects in Active Directory.
Activates the domain service account on the server.
Requirements
To install or activate Mediation Server you must be a member of the RTCUniversalServerAdmins
group or have been delegated to perform these tasks by a member of that group.
The hardware and software requirements in Internal Office Communications Server Component
Requirements in the Supported Topologies and Infrastructure Requirements documentation must
be met.
A certificate is required.
Recommendations
Even if you enable TLS on the gateway link, two network interface cards are recommended
on the Mediation Server for additional security: one card to communicate with the gateway
and a separate card to communicate with the Office Communications Server internal
infrastructure.
You can install Mediation Server on multiple computers, but each Mediation Server must
have a corresponding basic media gateway or SIP trunk connection. If you are planning to
install multiple Mediation Servers, you would do well to install and test a single Mediation
Server before attempting to deploy them all.
To optimize performance, do not collocate Mediation Server with any other Communications
Server 2007 R2 server role, and disable all unnecessary applications and services on the
computer.
To install Mediation Server files
1. Log on to a computer on which you want to install Mediation Server.
2. Insert the Office Communications Server 2007 R2 CD, and then click Enterprise Edition.
Note:
If you are installing from a network share, go to the \Setup\amd64\ folder, and
then double-click SetupEE.exe.
3. At the welcome screen click Deploy Other Server Roles.
4. At the Deploy Other Server Roles screen, click Deploy Mediation Server.
5. At Step 1: Install Files for Mediation Server, click Install.
6. On the Welcome page, click Next.
7. On the License Agreement page, if you agree to the licensing terms, click I accept the
terms in the licensing agreement, and then click Next.
8. On the Install location page, select the location where you want to install the Mediation
Server files, and click Next.
9. On the Confirm Installation page, click Next.
8
10. On the Installation Complete page, click Close.
To activate Mediation Server
1. Log on to a computer on which you want to activate Mediation Server.
2. Insert the Office Communications Server 2007 R2 CD, and then click Enterprise Edition.
Note:
If you are installing from a network share, go to the \Setup\amd64\ folder, and
then double-click SetupEE.exe.
3. At the welcome screen, click Deploy Other Server Roles.
4. At the Deploy Other Server Roles screen, click Deploy Mediation Server.
5. At Step 2: Activate Mediation Server, click Run.
6. On the Welcome page of the activation wizard, click Next.
7. On the Select Service Account page, you have two choices:
If you accept the existing account (recommended), type the password for the service
account, and then click Next.
Note:
The default account is MCU and Web component services account.
If you choose to create a new account, click Create a New Account, type a new
Account Name and Password, and then click Next.
8. On the Ready to Activate Mediation Server page, review your settings, and then click
Next.
9. On the Activate Mediation Server Wizard Has Completed page, select the View the
log when you click the Finish check box, and then click Finish.
10. In the log file, verify that Success appears under the Execution Result column.
Optionally, look for Success as the Execution Result at the end of each task to verify its
successful completion. Close the log window when you finish.
Note:
You must install Mediation Server before you can activate it.
Caution:
Care must be taken in deactivating a Mediation Server. If you remove it from service
without first taking precautionary steps, you may drop calls. For instructions on how
to properly deactivate a Mediation Server, see Deactivating a Mediation Server in
Administering Office Communications Server 2007 R2 in the Operations
documentation.
9
Walkthrough: Configure the new Mediation ServerYou must configure Mediation Server to communicate with Office Communications Server 2007
on one side and, either media gateways or a Session Initiation Protocol (SIP) trunking service
provider on the other. For details about SIP trunking, a new feature in Office Communications
Server 2007 R2, see SIP Trunking Topology in the Technical Overview in the Getting Started
documentation.
To configure a Mediation Server, you must specify the following:
The SIP transport used to communicate with a media gateway. There are two choices:
Transport Layer Security (TLS) or Transmission Control Protocol (TCP).
TLS is the recommended transport, which provides encrypted signaling between the
Mediation Server and the media gateway that is connected to the public switched
telephone network (PSTN). If you configure your gateway link for TLS, calls to and from
the PSTN are encrypted end-to-end.
