• Article

Upgrading Tanjay in Communications Server 2007 R2

Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

This article provides instructions for upgrading Office Communicator Phone Edition devices from build 199 to 522 and then to 6907 by using the Office Communications Server 2007 R2 Device Update Service. There is also a brief description of the naming conventions used in this article for those who aren’t familiar with how the fields on the Tanjay sign-in screen impact the creation of DNS records.

Author: Rick Varvel

Publication date: January 2010

Product version: Office Communications Server 2007 R2

This article provides instructions for upgrading Office Communicator Phone Edition devices from build 199 to 522 and then to 6907 by using the Office Communications Server 2007 R2 Device Update Service.

Getting Started

Prior to the instructions for the step-by-step upgrade, this article gives you a brief description of the naming conventions that are used in this article for those who aren’t familiar with how the fields on the Tanjay sign-in screen impact the creation of DNS records.

Phone Edition devices can run only one version of firmware at a time but are capable of being upgraded from one version to another. This article pertains to the three firmware versions listed in Table 1. The links in Table 1 will be used in the step-by-step instructions provided later in this article.

Table 1. Phone Edition Firmware versions

Office Communicator Phone Edition Firmware Version Office Communications Server Version

1.0.199.123

Office Communications Server 2007 shipping firmware version (in some cases this may be 522.x)

1.0.522.101

(You can also search the Internet for ucupdates 522)

Office Communications Server 2007 current download version

https://go.microsoft.com/fwlink/?linkid=178481

3.5.6907.35

(You can also search the Internet for ucupdates 6907)

Office Communications Server 2007 R2 current download version

https://go.microsoft.com/fwlink/?linkid=141222

Other builds were available during earlier phases, but this article focuses only on upgrading a Phone Edition device from build 199.1.23 to 522.101 and then to 6907.35. by using Office Communications Server 2007 R2 Device Update Service.

This article explains the basic steps for upgrading Phone Edition devices. For troubleshooting tips, NetMon trace samples, and detailed instructions for configuring environmental dependencies and upgrading Office Communications Phone Edition devices, see OCPE Device (Tanjay) Upgrade Guide at https://go.microsoft.com/fwlink/?linkid=178482.

Assumptions

When upgrading Phone Edition devices, the instructions in this article assume the following concepts: the first is related to user validation and authentication and the second to the creation of DNS A and SRV records.

Phone Edition Device User Validation and Domain Authentication

Signing in to a Phone Edition device requires three values: sign-in address, domain\user name, and password. The sign-in address value validates the user account in Office Communications Server and the domain\user name value authenticates the user in Active Directory.

  • Sign-in address is entered using Uniform Resource Identifier (URI) syntax and is the same value used to sign in to the Microsoft Office Communicator client.

  • Domain\user name is entered in 2 parts: the user’s Active Directory domain name, followed by a backslash and the user’s Active Directory alias. This is the same value used to sign in to Active Directory.

    Note

    The examples used in this article assume that the domain value that is specified when signing in to the Phone Edition device is entered using <domain FQDN> syntax. Doing so forces the Phone Edition device to query DNS rather than WINs to locate resources such as domain controllers or the pool that is running the Device Update Service.

DNS A and SRV Record Creation

Creating the necessary DNS zones and populating them with the correct A and SRV records requires an understanding of how the values entered in the authentication phase impact Phone Edition device DNS queries. To assist with that, two terms are used throughout this article: <SIPDomain> and <DHCPDomain>.

  • <SIPDomain> specifies the domain name portion in the user’s SIP URI (for example, fabrikam.com is the SIP domain of the user’s SIP URI, ocstest1@fabrikam.com).

  • <DHCPDomain> specifies the Active Directory domain assigned to the Phone Edition device by DHCP. In most cases, the Office Communications Servers will be deployed in the same Active Directory forest where the user accounts are created. In this case, the <DHCPDomain> matches the users’ Active Directory domain. If the users are in an account domain and servers are in a resource domain, <DHCPDomain> will not match the users’ Active Directory domain.

    Note

    When configuring DHCP, set Option 015 DNS Domain Name to the Active Directory domain that contains the pool that is running the Device Update Service.

