Project Updates

Microsoft Security Update KB974571 (vulnerability in Windows CryptoAPI) has a known compatibility problem with OCS 2007 R2 that can bite you in two different ways:

1. New OCS installation - When you run the Deploy Server Wizard to install/configure your new Front End Server it will fail with error [0xC3EC796C].  If you read the deployment log there will be a server activation error related to the Deployment Wizard failing to read OCS version information and a message that this could be caused by the computer clock not being set to the correct date and time; in reality the problem has nothing to do with with computer date or time.
2. Existing OCS installation - If you install KB974571 on an existing OCS 2007 R2 Front End server the OCS Front End service will stop with error [0xC3E93C23].  Restarting the server will not restart the service and the service cannot be restarted manually.

In both cases the fix is to simply uninstall the update (KB974571) and then restart your server.  After the restart you'll be able to complete the Deployment Wizard and/or restart the OCS Front End service.

You get this error when you have not yet configured Enterprise Voice for your Enterprise Pool but you already have users enabled for it.  You can either:

• Reconfigure your users and disable Enterprise Voice for their accounts, or
• Do nothing!

This is one error you can safely ignore.  I personally believe the validation tool should treat this as a Warning and not a Failure but that's just me.

When you try to install SQL Server 2008 the wizard checks for a bunch of prerequisites; one of those prereqs is a check for whether or not the server needs to be restarted before the installation can proceed.  A number of different things can flip the registry switch to require a reboot (software installations, driver updates, etc.).  Sometimes the switch gets "stuck" and no amount of server restarts reset the reboot requirement.  The first thing you should try is to restart the server if you haven't already (sometimes it really DOES need a reboot).  If that doesn't clear the flag then open regedit and find this key:

PendingFileRenameOperations

Clear the value for the key, reboot the server, and try the installation again.  If that fails there's a way to run SQL setup from a command prompt with a cool little parameter to skip the prereq checks.

Here's a link to a very technical TechNET article written by Doug Deitterick, a Premier Field Engineer and member of the Microsoft OCS Team. The article details how to change the location of the OCS shares.  This article will be especially useful if you want more than one Front End server in your Enterprise Pool.

Microsoft Hyper-V has a slightly revised UI and also a few additional features in Server 2008 R2 and in RSAT for Windows 7.  One of the coolest new features is the ability to dedicate a physical network adapter to a virtual network adapter (as opposed to sharing a physical NIC with both the Hyper-V host and virtual machines).  You can find a full description of the new feature, as well as some screen shots, at John Howard's blog (he's the Senior Program Manager of the Hyper-V team at MS).

I was recently tasked with creating an initial price estimate for the hardware required to run Microsoft Office Communications Server 2007 R2 with Enterprise Voice as part of the GUNROCK project.  I'm still in the initial planning phase of OCS for GUNROCK so I had a lot of flexibility in terms of the infrastructure design.  My focus while planning was to offer a robust set of OCS services, with full Exchange integration, with external federation options, while maintaining high availability.  The system also has to be scalable enough to accommodate an unknown-but-potentially-large future user base.

The first thing I did was read up on the relevant documentation.  Here's the important stuff:

• OCS 2007 R2 Supported Topologies and Infrastructure Requirements
• OCS 2007 R2 Planning and Architecture Guide
• OCS 2007 R2 Deployment Guide
• OCS 2007 R2 Hardware Requirements
• OCS 2007 R2 Site Resiliency White Paper
• OCS 2007 R2 in a Virtualized Topology

I also used the MS OCS 2007 R2 Planning Tool which I found to be very useful (especially for capacity planning).

After I was able to wrap my head around what an Enterprise OCS system requires, and before I could start looking into hardware, I needed to answer a few big questions:

1. What services do I want to offer?
2. Is there any way to leverage server virtualization?
3. What OCS roles can be combined within physical servers and/or virtual machines?
4. What's the best way to ensure high availability of those services?

The first question was easy, EVERYTHING (at least in the beginning).  The primary services will be IM, Presence Awareness, A/V Conferencing, Federation (with external organizations and services), and Enterprise Voice (VoIP).

The last three questions were a real challenge because they're all interrelated; only certain server roles can be virtualized, only certain server roles can be combined within the same physical server or virtual machine, and redundancy can only be built in at certain levels.

For OCS 2007 Microsoft decided not to support virtualization because of the performance overhead (even when using their own Hyper-V virtualization solution).  As of OCS 2007 R2 Microsoft does support virtualization but only in a limited capacity.  The real-time communications server roles (roles which involve A/V encoding or have high bandwidth/low latency requirements) cannot be virtualized because of things like audio jitter, clock shift, and problems with the way the VMBus network adapter emulates network traffic. 

At first it may seem like there's an obvious workaround; virtualize the roles that support it and build physical servers for everything else.  Virtualization is usually preferable because of the ease of server creation and management (in addition to the cost savings from more fully utilizing host server hardware).  The big catch to virtualization for OCS is that you cannot use the Microsoft recommended configurations for Front End Enterprise Servers and Edge Servers.  Microsoft now recommends using consolidated Front End Servers and consolidated Edge Servers.  But not all of the roles within the consolidated server deployments can be virtualized, so the roles need to be broken out and hosted on their own dedicated servers.  As an example, a consolidated Edge Server hosts the following three roles:

1. Access Edge Role
2. A/V Conferencing Edge Role
3. Web Conferencing Edge Role

The A/V Conferencing Edge Role is considered a real-time communications role and therefore should not be virtualized.  So if you want a virtualized Access Edge server you need to have a separate and physical A/V Conferencing Edge server.  Here's a full list of what roles can and can't be virtualized.

In one of the first server topologies I put together I used a combination of virtual and physical servers with everything in the expanded, as opposed to consolidated, server configurations.  Then I tried to figure out how to make the system redundant and it was truly a world of pain.  I figured I could leverage the advantages of virtualization where I could, and although there were more servers, I thought it was acceptable because more servers usually means a larger potential support capacity.  I was wrong...  I ultimately decided that the benefits of virtualization where quickly negated by the inconvenience and complexity of managing a larger number of servers in a partially virtualized deployment.

Deciding not to use virtualization, which enabled me to use consolidated servers, simplified the server topology even after adding redundancy.  I was able able to use the MS OCS 2007 R2 Planning Tool at this stage to give me a fairly accurate picture of the hardware requirements.  Here's what I input into the planning tool:

Online Collaboration:
- IM and Presence
- Audio and Video Conferencing
- Web Conferencing
- Communicator Web Access (10% of users at any given time)
- Group Chat

Users: 4000
- Internal Organization
- Federation with Other Organizations
- Federation with Public IM Service Providers

Server Applications:
- Response Group Service
- Conferencing Attendant
- Conference Announcement Service
- Outside Voice Control

Additional Deployment Options:
- High Availability
- Monitoring
- Archiving
- Device Update Service

Voice:
- Enterprise Voice

Phone Settings:
- 30% of users enabled for Enterprise Voice
- Average of 2 calls per user per hour
- Network Line is T1 or better
- Will use an IP-PBX
- Mediation Server with two quad core processors

External User Access:
- Will deploy Edge Servers
- Enable high availability for external users

Here's the resulting server topology:

 At this point I knew how many servers I needed, I knew what roles those servers would host, and I knew the general hardware requirements for those servers.  Dell is our primary hardware vendor at UC Davis so I decided to take a two pronged approach at establishing the hardware and pricing:

- Initial Estimate: I spec out what I think is the most appropriate hardware using pricing from UCDBuy (University custom Dell portal)

- Refined Estimate:  I work with a Dell product specialist to determine the most appropriate Dell servers and hardware and we optimize the hardware for our specific OCS 2007 R2 deployment

Using the Initial Estimate approach I came up with this price estimate:

I'm still working with Dell to determine the exact hardware and to work out a more accurate price estimate.  I'll post the updated information here as soon as I get it.