It is possible to configure the Mediation Server to use TCP instead of TLS, but it is not
recommended. If you configure the gateway link for TCP, that link presents a potential
security vulnerability. For this reason, it is good practice to install two network interface
cards, one facing the media gateway and the other facing the internal network.
Important:
The link between Mediation Server and the internal Communications Server 2007
infrastructure is always configured for TLS, even in cases where the gateway link is
configured for TCP. This requirement means that you must always configure a
certificate on the Mediation Server. If you configure the gateway link for TLS, you
must also configure a certificate on the gateway.
The IP addresses on which the Mediation Server listens for call traffic from Communications
Server on one side and media gateways or SIP trunking providers on the other. The
Communications Server listening IP address is the IP address of the internal (that is, the
Communications Server-facing) edge of the Mediation Server. The Gateway or SIP-trunk
listening IP address is the IP address of the external (that is, the gateway- or SIP-trunk-
facing) edge of the Mediation Server.
The fully qualified domain name (FQDN) of the collocated A/V Edge Server and Media Relay
Authentication Server for this Mediation Server.
The default location profile used by this Mediation Server.
The default Media port range.
The FQDN and port of the Communications Server internal next hop. In most cases, this
server is a Director, a Standard Edition server, or an Enterprise Edition Front End Server.
The FQDN or the IP address and port for the media gateway or SIP trunk to which this Media
Server is connected.
To configure Mediation Server you must be a member of the RTCUniversalServerAdmins group
or have been delegated to perform this task by a member of that group.
10
To configure Mediation Server
1. Log on to a Communications Server 2007 Mediation Server.
2. Click Start, point to Administrative Tools, and then click Office Communications
Server 2007.
3. Expand the appropriate forest node.
4. Expand the Mediation Servers node, right-click the Mediation Server to be configured,
click Properties, and then click the General tab.
5. In the FQDNbox, make sure the FQDN listed matches that of the Mediation Server you
have selected.
6. Open a command prompt, change to the root directory, and type nslookup <FQDN of
Mediation Server>, using the FQDN displayed on the Mediation Server General tab, and
then press ENTER.
Note:
You should configure only the Office Communications Server-facing IP address
for dynamic DNS registration. Otherwise, the FQDN resolves to both IP
addresses, which causes connections to fail unpredictably.
7. From the list of IP addresses displayed in the Communications Server listening IP
address list, select the IP address returned in step 6.
Important:
If the IP address selected in step 7 does not match the IP address in step 6,
Communications Server traffic will be directed toward an interface that is not
listening for such traffic and away from the one that is.
8. From the list of two IP addresses displayed in the Gateway listening IP address list,
select the other IP address (that is, the one not already selected in step 7).
Note:
The address selected in step 8 can be that of either a media gateway or a Private
Branch Exchange (PBX).
9. From the A/V Edge Server list, select the A/V Edge Server that hosts the A/V
Authentication Service for this Mediation Server.
Important:
If the A/V Edge Server that hosts the A/V Authentication Service for this
Mediation Server does not appear in the list, then the A/V Edge Server on which
the service is collocated has not been entered into the A/V Edge Servers list on
the Edge Servers tab of the Global Properties page. You need to add the A/V
Edge Server to the previous list before it appears in the A/V Edge Server list on
the Mediation Server tab. For details, see Office Communications Server 2007
R2 Edge Server Deployment Guide in the Deployment documentation.
10. In the Default location profile list, select the default location profile for this Mediation
11
Server.
11. In Media port range accept the default range of 60,000 to 64,000.
Important
By reducing the port range greatly, you reduce server capacity. An administrator who
is knowledgeable about media port requirements and scenarios should do this only
for specific reasons. For this reason, altering the default port range is not
recommended.
Organizations that employ Internet Protocol security (IPSec) for packet security are
advised to disable it for media ports because the security handshake required by
IPSec delays call setup. IPSec is unnecessary for media ports because Secure Real-
Time Transport Protocol (SRTP) encryption secures all media traffic between the
Mediation Server and the internal Communications Server network.
