Guest

Cisco Unified Communications Manager IM & Presence Service

Integration Note for Configuring Cisco Unified Presence Release 8.0 with Microsoft Exchange

  • Viewing Options

  • PDF (405.4 KB)
  • Feedback
Integration Guide

Table Of Contents

Configuring Cisco Unified Presence Release 8.0 with Microsoft Exchange Server

Calendaring Integration with Microsoft Exchange

Overview of Components

Prerequisites for this Integration

How to Configure Cisco Unified Presence for Integration with Microsoft Exchange 2003

Requirements for This Integration

Creating a Receive-As Account

Creating a User Account

Delegating Control as Exchange View Only to the Account

Adding Receive-As Permissions to the Account

How to Configure Cisco Unified Presence for Integration with Microsoft Exchange 2007

Requirements for This Integration

Creating an Account with a Mailbox

Delegating Roles and Receive-As Permissions to the Account

Verifying Permissions on the Exchange Account

Configuring a Presence Gateway on the Cisco Unified Presence Server

Configuring Microsoft Active Directory for Integration with Cisco Unified Presence

How to Configure Security between Cisco Unified Presence and the Microsoft Exchange Server

Installing the CA Service

Installing the CA on Windows Server 2003

Installing the CA on Windows Server 2008

Downloading the Root Certificate

Uploading the Root Certificate to the Cisco Unified Presence Server

Generating a CSR on IIS of Exchange Server

Generating a CSR - Running Window Server 2003

Generating a CSR - Running Window Server 2008

Submitting the CSR to the CA Server

Downloading the Signed Certificate

Uploading the Signed Certificate onto Exchange IIS

Uploading the Signed Certificate - Running Windows 2003

Uploading the Signed Certificate - Running Windows 2008

[Optional] How to Configure Multilingual Support for Calendaring Integration

Installing the Locale Installer on Cisco Unified Communications Manager

Installing the Locale Installer on Cisco Unified Presence

Setting User Locales for Multilingual Calendaring Integration

[Optional] Configuring the Microsoft Exchange Notification Port

[Optional] Configuring the Duration Range of Microsoft Exchange Calendar Notifications

Known Issues with Microsoft Exchange Server Integration

Microsoft Exchange 2003

Applying Microsoft HotFix KB841561

Form-Based Authentication

Getting More Information

Cisco Unified Presence

Cisco Unified Communications Manager

Microsoft Exchange 2003

Microsoft Exchange 2007

Microsoft Active Directory


Integration Guide

Configuring Cisco Unified Presence Release 8.0 with Microsoft Exchange Server


Revised: April 7, 2010

1 Calendaring Integration with Microsoft Exchange

Microsoft Exchange calendaring allows users to correlate their calendar status in Microsoft Outlook with their availability status in Cisco Unified Presence. The table below shows how Cisco Unified Presence updates the availability status based on the status of a user as shown in the Microsoft Outlook calendar.

Table 1 Aggregated Presence State Based on Calendar State

Cisco Unified Presence State
Microsoft Outlook State

Available

Free/Tentative

Idle/Busy

Busy

Away

Out of Office


2 Overview of Components

This document provides you with instructions for integrating Cisco Unified Presence with Microsoft Exchange Calendar 2003 or 2007. Figure 1 shows how the Microsoft Exchange server (2003 or 2007 versions) integrates in the presence network provided by Cisco Unified Presence via a calendar module interface.

Cisco Unified Presence communicates with the Exchange server using Outlook Web Access (OWA), a WebDAV interface exposed by the Exchange server. The integration with Microsoft Exchange requires a Presence Gateway to be configured on Cisco Unified Presence for calendar applications. Once you configure this Presence Gateway for Outlook, Cisco Unified Presence can retrieve the calendar state of a user (Free, Busy, Out of Office) and map it to an availability status for the user (Available, Busy, Away).

Figure 1 Microsoft Exchange Integration with Cisco Unified Presence Architecture

3 Prerequisites for this Integration

Before you proceed with this integration, ensure that:

You are running one of the following Windows environments:

Active Directory 2003 and Windows Server 2003 -- OR --

Active Directory 2008 and Windows Server 2008

Cisco Unified Communications Manager (Release 6.x or a higher release) is installed and configured.

Cisco Unified Presence (Release 8.0) is installed and correctly deployed with a Cisco Unified Communications Manager server.

One of the following Microsoft Exchange platforms is installed together with the latest updates:

a. Microsoft Exchange Server 2003

Servers should be running the latest Service Packs for both Windows Server 2003 (SP2) or 2008 (SP2) and Microsoft Exchange 2003 (SP2). -- OR --

b. Microsoft Exchange Server 2007

Servers should be running the latest Service Packs for both Windows Server 2003 (SP2) or 2008 (SP2) and Microsoft Exchange 2007 (SP1).

You have a third-party certificate or certificate server required to generate the certificates.

Use the Cisco Unified Presence User Options pages to configure calendaring states on client applications.

