OCS MobileStatus Installation and Configuration Guide

OCS MobileStatus Installation and Configuration Guide Release 2.5 OCS MobileStatus Installation and Configuration Guide, 2.5 2012-12-04 Page 1 of 40 BluePosition ApS - SCION-DTU - Diplomvej 376-2800 Lyngby - Tlf.: +45 70 20 65 25 - www.blueposition.com

Contents Release Notes... 3 Introduction... 4 How it works... 4 Active Directory Integration... 4 Licensing... 5 System requirements... 5 Deploying OCS MobileStatus... 6 Upgrading... 6 Deploying for Office Communications Server 2007 R2... 7 Installation of pre-requisites... 7 Installation of the program files... 7 Certificates... 8 Deploying for Lync Server 2010 and 2013... 19 Installing pre-requisites... 19 Management Store Replication... 20 Request a certificate... 21 Create a trusted application... 21 Installation of the program files... 22 OCS MobileStatus Configuration... 23 Connections... 23 E-mail... 25 Other... 26 Privacy... 28 Testing the installation... 30 Running OCS MobileStatus... 31 Running as a service... 31 Troubleshooting... 32 Pre-requisites missing... 32 Active Directory communication... 32 Certificate problems... 32 Office Communications Server timeouts... 33 Lync provisioning... 33 Appendix A: OCS MobileStatus settings... 35 Appendix B: Log configuration... 39 Document version 2.5, 2012-12-04 Page 2 of 40

Release Notes There are no known issues in the 2.5 release of OCS MobileStatus. The 2.5 release enhances support for Microsoft Lync Server 2013. Document version 2.5, 2012-12-04 Page 3 of 40

Introduction OCS MobileStatus enriches the presence information in Office Communications Server and Lync Server with information about mobile phone availability. Using information sent by the mobile network operator to your network, OCS MobileStatus and MobileStatus Server will publish presence into your Office Communications Server or Lync Server environments for all enabled users. This document describes the installation and configuration of the OCS MobileStatus software. How it works The network operator pushes mobile phone availability information to the MobileStatus Server. The MobileStatus Server may be located in your DMZ or elsewhere in your network infrastructure. The OCS MobileStatus application connects to the MobileStatus Server to receive the mobile phone availability information. The server running OCS MobileStatus must be part the of the Active Directory domain where your user accounts are located. Whenever a mobile phone availability update is received from your operator, OCS MobileStatus will look up which user owns the given mobile phone, and then change the user s availability in the Office Communications or Lync Server environments. Active Directory Integration Office Communications and Lync Server users are linked to the mobile phone numbers using the telephone number fields in the Active Directory user properties. When OCS MobileStatus starts, or during a scheduled reload, it will read all users which are OCS/Lync enabled (have a SIP URI), and which have at least one phone number from the Active Directory. The users who should have their status updated can be selected using the configuration program. The user objects in the specified Active Directory Organizational Units, Groups or dynamic distribution lists are used if they have a SIP URI and they have at least one phone number configured. Additionally, a user Document version 2.5, 2012-12-04 Page 4 of 40

can be excluded if the user object s Description field (on the Telephones tab of the User properties in Active Directory Users and Computers ) contains the string No OCSMS. Licensing The OCS MobileStatus use license is based on the number of users for which the mobile phone availability is set in the Office Communications Server environment. The users are counted only if a status update is received for one of the numbers. If there are OCS/Lync enabled users which should not have their mobile phone availability published to the Office Communications Server/Lync environment, you must mark them as such by entering No OCSMS in the Description field of the user object properties. The user count is reported to the license web service via the internet. If OCS MobileStatus cannot reach the license server, it will not be able to function. OCS MobileStatus requires a license key to run, and will not start without it. System requirements The following requirements must be met before using OCS MobileStatus on a server: 2,8 GHz Dual-Core 64-bit CPU (32-bit possible only for Office Communications Server 2007 R2) 200 MB available disk space 1 GB RAM (add 1 GB for each 5000 users) Domain membership Windows Server 2003 (only for Office Communications Server 2007 R2) Windows Server 2008 or Windows Server 2008 R2 (Server Core role is not supported, 2008 R2 SP1 required for Lync Server 2013) Windows Server 2012 (only for Lync Server 2013) Office Communications Server 2007 R2 or Lync Server 2013 or 2013 in the domain Microsoft.Net Framework: o For OCS 2007 R2 and Lync Server 2010:.Net Framework 3.5 o For Lync Server 2013:.Net Framework 4.0 Note: The Microsoft Unified Communications Managed API for Office Communications Server 2007 R2 cannot be installed on a server that has the Microsoft.Net Framework 4 installed. To install the UCMA API for OCS 2007 R2 on a server with the.net Framework version 4 first uninstall the.net Framework, and then re-install it after installing the UCMA API for OCS 2007 R2. Document version 2.5, 2012-12-04 Page 5 of 40