12. Click the Next Hop Connections tab, and then under Office Communications Server
next hop, do the following:
In the FQDN list, select the FQDN of the next-hop internal server.
Note:
This server could be a Director or pool.
In the Port box, accept the default of 5061 for TLS.
13. On the Next Hop Connections tab, under PSTN Gateway next hop, do the following:
In the Address box, specify the IP address or FQDN of the PSTN Gateway or the
PBX associated with this Mediation Server. If TLS is enabled, you must specify an
FQDN.
In the Transport box, select TLS if the SIP signaling between the IP Gateway and
the Mediation Server is protected by TLS. If you are not using TLS, select TCP.
In the Encryption Level box, select the level of SRTP that you want to use to protect
media traffic:
If you do not want to use SRTP, click Do not support encryption. If you clicked TCP
in the Transport box, this is the only option that is available.
To specify that SRTP must be used, click Require encryption.
To specify that SRTP should be attempted but no encryption should be used if
negotiation for SRTP is not successful, click Support encryption.
In the Port box, accept the default of 5060 for TCP or TLS.
14. Click OK.
15. If you want the Mediation Server to strip the plus sign (+) prefix from the Request
Uniform Resource Identifier (URI), the To URI, and the From URI of outgoing calls to the
gateway, set the Windows Management Instrumentation (WMI) setting called
RemovePlusFromRequestURI to TRUE (the default value is FALSE). For details about
this setting, see the "New Configuration Option in Mediation Server" section in Enterprise
12
Voice Server-Side Components in the Planning and Architecture documentation.
16. If you want to enable Quality of Service (QoS) marking on the Mediation Server, set the
WMI setting called QoSEnabled to TRUE (the default value is FALSE). For details about
this setting, see the "New Configuration Option in Mediation Server" section in Enterprise
Voice Server-Side Components in the Planning and Architecture documentation.
Walkthrough: Configure a Certificate on the new Mediation ServerThe Mediation Server must be configured with a server certificate to connect to other Office
Communications Servers. This topic describes the following procedures that you must perform to
configure a certificate for Mediation Server:
Step 1: Download the certification authority (CA) certificate chain for the Mediation Server.
Step 2: Install the CA certificate chain for the Mediation Server.
Step 3: Verify that the CA is in the list of trusted root CAs of the Mediation Server.
Step 4: Create the certificate request for the Mediation Server.
Step 5: Import the certificate for the Mediation Server.
Step 6: Assign the certificate for the Mediation Server.
You can use the Communications Certificate Wizard to complete most of these procedures.
These procedures describe how to access the Communications Certificate Wizard from the Office
Communications Server 2007 R2 Deployment Wizard. You can also access it from the Office
Communications Server 2007 R2 snap-in on each Mediation Server.
The steps of these procedures are based on using a Windows Server 2003 Enterprise CA or a
Windows Server 2003 R2 CA. For step-by-step guidance for any other CAs, consult the
documentation of the CA.
To download the CA certificate chain for the Mediation Server
1. With your Enterprise root CA offline and your Enterprise subordinate (issuing) CA Server
online, log on to the Mediation Server as a member of the RTCUniversalServerAdmins
group.
2. Click Start, click Run, type http://<name of your Issuing CA Server>/certsrv, and then
click OK.
3. Under Select a task, click Download a CA certificate, certificate chain, or CRL.
4. Under Download a CA Certificate, Certificate Chain, or CRL, click Download CA
certificate chain.
5. In the File Download dialog box, click Save.
6. Save the .p7b file to the hard disk on the server, and then copy it to a folder on the
Mediation Server.
Note:
13
If you open this file, the file contains all of the certificates that are in the
certification path. To view the certification path, open the server certificate and
then click the certification path.
To install the CA certificate chain for the Mediation Server
1. In the Deployment Wizard, click Deploy Other Server Roles, and then click Deploy
Mediation Server.
2. On the Deploy Mediation Server page, next to Step 4 Configure Certificates, click
Run.
