Configuring the Server
After
the server software has been installed, OCS services are not started by
default. Instead, the Deployment Wizard encourages administrators to
configure certain settings first before doing so. To configure these
settings, follow this procedure:
1. | From the Deployment Wizard, click Run under Step 2 (Configure Server).
| 2. | Click Next at the welcome screen.
| 3. | Select the appropriate pool from the drop-down list shown in Figure 13, and click Next to continue.
| 4. | If
any additional SIP domains are needed in the environment, enter them in
the subsequent dialog box. If not, accept the default of the domain
name (for example, corp-events.com), and click Next.
| 5. | Under Client Logon Settings, select that all clients will use DNS SRV records for auto logon, and click Next to continue.
| 6. | Check the domain or domains that will be used for SIP automatic logon, such as that shown in Figure 14, and click Next to continue.
| 7. | In
the External User Access Configuration dialog box, select to not
configure external user access now. External user access can be
configured at a later date from the Admin tool. Click Next to continue.
| 8. | Click Next at the Verification dialog box.
| 9. | Click Finish.
|
Configuring Certificates for OCS
Communications to and
from the OCS server should ideally be encrypted and the user should also
be able to trust that they are actually accessing the server that they
expect. For this reason, Microsoft made it part of the installation
process to install certificates onto the OCS server. To start the
process of installing a certificate on the server, perform the following
steps:
1. | From the Deployment Wizard, click Run under Step 3 (Configure Certificate).
| 2. | Click Next at the welcome screen.
| 3. | From the list of available tasks, shown in Figure 15, select Create a New Certificate, and click Next.
| 4. | Select Send the Request Immediately to an Online Certification Authority, and click Next to continue.
Note
This step assumes that a
trusted Windows Enterprise certificate authority exists in the
organization. If not, the request must be sent to a globally trusted
third-party certificate authority.
| 5. | Type
a descriptive name for the certificate; leave the bit length at 1024
and the certificate as exportable but select Include client EKU in the
certificate request, and click Next to continue.
| 6. | Enter the organization and OU of your organization. It should exactly match what is on file with the CA. Click Next to continue.
| 7. | At
the Your Server’s Subject Name dialog box, enter the subject name of
the server (FQDN in which it will be accessed), such as that shown in Figure 16.
Enter any subject alternate names as well, such as sip.domain.com and
sipinternal.domain.com. It is recommended to check Automatically Add
Local Machine Name to Subject Alt Name check box. Click Next to
continue.
| 8. | Enter
the appropriate country, state, and city information into the
Geographical Information dialog box, bearing in mind that abbreviations
cannot be used. Click Next to continue.
| 9. | Select the local CA from the drop-down list, and click Next to continue.
| 10. | Click Next at the Verification dialog box.
| 11. | In the Success dialog box, click Assign certificate immediately; click Next.
| 12. | Click Next to acknowledge that the settings were applied.
| 13. | Click Finish to exit the wizard.
| 14. | Next, assign the certificate in IIS using the IIS Manager Console.
|
After the certificate is installed, check to make sure that the changes have replicated.
|
