Welcome to Part 2 of this article series. In Part 1, we started off by preparing our servers in preparation for OCS Group Chat Installation. We created our services, created our SQL Database, and assigned permissions.
In this Part, I will go over the installation of our Group Chat Server and Administrative Tools.
Part 2
Group Chat OCS 2007 R2 Server Installation
When installing OCS R2 Group Chat and running the setup executable, you will be asked to install several pieces of software to prepare the environment.
You will be asked to install the Microsoft Visual C++ 2008 Redistributable. Click Yes to Continue.
You will then be asked to install the Microsoft .NET Framework 3.5. Click Yes to Continue.
You will then be asked to install the Microsoft Unified Communications Managed API 2.0 Core Redist 64-bit version. Click Yes to Continue.
Once Microsoft Unified Communications Managed API 2.0 , you will be presented with the Welcome screen which will begin the installation process. Click Next to Continue.
The next screen is the licensing screen. Make sure you fully read the entire agreement! Once you have done so (and I know you will, right?) Click Next to Continue.
Enter your Username and Company information. Click Next to Continue.
Enter the installation path you want the binaries installed to. Click Next to Continue.
When the feature screen appears, you have 2 choices which are both selected at the same time. Keep in mind, that you must disable one of the options. You cannot have both the Chat Server and the Compliance Server collocated on the same box. Make sure the Chat Server is selected and the Compliance Server is not selected. We will be installing the Compliance Service in the next Part. Click Next to Continue.
Confirm your installation. Click Next to Continue.
Installation is ready to proceed. Click Next to Continue.
During the installation, you will see the Server Configuration wizard appear. Because we chose the Chat Server to be installed, you will see three Server/Service roles being installed:
- Lookup Server
- Channel Server
- Web Service
Click Next to Continue.
We now want to specify what SQL Instance we want to use. One thing to keep in mind is to take a look at the collocation technet article to see how databases can be collocated on the same SQL box. You can find this article here. You can see the following databases can be on the same SQL Box:
- Archiving database
- Monitoring database
- Group Chat database
- Compliance database (for Group Chat)
One thing to keep in mind here, is that for each database, it requires its own instance. In the case of Group Chat database and the Compliance Database, the Compliance Database can be a dedicated database or it can be the same database as the Group Chat database. In Part 2, we will be using the Group Chat database as the Compliance database.
As you may recall from the OCS R2 Enterprise article series here, we’re using a SQL 2008 x64 Back End. Make sure port 1433 is allowed inbound. Instructions on how to do this are documented in that article series.
Specify your Server\Instance and Database. As stated, I’m just using the default instance for everything since it’s a lab. Specify your settings accordingly. Click Next to Continue.
The next screen will just notify you that your databases are empty and that it will create the schema information. Click Next to Continue.
We will want to specify a Super User. It’s pretty obvious what this user is. It’s essentially the Administrator account in AD. The first time you create AD, you will log in with the Administrator account and start creating other Administrator accounts from there. The Super User is the same thing. Because this is a lab, I am using the Administrator account to manage everything. So in the User name field, I specified my Administrator account and clicked Add. Click Next to Continue.
Specify the name of your pool and the MTLS Certificate that will be used by your Group Chat Server. You will need to create this certificate beforehand by using LCSCMD, CertSRV website for an internal CA, or using the OCS Administrative Tools. Click Next to Continue.
Remember I said the Lookup Service is the one service that will be utilized across all Group Chat Servers and that it also needs to be SIP Enabled? Well now is the time to enter in the Lookup Service credentials and SIP information. Click Next to Continue.
Do the same for your Channel Service. Click Next to Continue.
On the next screen, we’ll be asked for our Compliance settings. Because this is the first Group Chat Server and we have not yet deployed our Compliance Server, we’ll leave these settings blank and re-visit the configuration later. Click Next to Continue.
Specify the directory that will be used for uploads to the Web Service. You will want to use a UNC path, especially if you’re using multiple Group Chat Servers. I created a shared folder called WebService. You will need to ensure your Channel Service has read/write to this share (both Share and NTFS permissions.) Click Next to Continue.
Review your settings. Click Finish to Continue. When finished installing, Click Close.
