People Communicate

Microsoft Unified Communications Blog

Monthly Archives: December 2010

CCM 6 + CUPS + OCS 2007 integration notes:

I would like to summarize the integration notes for the above configuration, kindly find below the latest notes for OCS/CUP integration:

  1. To have CCM/OCS integration you will need to have a SIP trunk between the Mediation server GW facing NIC and the CCM, otherwise it will not work (calls will get service unavailable errors).
  2. To have Voice-mail auto redirection (a phone missed called redirected directly to the extension’s Voice mail) you will have to enable caller-ID on the SIP trunk, otherwise the user will get an auto-attendant.
  3. For Auto-attendant feature in Exchange, just create a new auto-attendant as voice enabled, assign an extension and create an Extension routing rule on the CCM to redirect the call to the Exchange feature and it will work.
  4. To do presence integration you will need CUPS in-place, we didn’t have the time to test that.
  5. Feature that has been tested successfully:
  • PC to phone calls
  • Phone to PC calls.
  • Dual forking (from calls coming from OC).
  • Multi-group conferencing (OC – Phone – phone).
  • Voice mail and missed call notification.
  • Call forwarding to phone, PC and VM.
  • OVA

Inbound/outbound faxing option with Cisco CM and OCS 2007

I have been asking a lot of MS and Cisco folks about the options of inbound and outbound faxing with Exchange 2007 UM and Cisco CM also known as CCM, I didn’t have a clear answer so I tried to figure it out, please keep in mind that the below lines doesn’t hold any official responses neither from MS nor from Cisco.

Let us summarize what we want to do:

  • Outbound faxing, meaning that the user will send an email to whatever server then it is sent as a fax to its destination.
  • Inbound fax, meaning that a sender send a fax to a user, the user gets the fax in his mailbox and open it using the outlook.

Pretty simple but hard to achieve, why, well I believe that this problem occur because Microsoft folks are not focusing in this part “looks like the R2 will have something to bring”, and Cisco is not playing fair with MS since they don’t let their technology work with MS specially in this part.

Let us design a simple design for inbound faxing:

The problem that we want to deliver the fax to the user’s mailbox, we will have UM and typically OCS, to achieve those 2 things has to be known:

  • Users’ external extension which must be unique.
  • Users’ email address.

The exchange 2007 UM server can intercept the fax signal and deliver the message correctly to the user’s mailbox, the problem that it doesn’t work fine with CCM, although that Microsoft inbound faxing relies on using t.38, Cisco uses t.38 as well but Cisco’s implementation relies on UDP while Microsoft relies on what…yes TCP and there is no way to change any of them to the other protocol.

So using t.38 while a Cisco voice GW inplace is not possible, so we will have to let the UM server intercept the fax signal and tries to do the job by enabling EnableInbandFaxDetection, I tried it with CCM 4.3 but it didn’t work “I will upgrade mine within 2 weeks to CCM6 so I shall give you what it does with CCM 6”.

So what is the available option, I believe that onramp

And trying to deliver the fax either to a shared mailbox or specifically to the user.

Note: you can deliver the message directly to the user by configuring you DID distribution to be as following for example: suppose that you have xxxx5000 up to xxxx5100 as DID, so distribute odd numbers for users direct phone and even numbers for direct fax.

Configuring such a configuration poses a real challenge for organizations with large number of employees, but configuring a single extension for everything in the world relies on CCM to talk to Exchange server nicely.

For outbound faxing, Exchange UM doesn’t support using outbound faxing, but if you have Cisco GW inplace you can use offramp faxing, I didn’t go into designing it since I am waiting for my CCM6 boxes, once they are here I will post an update about if anything make any feature works, and about offramp design and implementation.

Restricted OCS Deployment ports requirements and firewall rules details

Here you can find a detailed table for ports requirements and firewall configuration for restricted OCS deployments.

The difference in this table that we have detailed as much as we can the different communication ports and firewall requirements for all of the segmented including internet, internal and enterprise voice communications.

We also detailed the ports and communication paths so it can be reader-friendly for the Security/Firewall engineers.

The wiki assumes that servers are deployed in the same VLAN and separated by a very restricted firewall configuration, Edge is deployed in the DMZ and again restricted firewall configuration is required.

Currently the document still being reviewed, but if you are interested in following it you will find it on the wiki, here

We will be publishing another one for Lync as well linked to the wiki and we will validate the wiki this week at a customer location and we will publish the updates later.


Office Communicator cannot place calls to the Exchange Unified Messaging Auto Attendant

Over the past 1 minutes Office Communications Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0×80090322

In OCS 2007 R2 you might get the following error:

TLS outgoing connection failures.

Over the past 1 minute Office Communications Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0×80090322 (The target principal name is incorrect.) while trying to connect to the host “serer FQDN”.

Where Wrong principal error could happen if the peer presents a certificate whose subject name does not match the peer name. Certificate root not trusted error could happen if the peer certificate was issued by remote CA that is not trusted by the local machine.


For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the computer.


This is mainly because of wrong certificate names, validate that edge and OCS front end have the correct FQDN (((Recently I found that FQDN configured in the OCS 2007 R2 Administrative console on Edge and on the front End is case sensitive and has to match the server FQDN and the Certificate FQDN letter cases so make sure that you have the FQDN has the correct letter cases so is not like

Poor OCS voice quality with Dell 760 onboard NIC

Well if you don’t know then it has been on the forums, some users complained from poor voice quality (OCS displays poor network quality), this has been reported with the onboard NIC, once changing the NIC problem solved.

This issue is with Windows XP, looks like something is wrong with the driver.

OCS DNS and Certificate Calculator

You can use the attached excel sheet, the input is the following:

– Internal DNS name.

– External DNS name.

– Servers names and External Host records for individual services like (the host records name that will be used for web conferencing…etc).

The output is in 2 sheets, 1 sheet includes all of the external and internal DNS names, where they should be created and what is their configuration.

The other is the list of the certificates, and if they should be internal or external and what is their common name at SANs.


DNS and Certificate Calculator for Exchange 2007/2010 and OCS 2007 R2

This is the Calculator where you can use this calculator to create a single certificate that can be used by Exchange and OCS, including Edge, FE, CWA and CAS servers.

You can get it from here: OCS-DNS-Certificate-calculator-V1.4

Cannot login to CWA, clock synchronization error

If you cannot login to CWA and you get an error that the clock is not synchronized then probably you are using a SIP domain that is different than your internal domain name, please make sure to add the http
SPN to your CWA account in the form

Communicator cannot be used for groups with more than 100 members

You might receive this message in OCS 2007 Client when you try to expand a group in OC.

First you have to know that OCS client is hard coded with a maximum of 150 members to display, if you want users to display more than the default 100 limit then create the following client side policy and restart the OCS Client.

Open Registry then go to: HKLM\Software\Policies\Microsoft\Communicator\ then Create a Key: MaxDLExpansion (DWORD) and type 150 as the value.

More KBs: