Solved

Making LCS and OCS talk to each other

Posted on 2009-07-02
3
901 Views
Last Modified: 2013-11-29
Hi

In our Single Domain, Single Forest environment spread over three countries and running over MPLS WAN links, one of our offices has deployed LCS 2005 and the other one recently deployes OCS 2007 R2.

The AD shcema was prepared in such a that both the LCS & OCS remained functional.
How can we make the user's of both, talk to / communicate with each other? In the near term, we want all the users be shifted over to OCS though but that needs a bit of planning for internal PKI and placement of servers in the their own pools, but till then, I was wondering if there is a temporary solution???
0
Comment
Question by:fahim
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 12

Expert Comment

by:gaanthony
ID: 24769384
LCS 2005 SP1 requires all the released updates for it to be applied for OCS 2007 R2 interoperability along with the OC 2005 client being updated with the latest release.
LCS 2005 SP1 requires updates KB 911996, 921543, 950614
OC 2005 requires update KB 949280.
You mention PKI so I have to assume you have no internal Certificate Authority deployed at the moment.  Did you use certficates from a Third Party CA or are you using TCP instead of TLS for Communicator client connectivity to both LCS and OCS.
The only way that LCS and OCS servers with talk to each other is via Mutual TLS which means you need certificates on both the Pools for interoperability.
See the following link for the support migraiton path. http://technet.microsoft.com/en-us/library/dd425356(office.13).aspx
Let me know if you have any more questions.  Setting up a internal certificate authority is pretty simple.  All you need is a Windows Server 2003 or 2008 Enterprise Edition server that you configure IIS and Certificate Authority roles on it.  Note: Can't be collocated with OCS/LCS.
0
 

Author Comment

by:fahim
ID: 24775954
Thanks for the response Anthony.

What we are using for OCS currently is Third Party CA generated elsewhere but the problem is revocation, new certificates generation for adding servers is not in our control. The consultant who installed OCS has some sort of CA running on his laptop through which he generated the certs for server and clients connecting to OCS 2007. A shortcut mechanism I'd say.

I'll check if all the updates you have mentioned are in place. But, what's required to be done on LCS and OCS thereafter? I have a server cert on OCS while LCS uses TCP.

Also, thank's for mentioning tha setting up internal Cert Auth. is simple. We have native Windows 2003 R2 environment running on single domain, single forest mechanism althought spread over three countries, communicating on MPLS VPN dedicated links. I have posted a separate cuestion in this regards here:
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24539295.html

Pls contribute your thoughts. I would appreciate them most.
Thannks.
0
 
LVL 12

Accepted Solution

by:
gaanthony earned 500 total points
ID: 24776152
You will need to configure TLS (Server Cert) on LCS preferrably requesting a certificate from the same CA that the one for OCS was generated from so that LCS and OCS servers will trust each other's certificate.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In-place Upgrading Dirsync to Azure AD Connect
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question