Share via


Deploying Unified Messaging and Communications Server 2007

Applies to: Exchange Server 2010

Microsoft Exchange Server 2010 Unified Messaging (UM) and Microsoft Office Communications Server 2007 can be deployed together to provide voice messaging, instant messaging, enhanced user presence, audio/video conferencing, and an integrated e-mail and messaging experience for users in your organization. This topic discusses how to configure Exchange 2010 Unified Messaging and Communications Server 2007 to support these features.

Looking for more information about Communications Server 2007? See the reference and Help documentation for Communications Server 2007 in the Office Communications Server and Client Documentation Rollup.

Contents

Deploying Exchange Unified Messaging and Communications Server 2007

Deployment Path

For More Information

Deploying Exchange Unified Messaging and Communications Server 2007

Exchange 2010 Unified Messaging combines voice messaging and e-mail messaging into a single messaging infrastructure. Communications Server 2007 Enterprise Voice takes advantage of the Unified Messaging infrastructure to provide voice mail, subscriber access, call notification, and auto attendant services.

Before you can implement these services or features, you must do the following:

  • Install Communications Server 2007 in the same Active Directory directory service topology as the Unified Messaging servers.
  • Deploy the following Exchange 2010 server roles:
    • Unified Messaging server role   The Unified Messaging server connects Exchange 2010 with Communications Server 2007.
    • Hub Transport server role   The Hub Transport server routes e-mail messages from the Unified Messaging server to user mailboxes.
    • Client Access server role   The Client Access server hosts client protocols, such as POP3, IMAP4, HTTPS, Outlook Anywhere (formerly known as RPC over HTTP), the Availability service, and the Autodiscover service. The Client Access server also hosts Exchange Web Services.
    • Mailbox server role   The Mailbox server hosts user mailboxes.
      For more information about the server roles included in Exchange 2010, see Getting Started With Exchange 2010. For more information about how to install each server role included in Exchange 2010, see New Installation of Exchange 2010.
  • Install and configure Communications Server 2007 in your organization as follows:
    1. Install Communications Server 2007 on servers in your organization.
    2. Install a certificate that's valid and signed by a certification authority (CA) on the Communications Server 2007 servers.
    3. Make sure that the certificate that you installed on the Communications Server 2007 servers is trusted by the Unified Messaging servers.
    4. Confirm that at least one Communications Server 2007 pool object is created during installation.

Certificate Configuration Recommendations

You must have a certificate that's trusted by both the computers running Exchange and Communications Server 2007. In an environment that has Communications Server 2007 and Exchange 2010 Unified Messaging, use the following guidelines for deploying a trusted certificate:

  • Import a certificate that's valid and signed by a CA. This should be a trusted third-party commercial certificate or a public key infrastructure (PKI) certificate and should be imported on the Communications Server 2007 computers and the Exchange servers that have the Unified Messaging and Client Access server roles installed.

  • The most simple certificate deployment scenario is to import the same third-party commercial or PKI certificate to each Exchange 2010 server that has the following server roles installed: Unified Messaging, Client Access, and Hub Transport. Also, install this trusted certificate on each computer running Communications Server 2007. This will help simplify your certificate deployment and reduce the administrative overhead associated with deploying certificates. However, you must obtain a trusted certificate that supports subject alternative names.

    Note

    If you use a SIP secured or Secured dial plan, a trusted certificate is required between the Unified Messaging servers and the IP gateways. A trusted certificate is also required if a direct Session Initiation Protocol (SIP) connection is used. If you use a SIP secured or Secured dial plan, you can use the same trusted certificate used between Communications Server 2007 computers and the Unified Messaging, Client Access, and Hub Transport servers.

  • Although you can install the Unified Messaging server role and other Exchange 2010 server roles on the same computer, when you deploy Communications Server 2007, we recommend that you install the Unified Messaging server role on a computer that won't be running other Exchange 2010 server roles. If another server role is installed on the same computer as the Unified Messaging server role, the Microsoft Exchange Unified Messaging service may select the incorrect certificate and be unable to use mutual Transport Layer Security (mutual TLS) to encrypt traffic. This occurs because of limitations with subject alternative names found in certificates.
    For example, if you install the Unified Messaging server role first, and then later install the Client Access server role on the same server, the Microsoft Exchange Unified Messaging service will use the certificate created by the Client Access server role instead of the certificate created when the Unified Messaging server role was installed. This is because the Microsoft Exchange Unified Messaging service looks for the certificate in the trusted root store that has the most time left before it will expire.

  • Because the trusted certificate uses mutual TLS to establish an encrypted channel with Communications Server 2007 and with Client Access, Hub Transport, and Unified Messaging servers, the name on the certificate used during mutual TLS negotiation must match the fully qualified domain name (FQDN) of the server that presents the certificate.

Return to top

Deployment Path

After you install the required server roles in your Exchange 2010 organization, there's a recommended sequence of steps that you must perform on the Exchange Unified Messaging environment and in your Communications Server 2007 environment to correctly deploy Enterprise Voice and Exchange 2010 Unified Messaging. Exchange 2010 Unified Messaging is used to provide call answering, Outlook Voice Access, and auto attendant services. Communications Server 2007 enables more advanced features found in Enterprise Voice services. The following figure illustrates the recommended deployment path for implementing Enterprise Voice services found with Exchange 2010 Unified Messaging and Communications Server 2007.