When referring to signing in to a Phone Edition device, the following format is used:

  • Sign-in address:  userAlias@SIPDomain

  • Domain\User name:  DomainFQDN\userAlias

Authentication account syntax examples:

  • Sign-in address:  ocstest1@fabrikam.com  (fabrikam.com represents the <SIPDomain>)

  • Domain\User name:  contoso.com\ocstest1  (contoso.com represents the <DHCPDomain>)

Using these two values we determine the following:

The Sign-in address is ocstest1@fabrikam.com and the value after the @ sign represents <SIPDomain>. <SIPDomain> is represented in DNS as a zone (for example, fabrikam.com) and typically there will not be a DNS zone created for <SIPDomain>. In that case, you’ll have to create one on the internal DNS server and, if you are updating external Phone Edition devices, on the external DNS server. A Phone Edition device will query this DNS zone for various A and SRV records, which are covered later in the step-by-step update instructions.

The Domain\User name value is contoso.com\ocstest1 and the string that precedes the backslash represents <DHCPDomain>. For <DHCPDomain> there will be an existing DNS zone on the internal (and possibly external) DNS server because <DHCPDomain> is where the DNS records for the Office Communications Server that is running the Device Update Service are stored.

Figure 1 shows Phone Edition device sign-in fields to highlight the relationship between the values specified during authentication and the DNS zones to which they refer.

Figure 1. Phone Edition device Sign In dialog box

Sign-in Dialog Box

Note

<SIPDomain> versus <DHCPDomain>. In some environments, the <SIPDomain> and <DHCPDomain> values will be the same, but they are purposely different in the examples used in this article to highlight the issues that arise as a result of them being different.

For example, depending on the firmware version a Phone Edition device is running, the device will query DNS for the SRV record, _ntp._udp. <SIPDomain>, and query the <DHCPDomain> zone for an Active Directory domain controller. If DNS A and SRV records are not configured in the correct DNS zones, the DNS queries will fail, preventing the Phone Edition device from authenticating and upgrading.

Summary of Steps for Phone Edition Device Upgrade

These steps assume your environmental dependencies are close to being set correctly and are meant to be used as checklist of the steps involved in configuring Office Communications Server 2007 R2 to upgrade from build 199 to 522 to 6907. For more details about each step, see the "OCPE Device Upgrade Steps (Detailed Version)" section in the OCPE Device (Tanjay) Upgrade Guide available at https://go.microsoft.com/fwlink/?linkid=178482 from which this article is based.

Step 1: Set Environmental Dependencies

  1. Configure DHCP

    • Set Option 006 to the IP address of the internal DNS server.

    • Set Option 015 to the <DHCPDomain> (contoso.com is used in this example).

    • Set Option 119 to the list of DNS suffixes that a Phone Edition device will query to locate an Active Directory domain controller to authenticate against. This step is optional.

      Note

      Usually Phone Edition devices query DNS for the domain assigned by DHCP Option 015, but if you need Phone Edition devices to search multiple domains, configure DHCP Option 119 with a list of domain suffixes in your organization, delimited by a semicolon (for example, contoso.com; dev.contoso.com; corp.fabrikam.com).
      In some circumstances (for example, when entering a User Principle Name in the Domain\User name field on the Phone Edition device and no WINS server is installed), it is preferable that a DHCP client be configured with multiple DNS suffixes using DHCP Search Option 119.
      For more details, see "Appendix A" of the OCPE Device (Tanjay) Upgrade Guide available at https://go.microsoft.com/fwlink/?linkid=178482.

  2. Configure DNS for <SIPDomain> (fabrikam.com is used in this example)

    • Create A record for autodiscover.fabrikam.com set to the IP address of the Exchange Client Access Server used by Office Communications Server.

    • Create A record for sip.fabrikam.com set to the IP address of the pool running Device Update Service.

    • Verify that the SRV record for _sipinternaltls._tcp. fabrikam.com is created to map to the FQDN of Enterprise pool or Standard Edition Server running Device Update Service on port 5061.

    • Create SRV record for _ntp._udp. fabrikam.com set to the FQDN of the network time protocol (NTP) server (usually, time.windows.com, but can be the FQDN for any NTP server) on port 123.

      Note

      If upgrading Phone Edition devices remotely, see "Table 3.0 - OCPE Device DNS Requirements (all builds)" for external DNS requirements in the OCPE Device (Tanjay) Upgrade Guide available at https://go.microsoft.com/fwlink/?linkid=178482.