3. On the Welcome page of the Communications Certificate Wizard, click Next.
4. On the Available certificate tasks page, click Import a certificate chain from a .p7b
file, and then click Next.
5. On Import Certificate Chain page, click Browse to locate the .p7b file, click the file, and
then click Next.
6. Click Finish.
To verify that your CA is in the list of trusted root CAs
1. Open an MMC console by clicking Start, clicking Run, typing mmc in the Open box, and
then clicking OK.
2. On the File menu, click Add/Remove Snap-in, and then click Add.
3. In the Add Standalone Snap-ins box, click Certificates, and then click Add.
4. In the Certificate snap-in dialog box, click Computer account, and then click Next.
5. In the Select Computer dialog box, ensure that the Local computer: (the computer
this console is running on) check box is selected, and then click Finish.
6. Click Close, and then click OK.
7. In the console tree, expand Certificates (Local Computer), expand Trusted Root
Certification Authorities, and then click Certificates.
8. In the details pane, verify that your CA is on the list of trusted CAs.
To create the certificate request for the Mediation Server
1. In Deployment Wizard, on the Deploy Mediation Server page, next to Step 3,
Configure Certificates for the Mediation Server, click Run.
2. On the Welcome page of the Communications Certificate Wizard, click Next.
3. On the Available Certificate Tasks page, click Create a new certificate, and then click
Next.
Note:
If you already have a certificate available, click Assign an Existing Certificate
and continue with steps 3 through 7 in the procedure To Assign the Certificate
to the Mediation Server later in this topic.
14
4. On the Delayed or Immediate Request page, select one of the following options:
If you intend to output your request to a text file and then send that file to an offline
CA, select the Prepare the request now, but send later check box, and then click
Next.
Note:
If you choose this option, you have to import the certificate and assign it to
the Mediation Server later.
If you want to send the request immediately, select the Send the request
immediately to an online CA check box, and then click Next.
5. On the Name and Security Settings page, type a friendly name for the certificate, and
specify the bit length (typically, the default of 1024), select the Mark certificate as
exportable check box, and then click Next.
6. On the Organization Information page, type the name for the organization and the
organizational unit (for example, a division or department), and then click Next.
7. On the Your Server's Subject Name page, type or select the subject name and subject
alternate name of the Mediation Server.
Note
The subject name should match the FQDN of the Mediation Server.
If your deployment includes multiple SIP domain names, in Subject alternate name, type the
same name that you typed in Subject name, and then click Add. Type each additional SIP
domain name, separating each name with a comma.
8. Click Next.
9. On the Geographical Information page, type the location information, and then click
Next.
10. The next page you see depends on which option you chose in Step 4:
If you selected Send the request immediately to an online CA in Step 4, select
your CA from the list or type the name of your CA in the Certification Authority box. If
you type an external CA name, a dialog box appears. Type the user name and
password for the external CA, click OK, and then click Next.
If you selected Prepare the request now but send later in Step 4, type the file
name and path to which the request is to be saved, and then click Next. Submit this
file to your CA (by e-mail or other method supported by your organization for your
Enterprise CA) and, when you receive the response file, copy the new certificate to
this computer so that it is available for import.
11. On the Request Summary page, click Next.
12. On the Certificate Wizard Completed page, verify successful completion, and then click
Finish.
15
Note:
If you obtained your certificate from an online CA skip the next procedure and
proceed directly to the procedure that follows it, entitled "To assign the certificate to
the Mediation Server."
To import the certificate for the Mediation Server
1. In Deployment Wizard, on the Deploy Mediation Server page, next to Step 4,
Configure Certificates, click Run.
2. On the Welcome page of the Communications Certificate Wizard, click Next.
3. On the Pending certificate tasks page, click Process a pending request and import
the certificate, and then click Next.
4. In the Path and file name box, type the full path and file name of the certificate that you
requested for the Mediation Server, and then click Next.
5. On the wizard completion page, verify successful completion, and the click Finish.
To assign the certificate to the Mediation Server
1. In the Deployment Wizard, on the Deploy Mediation Server page, next to Step 4,
Configure Certificates, click Run.