You will want to ensure that Anonymous Authentication is enabled in IIS on your MGCWebService directory in your Default Web Site. After doing so, you will want to use your Channel Service account as the credentials used for Anonymous Authentication. It doesn’t have to be the Channel Account, but just an account that has RTCComponentUniversalServices permissions because the account needs to access the file repository and Message Queuing.
Group Chat OCS 2007 R2 Administrative Tools
As most of the other client and administrative tools installations, I won’t go over the installation procedures as they’refairly straightforward. So go ahead and install the Administrative Console. I have installed it on our SHUD-PG1 Server which is the server we installed the Group Chat Server on.
Once installed, go to Start > Programs > Microsoft Office Communications Server R2 > Microsoft Office Communications Server R2, Group Chat Administration Tool
Once you open it, Group Chat Administration will always be set to do an Automatic Logon and use the existing signed on account.
You may have trouble getting this part to work properly. This is my 2nd time installing and getting Group Chat to work so I’ve went through the pain to get everything to work properly and seamlessly off the bat. The trick is, during Group Chat installation, you gave it a super user. You’ll want this to be your Administrator account you’re using to install Group Chat and the system that you will be loading the Administration Tool. Only a super user can load up the Administrative Tool. So if you set your Administrator account that you log onto which is also SIP enabled as the Super User, and are logged onto that account when loading up Administrative Tool, everything will just work.
If Automatic Configuration does not work, you can set the Account to Manual Configuration and manually configure the account to use for log-on, DC to use, etc…
You can now create new Chat Rooms on the left, add new Super Users, Chat Room Managers, etc..
Summary
Well folks, that is all for Part 2 of this article as well as the 2 part article series. Hopefully it helps you plan and deploy Group Chat.
Sheila says
I really love your blog.. Great colors & theme. Did you create this web site yourself?
Please reply back as I’m hoping to create my very own site and would love to know where you got this from or what the theme is named. Many thanks!
wolffparkinsonwhite says
This is good stuff many thanks. It worked almost first time . I had an error when creating the web site but the reason was because I was binding only with the FQDN. I add a new binding with the machine name and it was fine.
Gary says
Hello, thank you for this post very good information.
When I try to connect I get “Cannot establish a network connection. Make sure you are connected to the network and try again”
I have everything set the way you suggested, except for 3 things.
I am running this in a VMware.
I a self signed certificate created in IIS7 on the same server.
I am running the chat database on the same server as the Group Chat Server.
Would any of theses cause this problem?
Thanks
Gary
Elan Shudnow says
Possibly due to database being on the same Group Chat Server. The database is not supported on the same server. This may be why the Group Chat database can't establish a connection.
jose says
Hi,
This is good stuff many thanks. It worked almost first time . I had an error when creating the web site but the reason was because I was binding only with the FQDN. I add a new binding with the machine name and it was fine.
Nice work.
Jose
Sébastien says
Hi all
Actually i’m trying to install a lab of OCS 2007 R2 Wint Exchange 2010.
My lab is :
1 GC on Windows 2008 R2 Fr latest Fix
1 DC on Windows 2008 R2 Fr latest Fix
1 Exchange 2010 Fr latest hot fix on Windows 2008 R2 Fr latest Fix
1 OCS Server 2007 R2 FR latest CU on Windows 2008 R2 Fr latest Fix
1 CWA serveur FR latest CU on Windows 2008 R2 Fr latest Fix
1 MEDIATION serveur FR latest CU on Windows 2008 R2 Fr latest Fix
1 Chat and Complicance serveur US on Windows 2008 R2 Fr latest Fix
1 Sql 2008 serveur FR latest SP on Windows 2008 R2 Fr latest Fix
My error is : SQL error [121] cant oppening database.
I follow the Microsoft Documentation, your documentation.
I tried install this chat and compliance serveur on seperate machine : result Idem
I tried install this chat server on an windows 2008 R2 US and SQL 2008 US : result idem
I tried install the SQL serveur in windows 2008 FR with SQL 2005 FR latest SP : result Idem.
I found some trick on Googled like OS version and SQL version (Spanish for exemple) not supported.
The trace i see on the SQL SQL is : tblversion and tblcomplicane version does not exist. But if i manualy create this table, the result is the same.
Is there every one can hel me ?
Thank a lot.
Sébastien, French Guy so sorry for my english.