Deploying OCS MobileStatus Due to the different provisioning methods and API versions, the deployment of OCS MobileStatus differs depending on whether the software is used with Office Communications Server 2007 R2 or Lync Server. Note that the software for Office Communications Server 2007 R2 and for Lync Server is not the same. Make sure that you have downloaded the correct version of OCS MobileStatus. In short, the deployment of the OCS Mobile Status application requires four steps: 1. Installation of pre-requisites 2. Installation of the program files 3. Creating and installing a certificate 4. Configuring the program The steps are outlined in the following chapters. The final chapter covers troubleshooting. Upgrading To upgrade OCS MobileStatus from a previous version, simply run the new version s installation program. It is not possible to upgrade from Office Communications Server 2007 R2 version to the Lync Server version, or between Lync Server versions in place. The pre-requisite Microsoft UCMA API versions for Office Communications Server 2007 R2, Lync Server 2010, and Lync Server 2013 cannot be installed on the same server. Upgrading between from OCS or Lync Server 2010 should therefore be done on a new server. After installing the upgraded version, the old version should be uninstalled, and the server should be removed from the OCS/Lync topology. Document version 2.5, 2012-12-04 Page 6 of 40

Deploying for Office Communications Server 2007 R2 Installation of pre-requisites These pre-requisite software packages need to be installed before OCS Mobile Status can run. OCSCore.msi.NET Framework 3.5 Service Pack 1 Visual C++ 2008 Redistributable Package Microsoft Unified Communications Managed API 2.0 Core Redistributable (UcmaRedist.msi) The installer automatically installs the Visual C++ 2008 redistributable package as well as the UCMA core redistributable. The computer running OCS MobileStatus must also have a certificate to communicate with the Office Communications Server infrastructure using TLS encrypted connections. The certificate must be trusted by the server with which the OCS MobileStatus application communicates, and the root certificate authority used to sign the server s certificate must also be installed on the computer running OCS MobileStatus. The Office Communications Server certificate creation and assignment process is described in the chapter Certificates on page 8. Requirements note An application such as OCS MobileStatus which is based on the UCMA 2.0 Core SDK must be provisioned by Microsoft Office Communications Server 2007 R2. The administrator for the computer on which the application is deployed must ensure that Microsoft Office Communications Server 2007 R2, Core Components (OCSCore.msi) is present for successful provisioning before deploying the application, and must ensure that Office Communications Server 2007 Administrative Tools (AdminTools.msi) is installed on the deployment computer. OCSCore.msi does not have a redistribution license and is installed when the Office Communications Server 2007 R2 Administrative Tools are installed. The OCSCore.msi is installed as part of the Office Communications Server 2007 R2 management tools, but can also be installed separately using the MSI file located on the Office Communications Server 2007 R2 media. If you install Office Communications Server 2007 R2 Administrative Tools through the Office Communications Server deployment user interface, all of the following pre-requisites are installed automatically: Visual C++ 2008 Redistributable,.NET 3.5 SP1, and OCSCore.msi. Installation of the program files OCS MobileStatus is installed using the installation program. The installation program will also check for necessary pre-requisites, and will install the required Microsoft Visual C++ 2008 and UCMA Core Redistributable packages. After the installation program has finished copying files, it is possible to start the OCS MobileStatus Configuration program. It is recommended that you start the Configuration program to configure the OCS MobileStatus settings. Document version 2.5, 2012-12-04 Page 7 of 40

Certificates The communication between OCS MobileStatus and the Office Communications Server infrastructure is encrypted using Transport Layer Security (TLS). TLS requires certificates to validate server identity and perform the encryption. This means that the server running OCS MobileStatus must have a certificate which is trusted by the Office Communications Server infrastructure, and the Office Communications Server with which the OCS MobileStatus communicates must have a certificate which is trusted on the computer that runs OCS MobileStatus. If OCS MobileStatus is installed on the same computer as the Office Communications Server with which it communicates, the necessary certificates are normally already generated and installed during the Office Communications Server deployment. In that case it is normally not required to create a separate certificate for OCS MobileStatus. A certificate must be generated if OCS MobileStatus is running on a different computer. Depending on the organization s Public Key Infrastructure, the actual procedure may vary. The procedures required for a regular installation are described in this chapter. Create a certificate for OCS MobileStatus Creating a certificate for the computer which is running OCS MobileStatus is done from within the Office Communications Server management tool. When the tool has been started, right-click on a server in the Office Communications Server pool. Select Certificates in the pop-up menu to display the certificate wizard. Document version 2.5, 2012-12-04 Page 8 of 40

In the first step of the wizard called Available Certificate Tasks, select Create a new certificate and click [Next]. Select Send the request immediately to an online certification authority and click [Next]. Enter a name for the certificate, for example the fully qualified domain name of the computer running OCS MobileStatus. Verify that the Mark cert as exportable check box is checked, and click [Next]. Document version 2.5, 2012-12-04 Page 9 of 40

Enter information about your organization into the fields in the Organization Information step of the certificate wizard and click [Next]. The Subject name of the certificate must be the fully qualified domain name of the computer running OCS MobileStatus. Since the name of the local computer (the Office Communications Server computer) is not part of the certificate, the wizard will present a warning. Click [Yes] to acknowledge and continue the wizard. Document version 2.5, 2012-12-04 Page 10 of 40