Related Topics

Microsoft Service Pack Road Map

Known Issues with Microsoft Exchange Server Integration

4 How to Configure Cisco Unified Presence for Integration with Microsoft Exchange 2003

Requirements for This Integration

Creating a Receive-As Account.

Creating a User Account

Delegating Control as Exchange View Only to the Account

Adding Receive-As Permissions to the Account

Requirements for This Integration

Cisco Unified Presence requires an Exchange account with special permissions to query end-user calendaring data. You may already have an administrator account that is configured on the Exchange server. We recommend that you create a separate administrator account for Exchange Calendar integration because the default administrator configuration may not let you log into other user accounts.

The Exchange account must comply with the following requirements:

Be a member of the "Exchange View-Only Administrator" group.

Have "Receive-As" permission on the end-user mailboxes. A user account is a regular account used by a regular Exchange user. Cisco Unified Presence requires additional Receive-As account privileges to inspect all the calendars of the user. We recommend you to assign this permission at a higher level (such as mail storage group) to enable population of all the mailboxes in the mail storage group.

Creating a Receive-As Account

Before You Begin

Ensure that you have completed the prerequisites, and understand the requirements for this integration.

Procedure


Step 1 Create a new account on the Exchange server.

Step 2 Check Delegate Control as Exchange View Only.

Step 3 Add Receive Permissions to the account.


Troubleshooting Tips

If you cannot see Administrative Groups, right click Exchange and check Display Administrative Groups.

Related Topics

Prerequisites for this Integration

Requirements for This Integration

What To Do Next

Creating a User Account

Creating a User Account

Before You Begin

Create a Receive-As account.

Procedure


Step 1 Start Active Directory Users and Computers (ADUC) on the Exchange server.

Step 2 Complete the following actions:

a. Right click the Users container.

b. Select New | User.

Step 3 Enter the naming information for the user account in the New Object User window.

Step 4 Select Next.

Step 5 Select Next again to accept the default mailbox settings for the user account.

Step 6 Select Finish to complete creating the user account.


Related Topics

Creating a Receive-As Account

What To Do Next

Delegating Roles and Receive-As Permissions to the Account

Delegating Control as Exchange View Only to the Account

Before You Begin

Create a User account.

Procedure


Step 1 Open the Exchange System Manager on the Exchange server.

Step 2 Navigate to the Administrative Groups folder.

Step 3 Select the Administrative Group to which you want to add the account that you created.

Step 4 Complete these actions:

a. Right click the group.

b. Select Delegate Control from the pop-up menu.

Step 5 Select Next in the Exchange Administration Delegation Wizard window.

Step 6 Select Add.

Step 7 Select Browse and select the user account that you created.

Step 8 For the role, select Exchange View Only Administrator.

Step 9 Select OK.

Step 10 Select Finish to save your changes.


Troubleshooting Tips

If you cannot see Administrative Groups, right click Exchange and check Display Administrative Groups.

Related Topics

Creating a User Account

What To Do Next

Adding Receive-As Permissions to the Account

Adding Receive-As Permissions to the Account

Cisco Unified Presence requires Receive-As permissions on the account to enable it to log in to that account when it connects to the Exchange server. However, because this account does not typically receive mail, you do not need to be concerned about allocating space for it.

Before You Begin

Delegate Exchange View Only control to the account.

Procedure


Step 1 Open the Exchange System Manager on the Exchange server.

Step 2 Select Administrative Groups > First Administrative Group > Servers > First Server > Mailbox Store.

Step 3 Right click the mailbox store and select Properties.

Step 4 Complete these actions:

a. Select the Security tab.

b. Select Add.

Step 5 Enter the name of the account that you want to use in the Enter the object name to select field.

Step 6 Select Receive-As to grant Receive-As permissions to this administrator account, and on all mailbox stores against which you need to access calendar information.

Step 7 Select OK.


Troubleshooting Tips

If you receive an error message indicating that the Exchange server is down and the certificate is configured properly, then the "Receive-As" account is not configured properly. Recreate the account using the steps in this procedure.

Related Topics

Delegating Control as Exchange View Only to the Account

What To Do Next

Configure the Receive-As account to the backend gateway using the appropriate password. See Configuring a Presence Gateway on the Cisco Unified Presence Server.

5 How to Configure Cisco Unified Presence for Integration with Microsoft Exchange 2007

Requirements for This Integration

Creating an Account with a Mailbox

Delegating Roles and Receive-As Permissions to the Account

Verifying Permissions on the Exchange Account

Requirements for This Integration

Cisco Unified Presence requires an Exchange account with special permissions to query end-user calendaring data. You may already have an administrator account that is configured on the Exchange server. We recommend that you create a separate administrator account for Exchange Calendar integration because the default administrator configuration may not let you log into other user accounts.

The Exchange account must comply with the following requirements:

Be a member of the "Exchange View-Only Administrator" group.