2. On the Welcome page of the Communications Certificate Wizard, click Next.
3. On the Available certificate tasks page, click Assign an existing certificate, and then
click Next.
4. On the Available Certificates page, select the certificate that you requested for the
Mediation Server, and then click Next.
5. Review your settings, and then click Next.
6. On the Certificate Wizard Completed page, click Finish.
Walkthrough: Start the new Mediation ServerAfter configuring the Mediation Server, use the following procedure to start the server.
To start Mediation Server
1. On a Front End Server, click Start, point to Programs, point to Administrative Tools,
and then click Office Communications Server 2007.
2. Expand the Mediation Servers node.
3. Right-click the appropriate Mediation Server, and then click Start.
4. On the Mediation Server, open the Windows Start menu, click Run, type services.msc,
and then verify that Office Communications Server Mediation appears in the list of
services.
16
Walkthrough: Transition Route to New Mediation Server
Select a time period when traffic is low to transition to the new Mediation Server. Typically,
system administrators schedule this transition either after hours or over a weekend. By following
the procedures in this section, you should experience no more than 15 minutes of downtime.
To replace the old Mediation Server with the new Mediation Server, perform the following tasks:
1. Modify the media gateway device to connect to the new Mediation Server.
2. Add the new Mediation Server to the location profile route.
3. Remove the old Mediation Server from the location profile route.
Note:
Steps for configuring or modifying the media gateway device are beyond the scope of this
document. Consult your vendor documentation for the specific procedures to change
your media gateway.
This section contains the following topics:
Walkthrough: Configure Media Gateway
Walkthrough: Add new Mediation Server to route
Walkthrough: Remove old Mediation Server from route
Walkthrough: Configure Media GatewayThe settings that you must configure on your basic media gateway are specified in the following
list, but for details about how to configure these settings on a given gateway, refer to the
manufacturer’s product documentation. Each gateway must be configured according to the
vendor’s documentation. Depending on the vendor, there are potentially many attributes that must
be set, but the attributes specific to Enterprise Voice are as follows:
Gateway Configuration Requirements The fully qualified domain name (FQDN) and IP address of the Mediation Server that is
associated with the gateway.
The listening port (5060) that is used for Transmission Control Protocol (TCP) connections to
the Mediation Server.
Important:
The previous settings must match those of corresponding settings for the Mediation
Server. If the settings do not match, the connection between the gateway and
Mediation Server will fail.
Session Initiation Protocol (SIP) Transport – specify either TLS (recommended) or TCP.
17
Important:
If you specify TLS as the SIP transport to be used by your basic or basic-hybrid
media gateway, you must also configure the corresponding Mediation Server for TLS.
If the SIP transport for the link between the gateway and the Mediation Server is set to TLS,
the gateway must be configured with a certificate for purposes of authentication during the
mutual TLS (MTLS) handshake with the Mediation Server. The certificate on the gateway
must be configured as follows:
The certificate may be directly signed by the trusted certification authority (CA) configured
in the Mediation Server. Alternatively, a certificate chain may have to be traversed to
verify the certificate provided by the gateway. The gateway must provide this chain as
part of its TLS handshake with the Mediation Server.
The CN part of the subject field should be set to the FQDN of the gateway. If the FQDN in
the CN part of the subject field does not match the expected and configured FQDN for
the gateway, the certificate must also contain a subject alternate name (SAN) that lists
the expected and configured FQDN for the gateway.
The Mediation Server validates the certificate provided by the gateway by checking that
the FQDN on the certificate exactly matches the gateway FQDN configured on the
Mediation Server. If the FQDNs do not match, the session is terminated. Additional
validation includes checking the signature and expiration date, and making sure that the
certificate has not been revoked.
If the SIP transport for the link between the gateway and the Mediation Server is set to TLS,
separate ports must be opened for the TLS connection to the gateway and the TLS
connection to the Office Communications Server pool. The port assignments should be
configured as follows:
TLS link between media gateway and Mediation Server: 5060.