In the Geographical Information tab it is necessary to enter information about Country, State/Province and City/Locality. Enter the information and click [Next]. The wizard has gathered enough information to create send the certificate request to a certificate authority. In an Office Communications Server environment there must be a certificate authority. Select the CA from the list and click [Next]. Finally, you need to confirm the certificate request. Verify that the information is correct and click [Next] to request the certificate from the certificate authority. Document version 2.5, 2012-12-04 Page 11 of 40

When the certificate is created, you must NOT assign it to the Office Communications Server, but instead select Assign certificate later and click [Next]. If you accidentally choose Assign certificate immediately, you will assign an incorrect certificate to the Office Communications server itself. If you accidentally do this restart the wizard and select Assign an existing certificate in the first step. Then select the correct certificate for the server. At this point the certificate has been created and it is now necessary to export it from the Office Communications Server computer so it can be imported on the computer running OCS MobileStatus. Exporting the certificate You must install the certificate on the computer running OCS MobileStatus. But first it must be exported from the computer running Office Communications Server where you created the certificate earlier. To export the certificate, start the Office Communications Server certificate wizard again. This is done by right-clicking a server in the Office Communications Server pool and selecting Certificates. Document version 2.5, 2012-12-04 Page 12 of 40

In the first step of the wizard select Export a certificate to a.pfx file and click [Next]. Select the certificate which was created earlier and click [Next]. Enter a path to the filename where the certificate should be stored. Check the Include all certificates in the certification path if possible checkbox and click [Next]. Document version 2.5, 2012-12-04 Page 13 of 40

Since the certificate contains a private key, you must enter a password to protect it. Use a strong password. Click [Next] after entering the password to export the certificate to a file. When the certificate has been exported to a file, you need to copy that file to the computer running OCS MobileStatus. The certificate must be installed on that computer. Installing a certificate The certificate used for communicating with Office Communications Server must be placed in the Machine certificate store on the computer running OCS MobileStatus. Importing certificates is a straight forward process, but the Windows Certificate tool does not have a start menu item. It is necessary to start the Microsoft Management Console and add the Certificates snap-in to have a user interface for importing certificates to the Machine certificate store. Start the Microsoft Management Console by entering mmc in the Start -> Run window and clicking [OK]. The Certificates snap-in must be added to the Microsoft Management Console. Click File -> Add/Remove Snap-in to open the Add/Remove Snap-in window. Document version 2.5, 2012-12-04 Page 14 of 40

Select the Certificates snap-in and click [Add]. Since the certificate must be added to the Machine certificate store, select Computer account and click [Next]. Choose Local computer as this is the computer where the certificate needs to be imported. Click [Finish] to add the snap-in. Back in the Add or Remove Snap-ins window click [OK] to close it and return to the Microsoft Management Console main window. Document version 2.5, 2012-12-04 Page 15 of 40

Next, expand the Certificates tree and select Personal to choose the correct certificate store. Then open the Action menu and select All Tasks -> Import to start the certificate import wizard. Enter the file name or browse to the location of the certificate.pfx file and click [Next] to choose the certificate. Document version 2.5, 2012-12-04 Page 16 of 40

You must enter the password for the certificate and make sure that Include all extended properties is checked before clicking [Next]. Then select Place all certificates in the following store and select the Personal store before clicking [Next]. Finally verify the selected certificate and import settings before clicking [Finish] to perform the certificate import. Document version 2.5, 2012-12-04 Page 17 of 40

After you have imported the certificate it will appear in the Management Console along with the certificate of the Certification Authority which was used to generate the certificate. The certificate import process is now complete, and you can close the Microsoft Management Console window. Document version 2.5, 2012-12-04 Page 18 of 40

Deploying for Lync Server 2010 and 2013 Deploying applications in the Lync environment is radically different than with Office Communications Server 2007 R2. The changes benefit load balancing and enable other improvements possible with Lync Server 2010 and newer To deploy OCS MobileStatus in a Lync server environment, it is necessary to install Lync server prerequisites and use the Lync Server management shell to provision the OCS MobileStatus software. Installing pre-requisites OCS MobileStatus for Lync uses dynamic provisioning to connect to the Lync server environment. This requires that the server where OCS MobileStatus is run must have a replica of the Lync Central Management store. This requires the Lync Unified Communications API Runtime (UCMA). For Lync 2010 it is called UCMA 3.0 and for Lync 2013 it is called UCMA 4.0. UCMA 3.0 for Lync Server 2010 can be downloaded from the Microsoft downloads site. Lync Server 2013 / UCMA 4.0 has some pre-requisite software which must be installed first: Windows Desktop Experience feature which is required by UCMA 4.0 (using Add Features in the Server Manager). Windows Identity Foundation. On Windows Server 2012 this can be installed using the Add Roles and Features wizard, on Windows Server 2008 R2 this must be downloaded from Microsoft. PowerShell 3.0. Download from Microsoft and install it. Search for Windows Management Framework 3.0 on the Microsoft Downloads site. After installing the special pre-requisites, install the Unified Communications Managed API 4.0 Runtime which can also be downloaded from microsoft.com. When the UCMA 3.0 or 4.0 runtime is installed, it is necessary to install the OCSCore.msi package to provide the necessary management tools. The UCMA runtime installer places OCSCore.msi in a folder located in c:\programdata. The C:\ProgramData is a hidden folder, so you should make Windows Explorer show hidden files before you can navigate to it. You can also write the full path of the folder below to the Windows Run dialog: %programdata%\microsoft\lync Server\Deployment\cache The cache folder contains a subfolder which is named after the UCMA version you have installed. It can be 4.0.7577.0 or 5.0.8132.0 or something different. Open the folder and the Setup folder located in it. From there you can run OCSCore.msi to install the core Lync components. The OCSCore will install the Lync UCMA setup bootstrapper in C:\Program Files. Now run either Document version 2.5, 2012-12-04 Page 19 of 40

