Solved

Making LCS and OCS talk to each other

Posted on 2009-07-02
3
898 Views
Last Modified: 2013-11-29
Hi

In our Single Domain, Single Forest environment spread over three countries and running over MPLS WAN links, one of our offices has deployed LCS 2005 and the other one recently deployes OCS 2007 R2.

The AD shcema was prepared in such a that both the LCS & OCS remained functional.
How can we make the user's of both, talk to / communicate with each other? In the near term, we want all the users be shifted over to OCS though but that needs a bit of planning for internal PKI and placement of servers in the their own pools, but till then, I was wondering if there is a temporary solution???
0
Comment
Question by:fahim
  • 2
3 Comments
 
LVL 12

Expert Comment

by:gaanthony
Comment Utility
LCS 2005 SP1 requires all the released updates for it to be applied for OCS 2007 R2 interoperability along with the OC 2005 client being updated with the latest release.
LCS 2005 SP1 requires updates KB 911996, 921543, 950614
OC 2005 requires update KB 949280.
You mention PKI so I have to assume you have no internal Certificate Authority deployed at the moment.  Did you use certficates from a Third Party CA or are you using TCP instead of TLS for Communicator client connectivity to both LCS and OCS.
The only way that LCS and OCS servers with talk to each other is via Mutual TLS which means you need certificates on both the Pools for interoperability.
See the following link for the support migraiton path. http://technet.microsoft.com/en-us/library/dd425356(office.13).aspx
Let me know if you have any more questions.  Setting up a internal certificate authority is pretty simple.  All you need is a Windows Server 2003 or 2008 Enterprise Edition server that you configure IIS and Certificate Authority roles on it.  Note: Can't be collocated with OCS/LCS.
0
 

Author Comment

by:fahim
Comment Utility
Thanks for the response Anthony.

What we are using for OCS currently is Third Party CA generated elsewhere but the problem is revocation, new certificates generation for adding servers is not in our control. The consultant who installed OCS has some sort of CA running on his laptop through which he generated the certs for server and clients connecting to OCS 2007. A shortcut mechanism I'd say.

I'll check if all the updates you have mentioned are in place. But, what's required to be done on LCS and OCS thereafter? I have a server cert on OCS while LCS uses TCP.

Also, thank's for mentioning tha setting up internal Cert Auth. is simple. We have native Windows 2003 R2 environment running on single domain, single forest mechanism althought spread over three countries, communicating on MPLS VPN dedicated links. I have posted a separate cuestion in this regards here:
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24539295.html

Pls contribute your thoughts. I would appreciate them most.
Thannks.
0
 
LVL 12

Accepted Solution

by:
gaanthony earned 500 total points
Comment Utility
You will need to configure TLS (Server Cert) on LCS preferrably requesting a certificate from the same CA that the one for OCS was generated from so that LCS and OCS servers will trust each other's certificate.
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now