Pawel says
my 2c after banging my head for 1 day with Admin Tool problem:
– review "Office Communications Server 2007 and 2007 R2 Certificate Guide.doc"
You must have the FQDN of the Group Chat Server as the SN/CN and you must also include the Client EKU for the Administration tool, otherwise the Group Chat administration tool WILL NOT BE ABLE TO CONNECT to the Group Chat server.
– you DON'T have to rebuild the Group Chat server from scratch each time you encounter an issue!! (learnt after 3 rebuilds..)
just run ServerConfigTool.exe located in %ProgramFiles%Microsoft Office Communications Server 2007 R2Group Chat Server and adjust settings as needed
– don't follow blindly all the posts googled regarding the issue, for instance this one http://blogs.technet.com/b/ucedsg/archive/2009/05…
suggests adding service accounts to RTCUniversalServerAdmins group :o :O
– if needed, run ServerConfigTool.exe and set Error Level for services to Debug. restart services then check Office Communications Server event log and review EACH event log entry (in my case, Information type-of had details about the error)
I also kept receiving "Cannot sign in because of a problem with the chat room service" (when using manual configuration) error.
In my case, the error was cause by certificate – make sure your cert has Client EKU enabled (I had to use modified custom Web Server template when requesting the cert).
If you include any SANs, make sure the last SAN entry matches certificate Subject Name.
Sam says
Pawel, I seem to be having the issue you're describing, yet I cannot get the admin tool to login. That's a good call on the debug logging, from that I've determined that the certificate I'm using appears to be the issue (error in the OCS log is: "The Group Chat server can not establish or maintain MTLS connection to the Office Communications Server.") but it's blowing my mind as to what I'm missing. SN/CN/SAN, you name it. It's all the FQDN of my Group Chat server. The cert is trusted, it's issued by the same internal CA as our MTLS cert for our OC server, it has server and client authentication enabled. I really cannot see what I'm missing here but at least the logging is pointing to the cert being the issue.
The ONLY thing that isn't consistent with everything else on the cert is the friendly name, which is (get this) a NICE name that is not the FQDN. Can it possibly be this mind-numbingly stupid little thing that is causing the cert not to work and thus no admin tool login? What else can I possibly look at to correct this?
THIS CHAT SERVER WILL BE THE DEATH OF ME.
TraciSylvia says
I was getting the same error. I actually opened a Microsoft ticket on this. My fix was changing my certificate. Originally I was using a GoDaddy single name cert. The problem is, with Godaddy, they put an extra SAN name on the cert that start with www. on all of their single name certs. I spoke to GoDaddy and they said they can not issue certs with out the extra www. SAN name on the certificate. This caused Group Chat Admin not to be able to login. If your certificate does have SAN names on it, the FQDN of the server needs to be at the bottom of the Subject Alternative Name list on your Certificate. I ended up using a certificate from http://www.namecheap.com because they dont add additional SANs on when all you buy is a single name cert.
eshudnow says
Thanks for sharing that information. I have another article here on OCS Audio/Video in which I encountered the same thing where the Internal Edge Certificate was a single name public cert. The www name Thawte automatically put on the certificate also messed things up. This was solved, at least temporarily, but a CNAME that would redirect the www back to the correct location.
jeck says
hi,wen i tried login in group chat administration tool using manual configuration, i get an error "cannot sign in because of problem in chat room service." and while using automatic configuration i get an error "cannot establish network connection". please advise.
eshudnow says
Did you make sure the lookup service was named OCSChat?
Keenan says
jeck,
I ran into this exact issue. I ran through every walk through for group chat that I could find, none resolved the issue. After much trouble shooting I stumbled on the solution. During the installation, where you specify the Office Communications Server Credentials, you have to specify "sip:[email protected]" instead of just "[email protected]" as the walkthrough suggests.
I hope this helps.