C:\Program files\microsoft Lync Server 2010\Deployment\Bootstrapper.exe /BootstrapLocalMgmt /MinCache or C:\Program files\microsoft Lync Server 2013\Deployment\Bootstrapper.exe /BootstrapLocalMgmt /MinCache depending on your Lync version. This will install the last Lync pre-requisites. Management Store Replication OCS MobileStatus uses a feature which was introduced in Lync Server 2010 called dynamic provisioning. Dynamic provisioning enables applications such as OCS MobileStatus to have their Lync configuration updated when the Lync topology changes. To be able to use dynamic provisioning, the application server running OCS MobileStatus must have a replica of the Lync management store. The next steps are necessary to create this replica. To enable the management store replication run these commands in the Lync Server Management Shell 1 on the server where OCS MobileStatus should run: Set-Service Replica -StartupType Automatic Start-Service Replica Enable-CSReplica The next step is to add the server which should run OCS MobileStatus for Lync as an application server in the Lync topology: New-CsTrustedApplicationPool -Identity ocsmobilestatusserver.example.com - Registrar frontendserver.example.com -Site SiteId -ComputerFqdn ocsmobilestatusserver.example.com Replace the identity, front end server, Site Id, and server FQDN with names which apply to the current Lync environment. The ComputerFQDN parameter is the hostname of the server where OCS MobileStatus will be installed. The SiteId parameter can be retrieved using the PowerShell command Get-CSSite. If there is only one site in the Lync environment, the SiteId is 1. To enable the topology change and force the management store replication run: Enable-CSTopology Invoke-CsManagementStoreReplication The replication should take about five minutes, but time may vary depending on the size of the Lync environment. The replication status can be monitored using Get-CsManagementStoreReplicationStatus -ReplicaFqdn ocsmobilestatusserver.example.com 1 The management shell can be found in the Start menu in the Lync Server folder. Document version 2.5, 2012-12-04 Page 20 of 40

When the UpToDate field says True instead of False, the replication is complete. Request a certificate Communication between OCS MobileStatus and the Lync server is encrypted with Transport Layer Security. TLS encryption requires that both sides in a communication link have mutually trusted certificates. The Lync CS PowerShell has two cmdlets which are used to request and assign a certificate to the server running OCS MobileStatus. It is necessary to start the Lync Server Management Shell as administrator to have the required permissions for the certificate management cmdlets. First request a certificate from the Active Directory Certificate Authority: Request-CsCertificate -New -Type Default -CA dc.example.com\exampleca This command will connect to the Certificate Authority called ExampleCA on the Domain Controller called dc.example.com and request a new certificate to be created. Replace the names with values from your environment. 2 If successful, the command will return a new certificate. Note the certificate Thumbprint, it will be used in the next command. The certificate is now created. Before it can be used, it must be assigned to the server. This is done with the Set-CsCertificate cmdlet: Set-CsCertificate -Type Default -Thumbprint <certificate thumbprint> Use the Thumbprint displayed when you ran the Request-CsCertificate cmdlet. With the certificate created and assigned, the final step in the Lync configuration is to create a trusted application object in the topology. Create a trusted application The final step in the Lync deployment is creating a trusted application in the Lync topology. New-CsTrustedApplication -ApplicationId OCSMobileStatus -TrustedApplicationPoolFqdn appserver01.example.com -Port 45871 The TrustedApplicationPoolFqdn should be the name of the server where OCS MobileStatus is installed. The Port number is the TCP port where the Lync server(s) will connect back to OCS MobileStatus. It may be changed if desired. The ApplicationId is part of the unique identifier which OCS MobileStatus uses to discover the dynamic provisioning information, and it must not be changed. To enable the last change, run Enable-CsTopology again. 2 Active Directory certificate authority names can be retrieved using certutil -ADCA Document version 2.5, 2012-12-04 Page 21 of 40

When all the above steps are complete, you can continue installing and configuring the OCS MobileStatus for Lync software. Installation of the program files OCS MobileStatus is installed using the installation program. The Lync edition will not check for the prerequisites and may be installed before or after running the above Lync specific deployment. After the installation program has finished copying files, it is possible to start the OCS MobileStatus Configuration program. It is recommended that you start the Configuration program to configure the OCS MobileStatus settings. If you have not completed the Lync configuration as described above you will receive errors when starting the OCS MobileStatus service. Document version 2.5, 2012-12-04 Page 22 of 40

