Solved

Making LCS and OCS talk to each other

Posted on 2009-07-02
3
904 Views
Last Modified: 2013-11-29
Hi

In our Single Domain, Single Forest environment spread over three countries and running over MPLS WAN links, one of our offices has deployed LCS 2005 and the other one recently deployes OCS 2007 R2.

The AD shcema was prepared in such a that both the LCS & OCS remained functional.
How can we make the user's of both, talk to / communicate with each other? In the near term, we want all the users be shifted over to OCS though but that needs a bit of planning for internal PKI and placement of servers in the their own pools, but till then, I was wondering if there is a temporary solution???
0
Comment
Question by:fahim
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 12

Expert Comment

by:gaanthony
ID: 24769384
LCS 2005 SP1 requires all the released updates for it to be applied for OCS 2007 R2 interoperability along with the OC 2005 client being updated with the latest release.
LCS 2005 SP1 requires updates KB 911996, 921543, 950614
OC 2005 requires update KB 949280.
You mention PKI so I have to assume you have no internal Certificate Authority deployed at the moment.  Did you use certficates from a Third Party CA or are you using TCP instead of TLS for Communicator client connectivity to both LCS and OCS.
The only way that LCS and OCS servers with talk to each other is via Mutual TLS which means you need certificates on both the Pools for interoperability.
See the following link for the support migraiton path. http://technet.microsoft.com/en-us/library/dd425356(office.13).aspx
Let me know if you have any more questions.  Setting up a internal certificate authority is pretty simple.  All you need is a Windows Server 2003 or 2008 Enterprise Edition server that you configure IIS and Certificate Authority roles on it.  Note: Can't be collocated with OCS/LCS.
0
 

Author Comment

by:fahim
ID: 24775954
Thanks for the response Anthony.

What we are using for OCS currently is Third Party CA generated elsewhere but the problem is revocation, new certificates generation for adding servers is not in our control. The consultant who installed OCS has some sort of CA running on his laptop through which he generated the certs for server and clients connecting to OCS 2007. A shortcut mechanism I'd say.

I'll check if all the updates you have mentioned are in place. But, what's required to be done on LCS and OCS thereafter? I have a server cert on OCS while LCS uses TCP.

Also, thank's for mentioning tha setting up internal Cert Auth. is simple. We have native Windows 2003 R2 environment running on single domain, single forest mechanism althought spread over three countries, communicating on MPLS VPN dedicated links. I have posted a separate cuestion in this regards here:
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24539295.html

Pls contribute your thoughts. I would appreciate them most.
Thannks.
0
 
LVL 12

Accepted Solution

by:
gaanthony earned 500 total points
ID: 24776152
You will need to configure TLS (Server Cert) on LCS preferrably requesting a certificate from the same CA that the one for OCS was generated from so that LCS and OCS servers will trust each other's certificate.
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question