Chaosnature says
Update to my service none starting issues, 1st i changed the account service to administrator which had more rights than other account , and started the services and they started, but they only start one at a time, the two services would not stay on running at the same time, then i added all rights to the ocschat account and restarted the services again this time they started,
so i am not sure what account member is missing yet that stoped the GC services from starting, i will use process of elimination later to find that out….
but now i still cannot logon to the GC server as administrator
i get:
Cannot sign in. Your sign-in address, server settings, or password may be incorrect. If your sign in information is correct and the problem persists, please contact your system administrator.
and nothing on the GC Event log server, any ideas?
i also am now running the SQL on the same server as the GC, i previously was using the same as my OCS front end server,
Question,…what is the pool name when u are using an SQL server on the same GC server which is a memeber server? is it the FQDN of the server it self?….my OCS pool name is ocspoo.ct.com…..my GC server name is Main.ct.com….my GC instance i created was name GCPool on the member server. what then is the Pool name of this GC SQL? or do i have to create a pool using the installation cd? cos right now i had to fill in the gap using my ocs pool i created for my FE server…
Chaosnature says
Hi,
1st let me say Great! guild,
i followed this guild and i eventually am able to complete the intallation, however i am unable to start any of the 2 services, they start and stop , 1st i was using a certificate with my oce server pool, then i lately change it to another certifictae with the GC server name and sip.domain name and ocspool name as SAN.
this is the error i get from the event log:
The Microsoft Office Communications Server 2007 R2, Group Chat Server MGCLOOKU could not stop due to an exception Object reference not set to an instance of an object..
An error MGCLOOKU is stopping due to an unhandled exception.
has occurred due to an unhandled exception Object reference not set to an instance of an object.. Stack trace:
at Microsoft.Rtc.Internal.Chat.Server.ServerCommon.Performance.MessageProcessingPerformanceCounterManager.ClearPerformanceCounters()
at Microsoft.Rtc.Internal.Chat.Server.Lookup.LookupServer.ClearPerformanceCounters()
at Microsoft.Rtc.Internal.Chat.Server.ServerCommon.ServerBase.Start()
at Microsoft.Rtc.Internal.Chat.Server.ServerCommon.MAServiceBase.startServer()
at Microsoft.Rtc.Internal.Chat.Server.ServerCommon.MAServiceBase.createAndStartServer()
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart().
Any suggestion would be greatly appreciated
Thanks in advance
Chris Wolfley says
Oops.. submitted too fast:
Error 1722, There is a problem wit hthis Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action CA_Launch_ServerConfigTool, Location C:Program FilesMicrosoft Office Communications Server 2007 R2Group Chat ServerServerConfigTool.exe, command: /i
Fredrik says
Hi, I had the exact same problem as Chris Wolfley. If you delete the group chat database and recreate it, you will be able to finish the wizard. At least it worked for me.
Chris Wolfley says
I've been trying to deploy the Group Chat server for the last week or so. The first time I did not use the correct names for the service accounts and ran in circles with it until I found this blog. Reading through here about the lookup service having to be named OCSChat led me to dump and reload the box since it was not in production yet anyways. However, I've gone through all of the prerequisites on TechNet and installed everything the way I had before. When I try to run the actual GroupChat Server install, I get all the way to where the secondary Server Config Tool kicks off. As soon as I put in the path to the SQL server and database, the installer crashes. I've checked in the event log and this appears to be some kind of a .NET issue. I'm running this on x64 as they stated it is supported. I've seen a couple other entries here and there that have stated that running this on an x86 platform would be better. Has anyone had any experience with this at all?
The specific error I am getting is:
Rudy says
Hi, is there a way to format the chat content (in OCS2007r2 Group Chat) so it can be indexed and clickable? ie. Mutiple discussions regarding a code. Looking for a solution whereby the code/username becomes clickable, and when clicked, it indexes the chat history regarding that code/username.
Setting up a filter is not an option,as there are too many codes and usernames.
Any suggestions would be greatly appreciated.
Many thanks in advance
Petri says
Anybody knows why there is a differences between:
http://technet.microsoft.com/en-us/library/dd4413…
And its part: "To request a certificate"
And on this article:
"You will need to create this certificate beforehand by using LCSCMD, CertSRV website for an internal CA, or using the OCS Administrative Tools"
The reason for the question is, I'm trying to follow technet article, but I can get "Server Authentication" but not Client at all.
Ozgur Canibeyaz says
I would like to make sure if i'd need more privileges than i have at the moment before actually deploying group chat. Our top level domain is for administrative purposes only and not managed by me. For administrative tasks i use a domain admin account for the child domain where all the user and computer objects reside. For instance in order to set up OCS, we needed administrator credentials so that the schema could be extended. Anyways i was wondering if a domain admin credentials in the subdomain would be sufficient as a super user ?