OCS MobileStatus Configuration All settings used by OCS MobileStatus can be defined in the OCS MobileStatus Configuration program. The Configuration program can also be used to control the OCS MobileStatus Windows service. The settings are divided into four tabs: Connections E-mail Other Privacy The settings in the Connections tab relate to OCS MobileStatus connectivity to the Office Communications Server environment and the MobileStatus Server. The settings in the E-mail tab are used for e-mail alerting in case of fatal errors and warning messages in the OCS MobileStatus application. The settings in the Other tab are for advanced configuration and inputting the License key. It is possible to define working hours, and choose privacy related settings in the Privacy tab. When you have changed configuration settings, you must save the settings by clicking the Save button. Changes do not take effect before they are saved and the OCS MobileStatus service or console applications have been restarted. Connections The settings on the Connections tab vary depending on the installed version of OCS MobileStatus. For communication with Office Communications Server 2007 R2 there are a number of configuration settings which are required. For communication with a Lync Server environment, the only required setting on the Connections tab is the hostname or IP address of the MobileStatus Server. The Lync Server address is not required if the environment is configured for Lync server autodiscovery. If it isn t, then the address of the Lync Server frontend with which OCS MobileStatus should initiate communication must be entered. All other settings which are present in the screenshots below are only relevant for communication with OCS 2007 R2, and are replaced by the dynamic provisioning described in the chapter Deploying for Lync Server 2010 and 2013 on page on page 19. Document version 2.5, 2012-12-04 Page 23 of 40

MobileStatus Server Server FQDN / IP The hostname or IP address of the server where MobileStatus Server is installed. Office Communications Server 3 Server / pool FQDN OCS TLS Port OCS application port Local hostname GRUU The fully qualified domain name of the Office Communications Server or server pool to which OCS MobileStatus should connect. The list is populated from your OCS environment. The TCP port number which OCS MobileStatus can use to connect to your OCS environment. The OCS connection is TLS encrypted. Default port is 5061. The TCP port where the OCS environment will contact OCS MobileStatus. Default port is 45871. The hostname of the computer running OCS MobileStatus. The hostname entered must be in a form which can be resolved by the OCS environment. If you click the Default button, the machines local hostname is used. The Globally Routable UA URI which is generated when creating a trusted service entry. Click Create to generate the trusted service 3 These parameters are not present in the Lync Server version of OCS MobileStatus Document version 2.5, 2012-12-04 Page 24 of 40

Certificate 3 entry and GRUU. Note that you must have domain administrative privileges to be able to create the GRUU. Certificate subject and serial number OCS MobileStatus communicates with the OCS environment using TLS which requires a certificate. The certificate can be selected from a list of installed machine certificates by clicking Select. To create and install a certificate which can be used by OCS MobileStatus see Certificates on page 8. E-mail OCS MobileStatus can send e-mails to configured addresses in case of errors and warnings which have impact on the function of OCS MobileStatus. To enable e-mail alerts, configure the settings related to the e- mail server, From address and To addresses. E-mail alerting E-mail alerting enabled SMTP server From address OCS MobileStatus will send alerts about warnings and fatal errors using the settings configured here if this option is checked. The SMTP server to use when sending alert e-mails. The sender e-mail address of the alert e-mails. Document version 2.5, 2012-12-04 Page 25 of 40

To addresses Enter a semi-colon separated list of e-mail addresses which should receive the e-mail alerts. It is possible to test the E-mail alert settings by clicking the Test button. This will make OCS MobileStatus Configuration attempt to send an e-mail using the entered values. If your server requires login or other advanced settings, these can be set in the lower part of the window. Advanced e-mail options Username Password Use SSL for SMTP The username to use if the SMTP server requires login. If a username is configured, the e-mail alerting system will attempt to log on to the SMTP server. The password to use when the SMTP server requires login. Enable this option if the server uses SSL encryption. Port The SMTP server's port number. Default is 25. Other The settings on the Other tab are used for advanced configuration as well as the License key information. Active Directory Active Directory Import root path When importing users for which OCS MobileStatus should set the presence, it will automatically search for enabled uses in the Active Directory. If you would like OCS MobileStatus to not use the entire Document version 2.5, 2012-12-04 Page 26 of 40

Active Directory when importing, you can select specific organization units (folders) in the Active Directory, or choose groups or Exchange dynamic distribution lists which contain the users you want imported. If you choose an organizational unit, it sub-ous will also be imported. You can choose more than one group or OU. Users are imported if their accounts are placed in those OUs (or sub-ous), or if they are members of groups selected or if the group objects are placed in a selected OU. Country code Import interval When OCS MobileStatus receives a status update from the mobile phone network, the phone numbers are received with a country code. If the user phone numbers in the Active Directory are not configured with a country code, you must enter a country code prefix, so the numbers match. The country code prefix must be entered with +, e.g. +47 for Norway. Select a periodic update interval to determine how often OCS MobileStatus should check for updates in the Active Directory. Advanced Settings OCS Busy text OCS Busy value OCS Off text OCS Off value The text to be displayed next to users in Office Communicator and other client applications when the user s mobile phone is busy. Default is Mobile phone busy. The OCS availability value to be set when a user s mobile phone is busy. This should be a value close to 6500, as the value will determine the color of the icon next to the user when the user s mobile phone is busy. Default is 6499. The text to be displayed next to users in Office Communicator and other client applications when the user s mobile phone is off or has roamed to a network where your operator cannot get mobile phone availability information. Default is Mobile phone off. The OCS availability value to be set when a user s mobile phone is off. This should be a value less than 6500, as the value will determine the color of the icon next to the user when the user s mobile phone is off. Default is 3500. Values higher will change the color of the status gumball of the user. License key Document version 2.5, 2012-12-04 Page 27 of 40

