Partager via

Configuring your Enviroment for the Microsoft Phone Edition (Tanjay) (OCS)

  • Article

This is informative purposes only.  

 

At a minimum you will need to have the following configured on your network in order for the Tanjay to connect:

  • DNS
  • DHCP
  • NTP
  • Certificate Service registered in AD

 

DNS

The DNS zone for the domain containing your Tanjay device must have the following 2 records:

1. An A record for the SIP domain you want the Tanjay to connect to; for example:

(internal access) sipinternal.yourDomain.com IPAddressOfAccessProxy

(external access) sip.yourDomain.com IPAddressOfSEServer

2. A UDP SRV record for the NTP service (stored under yourDomain.com/_udp); for example:

_ntp port:123 NTPServerFQDN

3. SRV records for the OCS service discovery internally

_sipinternaltls._tcp.<FQDN of SIP Server (Director or OCS Server, pool or pool VIP)>

_sipinternal._tcp.<FQDN of SIP Server (Director or OCS Server, pool or pool VIP)>

4. SRV records for the OCS service discovery externally (for remote access)

_sip._tls.<FQDN of SIP Server (Director or OCS Server, pool or pool VIP)>

_sip._tcp.<FQDN of SIP Server (Director or OCS Server, pool or pool VIP)>

 

 

DHCP

Starting with build 421 running against an OCS 2007 RTM server, Tanjay now supports DHCP Option 119 which allows an Administrator to define a list of DNS Suffixes to try if the default DNS Domain Name defined in DHCP Option 015 does not produce a valid DC. The Tanjay will attempt to form a valid FQDN by appending each suffix in sequence.

To enable DHCP Option 119:

  1. From DHCP Administrator, right click DHCP server name and select Set Predefined Options
  2. Leave Option class: as DHCP Standard Options and click Add
  3. For Name: enter DNS Search List, set Code: to 119 and Data Type to String, leave the Array check box unchecked (it is not an array) and click OK
  4. Right click Scope Options, select Configure Options, check Option 119 DNS Search List
  5. In the Value section in the String list box, enter a list of domain suffixes in your organization delimited by a semi-colon

 

Example: contoso.com;dev.contoso.com;corp.contoso.com

 

  1. Click OK to close the Predefined Options and Values page

 

NTP

Reference:

Configuring the Windows Time service to use an internal hardware clock” in this document:

https://support.microsoft.com/kb/816042/

Enabling the time service is done via group policy on the domain object containing the NTP server using the following steps:

  1. Open Active Directory Users and Computers
  2. Right click on the domain containing your NTP server and select Properties
  3. Click the Group Policy tab, make sure the Default Domain Policy is highlighted and click the Edit button
  4. Expand Computer Configuration, Administrative Templates, System, Windows Time Service
  5. Click on Time Providers and in the right pane double-click Enable Windows NTP Server, confirm the Enabled radio button is selected and click OK
  6. From the Group Policy Object Editor menu select File and click Exit

 

Note: Once you connect your Tanjay device to the network and power it up, the logon display should appear within approximately 2 minutes. If that doesn’t happen confirm that your network connection, DHCP and NTP settings are working properly.

 

Certificates

The Tanjay device registers the internal certificate authority in its “Trusted Authorities” store which requires the following two conditions to be in effect:

  • Certificate AutoEnrollment is enabled
  • Certificate Authorities has to contain the Internal CA name

Enabling certificate AutoEnrollment is done via group policy on the domain object containing the Tanjay device using the following steps:

  1. Open Active Directory Users and Computers
  2. Right click on the domain containing your Tanjay device and select Properties
  3. Click the Group Policy tab, make sure the Default Domain Policy is highlighted and click the Edit button
  4. Expand Computer Configuration, Windows Settings, Security Settings
  5. Click on Public Key Policies and in the right pane double-click Autoenrollment Settings, confirm the Enroll certificates automatically radio button is selected and click OK
  6. From the Group Policy Object Editor menu select File and click Exit

 

Build 421 and above:

Starting with build 421 the Tanjay will continue to go to the Certificate Authority if AutoEnrollment is enabled. However for companies that do not enable AutoEnrollment it’s now possible to upload the path to a .CER file into Active Directory Certification Authority container (Figure 5) and have the Tanjay pull it down from there.

 

To upload the path to a .CER file run the following command from a domain controller:

certutil -f -dspublish ".CER file location" RootCA

 

If you are using a 3rd party certificate, the following table contains a list of the default trusted root CAs built into the Tanjay. If your 3rd party vendor is on this list it is not necessary to publish anything related to certificates in Active Directory.

Vendor

Certificate Name

Expiry Date

Key length

Comodo

AAA Certificate Services

12/31/2020

2048

Comodo

AddTrust External CA Root

5/30/2020

2048

Cybertrust

Baltimore CyberTrust Root

5/12/2025

2048

Cybertrust

GlobalSign Root CA

1/28/2014

2048

Cybertrust

GTE CyberTrust Global Root

8/13/2018

1024

Verisign

Class 2 Public Primary Certification Authority

8/1/2028

1024

Verisign

Thawte Premium Server CA

12/31/2020

1024

Verisign

Thawte Server CA

12/31/2020

1024

Verisign

Secure Server Certification Authority

1/7/2010

1000

Verisign

Class 3 Public Primary Certification Authority

8/1/2028

1024

Entrust

Entrust.net Certification Authority (2048)

12/24/2019

2048

Entrust

Entrust.net Secure Server Certification Authority

5/25/2019

1024

Equifax

Equifax Secure Certificate Authority

8/22/2018

1024

Geotrust

GeoTrust Global CA

5/20/2022

2048

Godaddy

Go Daddy Class 2 Certification Authority

6/29/2034

2048

Godaddy

https://www.valicert.com/

6/25/2019

1024

Godaddy

Starfield Class 2 Certification Authority

6/29/2034

2048

 

 

OCS Settings

In order to complete the Tanjay boot up process it is necessary for certain VOIP properties to be set at the forest level and then mapped to the Front End properties of the pool. The following steps detail the process:

  1. Click Start, Programs, Administrative Tools, Office Communications Server 2007, Administrative Tools
  2. Right-click on Forest and choose Properties and click VOIP Properties
  3. Click the Normalization Rules tab and if no Normalization Rules are defined, click the Add button and create one.

Phone Pattern: ^([0-9]{7})$

Translation: +1403$1

Here the 403 is my area code.

4. Under the Locations Profiles tab click the Add a Location

5. Right Click on the OCS Pool and choose Front End Properties

6. Choose Voice, Location Profile, select the Location Profile you just created as the default location.