Rupa says
Thanks for the step by step installation process. I had some issues earlier but your post helped me get going in one shot.
The only thing was the Super user ( From your post Administrator), needs to be sip enabled. You have mentioned this later but not at the time when the super user is to be confirgured.
Thanks a lot,
Rupa
Mark Grimes says
I already have this enabled in my moc-test env that reflects their environment.. Interesting…I went through the TechNet Virtual labs, and couldn't log into that either! However, their lab guide did have a couple of other instructions (if they matter or not) that are not in the Group Chat deployment Guide nor in your guidance. First one to mind is that the group chat database must be selected as each service account's "default" database in SQL mgr. 3 other things the TechNet lab mentioned, that was not elswhere: 1. install sqlncli_x64.msi, 2. ocscore.msi (may have missed that one) and then wse 3.0 download. I knew of the last one, but in the lab, they have you do the "Administrator" install, as opposed to the default option of "runtime". Maybe once I get all of these pieces together, I'll post a blog too on everything that needs to be done. Curious if you did do the install on 2008? I know 2003 R2 SP2 is supported, but sometimes things work better on the latest greatest?
Elan Shudnow says
Yes, I did the install on 2008.
Mark Grimes says
I have run through your instructions, Microsoft, and just recently downloaded the TechNet Virtual Lab guide…..I have everything in place and still can't log into the admin tool. Using admin account that is super user, lookup account=ocschat. All service accounts owners of db, members of RTCUniversalServerAdmins, all local admins,etc.etc. I opened a support ticket..the only thing he could find was the fact the since the customer did now have enterprise AD certs, we couldn't issue certs with both client and server authentication. I'll buy that, except for the fact, I did have an ENT AD CA in my hyper-V environment with a cert issued wtih server/client auth, and still no login to the admin tool. The only thing I can find that is different from all the blogs, documents etc, is that we are running this all on Server 2003 R2. Have you heard of any issues or requirements for Group Chat to be only on Server 2008? Thanks – Mark
Elan Shudnow says
Group Chat requires Server 2003 SP2 or Server 2008. You can check requirements here: http://technet.microsoft.com/en-us/library/dd4412… Please make sure you have SP2 on your Group Chat Servers.
Mark Grimes says
Yes, we are on SP2. Had a support call with MS today. He thinks it is an MTLS connection i.e. problem with certs. On the last call, he told us to get a public cert, since the client didn't have an Ent CA internally, and therefore could not enable client and server EKU in the cert. So we did that, but since the client has .LOCAL domain, the only way to get a public cert is with a SAN cert…..making the public name (which we're not using internally) the SN, and then putting the .LOCAL as a SAN entry. That didn't work, so now support is telling us to install an Enterprise CA internally….grrrrr.
Charndre says
Hi,
Having same issue as Swiss, GC installed 100% but cannot login to GC Admin Tool "Cannot sign in because of a problem with the chat room service".
Both Lookup and Channel services start and then stop again, permissions are correct, domain admins and ocschannel is a member of RTCComponentUniversalServices.
GC is installed on a server seperate from OCS as per recommendations.
Any assistance would be greatly appreciated
Swiss Toni says
Hi,
Ran through the setup here and had problems with services not starting or starting then stopping. I've checked the accounts have local admins, SQL Db permissions and RTC Universal Server, no go. Thinking of reinstall now…
Phil W says
I’ve installed OCS 2007 R2, Chat Server and the Admin Tool on the same server but I’m unable to login in. The user I’m using is SIP enabled, an Enterprise, Domain and Schema Admin and ss a member of RTCUniversalServerAdmins and has DB owner access to the Chat database. I had an issue with the certificate originally but resolved this and now I cannot connect. Anyone got any ideas?
Claudia says
Hi Phil,
didn't see it in your user permission overview. The user also has to be specified as Super User during the GC configuration.
Regards
Claudia
Tor Ivar Johannessen says
I have successfully installed OCS 2007 and Group Chat server.
I have the “Group Chat Administration Tool” installed on the same server, and use that application to log on. No problems there. I can also log on with the Group Chat Client I have installed locally on the same server.