Company name License Key Enter the company name exactly as typed in your license key information. Enter the license key exactly as typed in your license key information. The license key information can be validated by clicking the Check button. This will contact the license server to check your input. Active Directory integration OCS MobileStatus will import Active Directory users where the following conditions are met: 1. User has a SIP URI (is Lync/OCS enabled). 2. The Notes field does not contain No OCSMS. 3. The user has a phone number defined in one or more of these fields: Mobile Telephone IP Phone Pager Home Telephone By default, OCS MobileStatus will import all user objects in the entire Active Directory where the above conditions are met. If you want to limit the user accounts which are imported, it is possible to define which organizational units OCS MobileStatus should search for users, or which groups or Exchange dynamic distribution list should be used. Users which are members of a group which is located in a selected OU will also be imported. Privacy The settings in the Privacy tab enable you to choose the interval in which you want status updated, or disallow status updates for offline users. Document version 2.5, 2012-12-04 Page 28 of 40

Privacy Settings Publish presence while user is offline When checked, the presence is updated even if the user is offline in Office Communicator or Lync (or other clients such as Communicator Web Access, Office Communicator Phone Edition etc.). When unchecked, the mobile phone busy state will not be set while a user is offline. If the user is busy when he/she goes offline, the busy state will be cleared when the phone call ends. For this setting to work properly, OCS MobileStatus must be able to get status updates from OCS/Lync (i.e. incoming port 45871 must be opened in the firewall configuration). In addition, in some circumstances, OCS MobileStatus is not informed of an offline state by OCS/Lync until the user has changed state at least once after startup. The setting is checked by default. Only publish presence in working hours When checked, the working hours below dictate when user status is updated based on the mobile phone status. If a user is busy when the working hours end, the busy state will be cleared when the phone call ends. If a user is busy when the working hours start, no change will occur until the next phone call is established. This setting is unchecked by default. Working Hours You can define the hours of business for each weekday. If a specific weekday should be open at all hours, use 00:00 as starting time and 23:59 as ending time. If a specific weekday should be closed at all hours, use the same starting and ending time, e.g. 00:00 as in the example above. The working hours settings are only used if you checked the setting above. Document version 2.5, 2012-12-04 Page 29 of 40

Testing the installation To test the configuration settings and the proper functioning of OCS MobileStatus it is possible to run the program as a console application. On startup it will establish contact with the Office Communications or Lync Server and the MobileStatus Server. When connection to both has been established, it will begin to handle incoming mobile phone status updates. To verify that configuration settings are correct, run the OCS MobileStatus Console application and verify that it can connect to both the MobileStatus Server and the Office Communications or Lync Server. Also verify that when a mobile phone for a configured user changes state, the user should have his or her presence information updated in Office Communicator or the Lync client. Note that if you run the OCS MobileStatus Console application on Windows 2008 it must run with administrative privileges to be able to access the certificate. To run OCS MobileStatus as a command line application, you can start it by double-clicking it from the program installation folder (default is C:\Program Files\OCS MobileStatus). The program is named OCSMobileStatusConsole.exe. Document version 2.5, 2012-12-04 Page 30 of 40

Running OCS MobileStatus OCS MobileStatus is available as both a Windows command line application and a Windows Service. The service can run unattended, and automatically start when Windows starts, but the command line application is better for debugging configuration issues. To run OCS MobileStatus as a command line application, you can start it by double-clicking it from the program installation folder (default is C:\Program Files\OCS MobileStatus). The program is named OCSMobileStatusConsole.exe. (If the server is running Windows 2008, the OCS MobileStatus Console application needs to be run with administrative privileges to give it access to the Machine certificate store). The installation program configures the Windows Service, but does not start it automatically, as it will not run without the necessary configuration settings. The service is configured to start automatically when Windows starts. When you have verified that the configuration settings are correct using the command line application, you should use the OCS MobileStatus Windows Service to run OCS MobileStatus in a production environment. Running as a service You can start the OCS MobileStatus service using the Configuration program. To start the service, open the Service page in the configuration program and click the Start button. If you make changes to the configuration settings, it is required to restart the service. You can stop the OCS MobileStatus using the Stop button on the Service page in the configuration program. If the service starts and does not stop immediately, it is working properly and connected to both the Office Communications Server and the MobileStatus Server. If the service stops unexpectedly, look in the Windows Event Viewer Application log for the cause, and use the command line application to check for problems. Document version 2.5, 2012-12-04 Page 31 of 40