TLS link between Mediation Server and Office Communications Server pool: 5061.
Each gateway must be configured so that the E.164 numbers routed by Enterprise Voice to
the gateway are normalized to a locally dialable format.
Each gateway must also be configured to pass only E.164 numbers to the Mediation Server.
For details about how to normalize source phone numbers to E.164, see each gateway
vendor’s documentation.
Each gateway should be configured to convert the source number (the number presented as
caller ID) to a normalized E.164 number. This ensures the caller ID can be matched to an
Office Communicator contact, a Microsoft Office Outlook contact, or a member of the
corporate directory, thereby enabling Office Communicator to provide additional information
about the caller. This number will also appear in e-mail messages notifying the user of missed
calls and voice mail, allowing the user to click the phone number in order to quickly return a
call. If the number has been normalized by the gateway, no further processing is required. If
for some reason the number cannot be normalized by the gateway, the normalization rules
defined by the location profile will be applied when returning a call. It might be necessary to
add normalization rules to a location profile to handle numbers that cannot be normalized by
18
the gateway. For details about how to normalize source phone numbers to E.164, see each
gateway vendor’s documentation.
Each gateway should also be configured to convert numbers in E.164 format into a format
that will be accepted on the PSTN network. For example, when +1425xxxxxx is dialed, the
gateway should strip the +1425 if the gateway is in Redmond, because these prefixes are not
required for a local call.
Walkthrough: Add new Mediation Server to routeLocation profiles specify how Office Communications Server 2007 R2 is to interpret and route
phone numbers that are dialed from various locations (or, from individual users if you are using
per-user location profiles). To add the new Mediation Server to the location profile, you must edit
the route serviced by the new Mediation Server.
To add Mediation Server to the route
1. Open the Office Communications Server 2007 R2 snap-in: Click Start, point to
Administrative Tools, and then click Office Communications Server 2007 R2.
2. In the console pane, right-click the Forest node, point to Properties, and then click Voice
Properties.
3. In Office Communications Server Voice Properties, click the Route tab.
4. Select the route you wish to modify, and then click Edit.
5. In Edit Route, in the Gateways section, click Add.
6. In Add Route Gateway, select the new Mediation Server, and then click OK.
7. In Edit Route, click OK.
8. In Office Communications Server Voice Properties, click Apply, and then click OK.
To verify that the new Mediation Server is started
1. Open the Office Communications Server 2007 R2 snap-in: Click Start, point to
Administrative Tools, and then click Office Communications Server 2007 R2.
2. In the console pane, right-click the Mediation Server node, right-click the new Mediation
Server name, and then click Start.
Note:
If the Start selection is unavailable, the Mediation Server is started.
Walkthrough: Remove old Mediation Server from routeAfter you add the new Mediation Server to the location profile route, you need to remove the old
Mediation Server from the route.
19
To remove the old Mediation Server from the route
1. Open the Office Communications Server 2007 R2 snap-in: Click Start, point to
Administrative Tools, and then click Office Communications Server 2007 R2.
2. In the console pane, right-click the Forest node, point to Properties, and then click Voice
Properties.
3. In Office Communications Server Voice Properties, click the Route tab.
4. Select the route you want to modify, and then click Edit.
5. In Edit Route, in the Gateways section, select the old Mediation Server, and then click
Remove.
6. In Edit Route, click OK.
7. In Office Communications Server Voice Properties, click Apply, and then click OK.
Walkthrough: Remove old Mediation Server
When you remove the old Mediation Server, you need to plan carefully. If the Mediation Server is
still in service, you must consider the load on the existing Mediation Server and plan on
proceeding with deactivation when users are no longer placing calls that go out through the
Mediation Server/media gateway pair. After you have the new Mediation Server in service and
handling the load, the easiest method to start the removal of the old Mediation Server is to ensure
that the Office Communications Server location profile(s) do not include the old Mediation Server
in the route information.