Deploying Exchange 2010 Unified Messaging and Communications Server 2007

Deployment Path for UM and OCS

For more information about Communications Server 2007 and to download the reference and Help documentation for Communications Server 2007, see Office Communications Server and Client Documentation Rollup.

There are several steps that you must complete to configure Exchange 2010 Unified Messaging to work with Enterprise Voice in Communications Server 2007. You must do the following:

  1. Create one or more Exchange 2010 Unified Messaging SIP Uniform Resource Identifier (URI) dial plans that each map to a corresponding Communications Server 2007 location profile. An Enterprise Voice location profile must be created for each Exchange UM dial plan. The location profile name has to match the FQDN of the UM dial plans. The UM dial plan FQDN is used as the name of its corresponding location profile. Use the Get-UMDialPlan cmdlet to obtain the FQDN of a SIP URI dial plan, and then create its corresponding location profile. For more information about how to create a SIP URI dial plan, see Create a UM Dial Plan.

  2. Install a certificate on the Unified Messaging servers that's valid and signed by a CA, and then restart the Microsoft Exchange Unified Messaging service on each Unified Messaging server.

  3. Encrypt the Voice over IP (VoIP) traffic by configuring the SIP URI dial plan as SIP secured or Secured. For more information about how to configure the security settings on a UM dial plan, see Configure VoIP Security on a UM Dial Plan. For more information about VoIP security and configuring mutual TLS, see Understanding Unified Messaging VoIP Security.
    Although a UM dial plan can be configured as SIP secured or Secured, we recommend that you configure the dial plan as Secured to enable Microsoft Office Communicator 2007 Phone Edition devices to work correctly. This is recommended because of the default encryption level settings configured in Communications Server 2007. A Communicator Phone Edition device will only work if the encryption settings are configured as shown in the following table. This table shows the relationship between the encryption settings for both Communications Server 2007 and UM dial plans.
    Encryption settings for Communicator Phone Edition

    Communications Server 2007 UM dial plan

    Encryption required (default)

    Secured

    Encryption optional

    SIP secured/secured

    No encryption

    SIP secured

  4. Add the servers running the Unified Messaging server role to the SIP dial plan. To enable the server to answer incoming calls, you must add the Unified Messaging server to a dial plan. For more information about how to add a Unified Messaging server to a dial plan, see Add a UM Server to a Dial Plan.

  5. Create a SIP address for the users who will use Enterprise Voice. For more information about how to create a SIP address for a UM-enabled user, see Add a SIP Address for a UM-Enabled User.

    Important

    Users who are associated with a SIP URI dial plan cannot receive incoming faxes. This is because incoming voice and fax calls are routed through a mediation server and faxing isn't supported when using a mediation server.

  6. Open the Exchange Management Shell and run the exchucutil.ps1 script located in the <Exchange Installation folder>\Exchange Server\Script folder. The exchucutil.ps1 script does the following:

    • Grants Communications Server 2007 permission to read Exchange UM Active Directory objects, specifically, the SIP URI dial plan objects created in the previous task. For more information about how to configure permissions on Active Directory objects, see How to Use ADSI Edit to Apply Permissions.
    • Creates a UM IP gateway in Active Directory for each Communications Server 2007 pool or for each server running Communications Server 2007 Standard Edition that hosts users who are enabled for Enterprise Voice. For more information about how to create a UM IP gateway, see Create a UM IP Gateway.
    • Creates an Exchange UM hunt group for each IP gateway. The hunt group pilot identifier will be the name of the dial plan associated with the corresponding gateway. The hunt group must specify the Exchange 2010 Unified Messaging SIP dial plan used with the UM IP gateway. For more information about how to create a UM hunt group, see Create a UM Hunt Group.

Return to top

You must also complete the following tasks to configure Communications Server 2007 to work with Exchange 2010 Unified Messaging:

  • Create location profiles. The location profile name must match the FQDN of the corresponding UM dial plans.

  • Assign location profiles to Communications Server 2007 pools.

  • Deploy and configure media gateways and mediation servers.

  • Define telephone usages, voice policies, and outbound call routes.

  • Configure the users for Enterprise Voice services.

  • Run the ocsumutil.exe command that creates the contact objects for subscriber access and for the auto attendant. It also validates that there's a location profile name that matches the FQDN of the Exchange UM dial plan.

    Note

    When you install Communications Server 2007, the msRTC-SIPLine attribute is added to Active Directory. If you haven't installed Communications Server 2007 in your environment, this attribute isn't added to Active Directory, and caller ID name resolution across dial plans in a single forest and in cross-forest scenarios won't work correctly unless you configure Unified Messaging proxy addresses for users who aren't UM-enabled.

For more information about how to perform the tasks that must be completed for Communications Server 2007, see Office Communications Server and Client Documentation Rollup.

After you configure the Communications Server 2007 and the Unified Messaging servers, you must enable the user to use Communications Server 2007 and install Communicator on the user's client computer.

Important

Sending and receiving faxes using T.38 or G.711 isn't supported in an environment when Unified Messaging and Office Communications Server are integrated.

Return to top

For More Information

Office Communications Server and Client Documentation Rollup