Solved

Making LCS and OCS talk to each other

Posted on 2009-07-02
3
899 Views
Last Modified: 2013-11-29
Hi

In our Single Domain, Single Forest environment spread over three countries and running over MPLS WAN links, one of our offices has deployed LCS 2005 and the other one recently deployes OCS 2007 R2.

The AD shcema was prepared in such a that both the LCS & OCS remained functional.
How can we make the user's of both, talk to / communicate with each other? In the near term, we want all the users be shifted over to OCS though but that needs a bit of planning for internal PKI and placement of servers in the their own pools, but till then, I was wondering if there is a temporary solution???
0
Comment
Question by:fahim
  • 2
3 Comments
 
LVL 12

Expert Comment

by:gaanthony
ID: 24769384
LCS 2005 SP1 requires all the released updates for it to be applied for OCS 2007 R2 interoperability along with the OC 2005 client being updated with the latest release.
LCS 2005 SP1 requires updates KB 911996, 921543, 950614
OC 2005 requires update KB 949280.
You mention PKI so I have to assume you have no internal Certificate Authority deployed at the moment.  Did you use certficates from a Third Party CA or are you using TCP instead of TLS for Communicator client connectivity to both LCS and OCS.
The only way that LCS and OCS servers with talk to each other is via Mutual TLS which means you need certificates on both the Pools for interoperability.
See the following link for the support migraiton path. http://technet.microsoft.com/en-us/library/dd425356(office.13).aspx
Let me know if you have any more questions.  Setting up a internal certificate authority is pretty simple.  All you need is a Windows Server 2003 or 2008 Enterprise Edition server that you configure IIS and Certificate Authority roles on it.  Note: Can't be collocated with OCS/LCS.
0
 

Author Comment

by:fahim
ID: 24775954
Thanks for the response Anthony.

What we are using for OCS currently is Third Party CA generated elsewhere but the problem is revocation, new certificates generation for adding servers is not in our control. The consultant who installed OCS has some sort of CA running on his laptop through which he generated the certs for server and clients connecting to OCS 2007. A shortcut mechanism I'd say.

I'll check if all the updates you have mentioned are in place. But, what's required to be done on LCS and OCS thereafter? I have a server cert on OCS while LCS uses TCP.

Also, thank's for mentioning tha setting up internal Cert Auth. is simple. We have native Windows 2003 R2 environment running on single domain, single forest mechanism althought spread over three countries, communicating on MPLS VPN dedicated links. I have posted a separate cuestion in this regards here:
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24539295.html

Pls contribute your thoughts. I would appreciate them most.
Thannks.
0
 
LVL 12

Accepted Solution

by:
gaanthony earned 500 total points
ID: 24776152
You will need to configure TLS (Server Cert) on LCS preferrably requesting a certificate from the same CA that the one for OCS was generated from so that LCS and OCS servers will trust each other's certificate.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now