Walkthrough: Deactivate the old Mediation Server
Walkthrough: Removing the old Mediation Server
Walkthrough: Deactivate the old Mediation ServerIf you remove a Mediation Server from service without first taking appropriate precautionary
steps, you can significantly impact the availability of service, including causing active calls to be
dropped. Before deactivating a Mediation Server, do the following, as appropriate:
Deactivate the Mediation Server on the weekend or holiday, or during other off-peak hours,
but only after you have checked the call logs to make sure nobody is using that particular
gateway.
Change routes on the Office Communications Server so that no new calls are routed through
the Mediation Server that is to be deactivated, and then wait for all calls to hang up. This
option is riskier than the first option because midcall transfers and other types of call routing
might be broken if the routes have been deleted.
Do a combination of the first two options by changing routes on the Office Communications
Server during off-peak hours, but only after all calls are completed.
20
Caution:
Deactivating a Mediation Server can result in the loss of data and settings. Before you
start the deactivation procedure in this section, ensure that all data and settings have
been backed up and appropriate restoration procedures are in place. For details about
backing up data and settings, see Backup and Restoration in the Operations
documentation at http://go.microsoft.com/fwlink/?LinkID=132106.
To deactivate a Mediation Server
1. Log on to the Mediation Server as a member of the RTCUniversalServerAdmins group.
2. Open Computer Management.
3. Expand Services and Applications, right-click Office Communications Server 2007
R2, and then click Deactivate Mediation Server.
4. In the Deactivation Wizard, review the information on each page, and then click Next.
5. When the wizard is complete, select the View the log when you click Finish check box,
and then click Finish.
6. Use the log file to verify that the deactivation status in the Execution Result column
(including the status of each deactivation task) for a server role is Success.
Important:
The deactivation status that is shown in the log must indicate success before you
deactivate any other server role or take other Office Communications Server
actions. If any task does not complete successfully, resolve the problem and run
the Deactivation Wizard again to complete the deactivation.
Walkthrough: Removing the old Mediation ServerSometimes one or more servers or server roles need to be removed from the Office
Communications Server environment. Examples of this situation include upgrades, changes in
topology, recovery from software or hardware corruption, or other scenarios in which a server or
server role needs to be changed or removed while the Office Communications Server
environment remains intact.
You can use Add or Remove Programs to remove an Office Communications Server 2007 R2
server role, including a Standard Edition server, a server in an Enterprise pool, a Mediation
Server, an Archiving Server, a Monitoring Server, and an Edge Server.
Remove Server ComponentsAfter you stop and deactivate the necessary services, use the procedure described in this section
to remove a server.
21
Note:
Before you remove a Mediation Server, deactivate server roles to remove Active
Directory objects that are associated with it. For details, see Deactivating Server Roles in
the Administering Office Communications Server 2007 R2 documentation.
Required Order of Operations for Removing Mediation Server Components Remove the Office Communications Server 2007 R2 components in the following sequence:
Microsoft Office Communications Server 2007 R2, Administrative Tools
Microsoft Office Communications Server 2007 R2, Mediation Server
Microsoft Office Communications Server 2007 R2, Core Components
Microsoft Office Communications Server 2007 R2, Unified Communications Managed API 2.0
Core Redistribution package
Note:
Your Mediation Server may not have the Administrative Tools installed. If the
Administrative Tools are installed, remove them first.
To remove a server1. Log on to the Office Communications Server 2007 R2 server as a member of the local
Administrators group.
2. In Control Panel, do one of the following:
In Windows Server 2008, open Programs and Features.
In Windows Server 2003, open Add or Remove Programs, and then click Change or
Remove Programs.
3. In the list of installed programs, click the Office Communications Server 2007 R2 server role
you want to remove. Use the information provided previously in this section to determine
which server to remove first.
4. Click Change.
5. In the Office Communications Server 2007 R2 Setup Wizard, follow the instructions to
complete the wizard.
6. Repeat steps 3 through 5 for each server role on the server, in the sequence described
earlier in this topic.
Note:
After you successfully remove the server components, follow your organization’s
guidelines for decommissioning excess server hardware.
22