Troubleshooting If the OCS MobileStatus console application or the service stop functioning check the Windows Application Event log for errors. The program will log all fatal errors to the Application Event log. Pre-requisites missing UCMA Core missing If you are running OCS MobileStatus which does not have the Office Communications Server Unified Communications Managed API Core (UCMA Core) files installed, the program will not start. The event log message will contain the following information Could not load file or assembly SIPEPS. To resolve the problem make sure that the pre-requisites are installed correctly. Active Directory communication Not in a domain The computer running OCS MobileStatus must be part of an Active Directory domain. It uses Active Directory to retrieve users who have a telephone number and a SIP URI (i.e. are enabled for Office Communications Server). If the computer running OCS MobileStatus is not part of a domain, an event log message containing the following is logged: The specified domain either does not exist or could not be contacted. Resolve the problem by joining the computer to an Active Directory domain containing the users for whom OCS MobileStatus should change presence. Certificate problems Missing local certificate If the event log message contains information such as Service cannot be started. System.ArgumentNullException: Value cannot be null. Parameter name: certificate the problem is caused by either a missing local certificate or incorrect information in the LocalHostName or CertificateSerialNumber configuration parameters. OCS MobileStatus cannot communicate with the Office Communications Server unless you have installed a certificate which it can use. In some cases OCS MobileStatus cannot find the correct certificate in the certificate store. OCS MobileStatus cannot find a certificate if you do not have a certificate installed with the same subject name as the configuration parameter LocalHostName, or you have configured a CertificateSerialNumber which does not match any of the installed certificates. It is required that the certificate has a private key. To resolve the problem make sure that you have installed the correct certificate, and that the configuration parameter LocalHostName matches the subject name (or Subject Alternate Name). Or if you have configured the Certificate Serial Number parameter, a certificate must have the given serial number. Document version 2.5, 2012-12-04 Page 32 of 40

Missing Certification Authority certificate A TLS session cannot be established if the computer running OCS MobileStatus does not know the certification authority which created the certificate used by the Office Communications Server. This will result in OCS MobileStatus stopping while trying to establish connection to the Office Communications Server to publish presence for a user. The failure in the event log will contain information such as The certificate chain was issued by an authority that is not trusted. This is normally only a problem if the computer running OCS MobileStatus is not in the same domain as the computer running Office Communications Server, or the certificate used on the Office Communications Server is using a self-signed certificate. To resolve the problem install the certificate for the certification authority used to sign the Office Communications Server certificate on the computer running OCS MobileStatus. Incorrect certificate used If you have configured OCS MobileStatus to use an incorrect certificate, such as one with a different DNS name than the server running OCS MobileStatus, you may get an error message such as this: RealTimeException creating OCS endpoint SIP URI. Office Communications Server timeouts Incorrect GRUU If OCS MobileStatus has been configured with an incorrect GRUU, the Office Communications Server may not be able to send data to OCS MobileStatus. This results in timeouts when OCS MobileStatus establishes endpoints to use for publishing user presence in Office Communications Server. To resolve the problem verify that the GRUU used is the correct one, and that the application is provisioned within Active Directory. Firewall configuration The Office Communications Server cannot send data to OCS MobileStatus if the firewall on the computer running OCS MobileStatus is not configured to allow traffic to the TCP port set with the OCSApplicationPort (default 45871) configuration parameter. This results in timeouts when OCS MobileStatus establishes endpoints to use for publishing user presence in Office Communications Server. To resolve the problem allow communications to the port configured with the OCSApplicationPort parameter. Lync provisioning If the necessary deployment PowerShell cmdlets regarding application pool, trusted application, etc. have not been executed you may receive this log message when starting OCS MobileStatus: Invalid configuration. Provisioning information is missing in CS environment. Microsoft.Rtc.Collaboration.ProvisioningFailureException:One or more values in the configured settings are invalid or unusable. Check inner exception and logs for more details. ---> Microsoft.Rtc.Internal.ServerConfiguration.SettingsInitializationException: The Document version 2.5, 2012-12-04 Page 33 of 40

settings wrapper failed to initialize. A machine with FQDN {0} does not exist in the topology. To solve the problem make sure to run all deployment cmdlets. In this case run Enable-CSReplica and Invoke-CsManagementStoreReplication and wait for replication to complete. If no certificate has been configured you may receive this log message: Invalid configuration. Provisioning information is missing in CS environment. Microsoft.Rtc.Collaboration.ProvisioningFailureException:Application has not been configured with a certificate for Mutual TLS communication from this machine. Run the PowerShell cmdlets for requesting and assigning a certificate. See the chapter Request a certificate on page 21 for details. Document version 2.5, 2012-12-04 Page 34 of 40

Appendix A: OCS MobileStatus settings If you should require central management of the OCS MobileStatus configuration settings, you can change all settings in the Windows Registry. The path in which the settings are stored is: HKEY_LOCAL_MACHINE\Software\BluePosition\OCS MobileStatus The values are as described in the table below. Setting name Type Default value Required Notes CCSServer String None Yes Hostname or IP of BluePosition MobileStatus or Call Center server. ADImportRootPath String None No LDAP path to an organizational unit which contains the users to automatically set OCS status for. If not configured, uses all users from the entire Active Directory. ADImportPrependCountryCode String None No The country code to prepend to the numbers imported from the AD. Only used if the numbers do not start with + or 00. ADImportInterval DWORD 1440 No The interval in minutes for automatic import from Active Directory. Value can be one of: 0 (meaning only on startup), 60, 120, 240, 720, 1440 LocalHostName String None Yes Hostname of the computer running the OCS Mobile Status application. Must be in a form which can be resolved by the OCS server. OCSGRUU String None Yes GRUU (Globally Routable User-agent URI. Created when provisioning the application on the OCS server in the chapter Error! Reference source not found. on page Error! Bookmark not defined.. OCSServer String None Yes DNS name of the OCS or Lync server or pool to communicate with. Only used Document version 2.5, 2012-12-04 Page 35 of 40