However, when I try to log on with a Group Chat Client installed on another machine I get the following error message:
“Authorization server unavailable. Please try again later or contact your system administrator if the problem persists”.
Do you have any idea what is wrong here? What exactly does the error message mean by “Authorization server”?
Elan Shudnow says
Not sure. That sounds like a Kerberos issue. I don’t see anything for it on the web. I’d give Microsoft a ring when you run into these error codes which you can’t find anything online about.
Rocket says
we just installed Group Chat. I was wondering if you know how to disable the pop-up invitations/toasts that are sent to the acceptee when a private chat is initiated? we would like to bypass that message and have the message go directly to that person.
thanks!
Rory Donnelly says
Elan,
We’ve had R2 up and running smoothly for months now, and so I thought I’d set up the Group Chat. I’ve run through parts 1 and 2 and everything seems to be installed correctly, but when I run the admin tool and try to add a member to a chat room and click “Apply”, I get this:
“Unable to save the member list: [1] A non provisioned principal was accessed and provisioning is in progress. Please retry in a few minutes.”
I waited and waited, uninstalled, reinstalled, but I keep getting the same thing. Google ain’t my buddy on this error I’m afraid. Any idea where I could start looking?
Rory.
Elan Shudnow says
Rory, give Microsoft a ring. If you haven’t found anything on the entire Google Search engine, you’ll most likely not get anywhere without giving MS a ring.
Trung Tran says
Is there documentation out there on publishing Group Chat to external users via ISA 2006? Thanks.
Elan Shudnow says
Group Chat works through the Edge, not ISA.
Elan Shudnow says
Ok, I just talked to one of the MS guys and he stated that the above is true (I think this was changed since the TAP in which an MS guy told me everything needs its own instance.)
So the Monitoring, Archiving, etc. can be on the same instance. But any sort of pool needs its own dedicated instance.
In R1, everything period needed its own instance.
Elan Shudnow says
I shot off an e-mail to the MS folks to get this clarified. I keep seeing conflicting information on this subject so I am asking them directly to get this clarified. I’ll reply back here with more information when I get it.
Joy says
You have mentioned that
“One thing to keep in mind here, is that for each database, it requires its own instance.”
The “OCS 2007 R2 Supportability.doc” at http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=e9f86f96-aa09-4dca-9088-f64b4f01c703
mentions that we can “Collocate Archiving Server and Monitoring Server, and collocate the Archiving database, the Monitoring database, and the Back-End Database on a single computer in the same SQL Server instance. ”
Can you please let me know the technet article or document where it is mentioned that each database needing its own instance in R2?
I am working on a production deployment and planning to have two SQL instances – one for the backend pool db and the other instnce hosting the Archiving/Monitoring/Group Chat and Group chat compliance Databases.
Thanks,
Guillaume says
Oh sorry, the solution was on the documentation, setting up the account OCSChannel for the anonymous access in the IIS…
Very good documentation by the way
Guillaume says
Hi everybody, I have some issues with the file transfers in Group Chat. First of all, that was a SSL error, easily fixed by binding a ssl certificate on the IIS. But now I have [121] Sql error: opening a connection.. Login failed for user ‘NT AUTHORITY\ANONYMOUS LOGON’. The question is : Is the client trying to connect to the SQL Server and then I should allow anonymous access to a specific table or a misconfiguration of the WebService on the Group Chat Server (My application pool in IIS is running as mydomain\OCSWebService account)?
Does someone have any clue about that ? Google is not my friend on this case.
Thank you very much,
Guillaume
Elan Shudnow says
Make sure the lookup service is named OCSChat and SIP Enable it otherwise it won’t work. You also need to make sure the necessary permissions are set on the SQL Database for all your service accounts. Also make sure the master account is specified as the user who will be logging into the admin tool.
Ritesh says
Same problem I am running…cannot log into Chat Admin Tool
angel says
hi,wen i tried login in group chat administration tool using manual configuration, i get an error “cannot sign in because of problem in chat room service.” and while using automatic configuration i get an error “cannot establish network connection”. please advise.
Chris Lehr says
Nice write up as well ;)
I’ve been busy at work and unable to update my stuff for a bit now. But, I completed an LCS to OCS R2 migration!