  3. Configure DNS for <DHCPDomain> (contoso.com is used in this example)

    Create A records for the following:

    • YourPoolName .contoso.com and configure it with the IP address of the Enterprise pool or Standard Edition Server that is running the Device Update Service.

    • ucupdates-r2.contoso.com and configure it with the IP address of the Enterprise pool or Standard Edition Server running the Device Update Service. If you currently have an ucupdates. <DHCPDomain> A record, it can be deleted if all your Phone Edition devices are build 199 or higher.

      Note

      If upgrading Phone Edition devices remotely, see "Table 3.0 - OCPE Device DNS Requirements (all builds)" for external DNS requirements in the OCPE Device (Tanjay) Upgrade Guide available at https://go.microsoft.com/fwlink/?linkid=178482.

  4. Configure Certificates

    • If using a Windows Server 2008 or Windows Server 2003 Enterprise CA, the Root CA certificate chain should already be published, but you can confirm that by using the steps in "Appendix A" of the OCPE Device (Tanjay) Upgrade Guide available at https://go.microsoft.com/fwlink/?linkid=178482.

    • If using a Windows Server 2008 or Windows Server 2003 Standard CA, use certutil -f to upload the certificate chain and then confirm that it was successfully published by following the steps in "Appendix A" of the OCPE Device (Tanjay) Upgrade Guide available at https://go.microsoft.com/fwlink/?linkid=178482. Alternatively, you can enable Auto Enrollment.

Step 2: Configure Office Communications Server 2007 R2

  • From the server running the Device Update Service:

    • Modify the Client Version filter to allow OCPhone devices equal to or greater than version 1.0.199.*

      Note

      If you get the error "Cannot sign in. You do not have the necessary permissions. Contact your system administrator" when trying to authenticate, it’s probably related to the client version filter not being set properly.

    • Modify Device Update Service External URLs (required even if upgrading Phone Edition devices internally).

Step 3: Upgrade from firmware 199 to 522

  • Download the latest ucupdates.exe file for build 522 (that is, 522.101 or higher) available at https://go.microsoft.com/fwlink/?linkid=178481, expand the CAB file, and then upload and approve it by using Device Updater.

  • Perform a hard reset and then recalibrate the phone.

    Note

    To perform a hard reset, unplug the Phone Edition device, use a paper clip to press and hold the reset button (small hole on back between USB and Headphone jack), reapply power (while continuing to hold down the reset button) until the scroll bar on the display goes all the way across the screen. Release the reset button and within 30 to 120 seconds the display should change to the white calibration screen that has the large plus sign in the center.
    This removes credentials, certificate chains, and XML configuration files and restores the Phone Edition device to factory defaults.

  • Sign in to the Phone Edition device by using your SIP URI for the Sign-in Address value and your domain FQDN account for the Domain\User name value (for example, ocstest1@fabrikam.com and contoso.com\ocstest1 respectively).

Step 4: Upgrade from firmware 522 to 6907

  • Download the latest ucupdates.exe file for build 6907 (that is, 6907.35 or higher) available at https://go.microsoft.com/fwlink/?linkid=178481, expand the CAB file, and then upload it and leave it as Pending by using Device Updater.

  • Add the MAC address of the phone that you’re upgrading to build 6907. Later you can make 6907 approved, but there may be existing 522 builds that you don’t want upgraded to 6907, and this approach allows you to control which phones are upgraded.

  • When upgrading from 199 to 522, an ucupdates.xml file is copied to the Phone Edition device and it should not be necessary to sign in again, but you will have to power cycle the phone to start the upgrade.

    Note

    If you do a hard reset, you will delete the ucupdates.xml file, and you will have to sign in to the Phone Edition device to start the upgrade to 6907. You may have to wait 15 minutes for the update to begin.

  • If you do sign in to the Phone Edition device, use your SIP URI for the Sign-in Address value and your domain account for the Domain\User name value (for example, ocstest1@fabrikam.com and contoso.com\ocstest1).

  • The Phone Edition device should upgrade to 6907.xx at this point.

Additional Information

To learn more, check out the following articles:

Office Communications Server Resources