by Lync if Lync server autodiscovery is disabled. OCSServerTLSPort Integer 5061 Yes The port on which the OCS server listens for incoming TLS connections. OCSApplicationPort Integer 45871 Yes Port used by OCS Mobile Status for incoming communication from the OCS server. Must be the same as configured while creating the GRUU in the Configuration program. OCSBusyValue Integer 6500 Yes The availability value used when setting a user s status to Mobile phone busy. For the best user experience, the value should near or equal to 6500 as the Office Communicator client treats those values as busy. OCSMobileBusyString String Mobile phone busy Yes The custom activity string used when setting a user s status to Mobile phone busy. OCSOffValue Integer 3500 Yes The availability value used when setting a user s status to Mobile phone off. For the best user experience, the value should be less than 6500 which Office Communicator treats as busy. OCSMobileOffString String Mobile phone off Yes The custom activity string used when setting a user s status to Mobile phone off. CertificateSerialNumber String None No If configured it must be the hexadecimal serial number of the certificate to use for TLS communication with the OCS server. 4 4 A note on certificate selection: If CertificateSerialNumber is configured, only a certificate with that serial number is used. If it is not configured, the Local Machine certificate store is searched for a certificate which has the value of the LocalHostName configuration setting as either the Subject Name or the Subject Alternate Name. Document version 2.5, 2012-12-04 Page 36 of 40

SMTPAlerting String True No True or False to define whether SMTP alerting is enabled SMTPFrom String Yes The From address when OCS MobileStatus sends an e-mail alert SMTPPassword String No The password used when sending e- mail alerts. Only used if a username is also configured. SMTPPort DWORD 25 No The port number to connect to the SMTP server on. SMTPServer String Yes The SMTP server to use when OCS MobileStatus sends an e-mail alert. SMTPRecipients String Yes A semi-colon separated list of SMTP addresses who should receive e-mail alerts. SMTPUsername String No The username to use when sending e- mail alerts when the server requires login. If configured, a login will be attempted on the server. SMTPUseSSL String No True or False depending on whether the SMTP server requires SSL/TLS encryption. LogConfiguration String No Set by the installer to make OCS MobileStatus log to a file in the program installation folder. InstallPath String Yes Set by the installer to contain the installation directory. Do not change this value. RuntimeInformation String Yes Contains runtime state information which is used by OCS MobileStatus when the service is restarted. UseWorkingHours String False No True or False depending on whether the working hours privacy setting should be used. Document version 2.5, 2012-12-04 Page 37 of 40

Working Hours Begin 0-7 String No HH:MM:SS (hour, minute, second) of working hours begin time for each weekday. Weekdays start with Sunday at Working Hours Begin 0. Working Hours End 0-7 String No HH:MM:SS (hour, minute, second) of working hours end time for each weekday. Weekdays start with Sunday at Working Hours End 0. PublishWhileOffline String True No True or False depending on whether presence should be published when a user is offline. Document version 2.5, 2012-12-04 Page 38 of 40

Appendix B: Log configuration By default OCS MobileStatus will log to a text file in the installation folder. The log file will rotate once when it reaches a size of 100 MB. This means that no more than 200 MB of log files will be stored. The log file is useful for product support in case of problems, but during normal operation it is not necessary to analyze the log file. The log file size and format as well as rotation can be configured. Since this is an advanced trouble-shooting step, there is no configuration for the log file options. However, it is possible to change the settings using the Windows Registry Editor. The logging configuration is read by OCS MobileStatus from the value called LogConfiguration in the registry key is HKEY_LOCAL_MACHINE\Software\BluePosition\OCS MobileStatus. The default setting is: text(append="true", filename="ocsmobilestatus.log", maxparts="2", maxsize="102400") The table below specifies the possible parameter options, their default values and descriptions. Option Default Value Description append true Specifies if new log messages should be appended to the log file instead of overwriting the file first. buffer 0 Specifies the I/O buffer size in kilobytes. It is possible to specify size units like this: "1 MB". Supported units are "KB", "MB" and "GB". A value of 0 disables this feature. Enabling the I/O buffering greatly improves the logging performance but has the disadvantage that log messages are temporarily stored in memory and are not immediately written to disk. filename ocsmobilestatus.log Specifies the filename of the log file. indent false Indicates if the logging output should automatically be indented. maxparts 2 Specifies the maximum amount of log files at any given time when log rotating is enabled or the maxsize option is set. Specify 0 for no limit. See below for information on the default value for this option. maxsize 102400 Specifies the maximum size of a log file in kilobytes. When this size is reached, a backup of the log file is created and the original file is reset. It is possible to specify size units like this: "1 MB". Supported Document version 2.5, 2012-12-04 Page 39 of 40