Have "Receive-As" permission on the end-user mailboxes. A user account is a regular account used by a regular Exchange user. Cisco Unified Presence requires additional Receive-As account privileges to inspect all the calendars of users.We recommend you to assign this permission at a higher level (such as mail storage group) to enable population of all the mailboxes in the mail storage group. Accounts without a mailbox in the specified storage will not work, and the account will stop working if you remove the mailbox at any stage

We recommend that you do not install the mailbox role on the server running Client Access Server (CAS). When the mailbox role is installed on the same server as CAS, it has been observed that calendaring presence does not work correctly. Use a standalone CAS.

Creating an Account with a Mailbox

Before You Begin

Ensure that you have completed the prerequisites, and understand the requirements for this integration.

Procedure


Step 1 Sign in to an Exchange 2007 server using an account that is Exchange View-Only Administrator.

Step 2 Select Programs > Microsoft Exchange Server 2007 > Exchange Management Console on the Windows Start menu.

Step 3 Select Recipient Configuration in the console tree.

Step 4 Select New Mailbox.

Step 5 Complete the New Mailbox wizard:

Window
Configuration Steps

Introduction Window

Page 1 of 6

a. Select User Mailbox.

b. Select Next.

User Type Window

Page 2 of 6

a. Select New User.

b. Select Next.

User Information Window

Page 3 of 6

a. Complete the required fields as described in Table 2.

b. Select Next.

Mail Settings Window

Page 4 of 6

a. Complete the required fields as described in Table 3.

b. Select Next.

New Mail User Window

Page 5 of 6

Verify your configuration, and complete the following actions:

Select Back to correct an error.

Select Next to proceed.

Completion Window

Page 6 of 6

Select Finish.



Related Topics

Prerequisites for this Integration

Requirements for This Integration

What To Do Next

Delegating Roles and Receive-As Permissions to the Account

User Information Settings

Table 2 describes the user information configuration parameters.

Table 2 User Information Configuration Parameters

Field
Description

Organizational Unit

Displays the user container in Active Directory. To change the default organizational unit (OU), select Browse and select the OU you require.

First Name

[Optional] Enter the first name of the user.

Initials

[Optional] Enter the initials of the user.

Last Name

[Optional] Enter the last name of the user.

Name

Enter the first name, initials, and last name of the user. You can modify the name in this field.

User Logon Name (User Principal Name)

Enter the Microsoft domain name in which the user account resides followed by the name that the user requires to sign in to the mailbox.

Example: msoft-domain-name/username

User logon Name (pre-Windows 2000)

Enter the user name for the user that is compatible with versions of Microsoft Windows that existed prior to the release of Windows 2000 Server. This field is populated by default based on the User logon name (User Principal Name) field.

Password

Enter the password that the user requires to sign in to his or her mailbox.

Confirm Password

Reenter the password that you entered in the Password field.

User must change password at next logon

Check to prompt the user to reset the password.


Mailbox Settings

Table 3 describes the mailbox configuration parameters.

Table 3 Mailbox Configuration Parameters

Field
Description

Alias

This field is automatically populated based on the User logon name (User Principal Name) of the user. You can modify the alias in this field.

If any characters in the user logon name do not match the alias field, they are replaced by underscore characters (_). The alias must not exceed 64 characters and must be unique in the forest.

Mailbox database

Select Browse to open the Select Mailbox Database dialog box. Select the mailbox database you require, and select OK.

This dialog box lists all the mailbox databases in your Exchange organization. By default, the mailbox databases are sorted by name. Select the title of the corresponding column to sort the databases by storage group name or server name.

Managed folder mailbox policy

Check to specify a messaging records management (MRM) policy. Select Browse to select the MRM mailbox policy to associate with this mailbox.

Exchange ActiveSync mailbox policy

[Optional] Check to select the Exchange ActiveSync mailbox policy to associate with this mailbox. Select Browse.


Delegating Roles and Receive-As Permissions to the Account

Before You Begin

Create an account with a mailbox.

Procedure


Step 1 Add a user or group to an Administrator role using the Exchange Management console or Exchange Management shell:

If you want to use the:
Action

Exchange Management Console

a. Sign in to an Exchange 2007 server using an account that is an Exchange View-Only Administrator.

b. Select Programs > Microsoft Exchange Server 2007 > Exchange Management Console on the Windows Start menu.

c. Right-click Organization Configuration in the console tree.

d. Select Add Exchange Administrator.

e. Select Browse on the Add Exchange Administrator page.

f. Complete these actions in the Select User or Groups to Delegate dialog box:

Select the installation account.

Select OK.

g. Select the Exchange View-Only Administrator role under Select the role and scope of this Exchange administrator.

h. Select Add.

i. Select Finish in the Completion window.

Exchange Management Shell

Run the Add-Exchange command with associated arguments from the Run line or from the Command Prompt in the Exchange Management Shell.

The following provides the syntax and example of the command used to add a user to an administrator role:

Syntax
Add-ExchangeAdministrator -Role "role" 
-Identity "identity"

Example
Add-ExchangeAdministrator -Role ViewOnlyAdmin 
-Identity CUPSAdmin

Step 2 Run the Add-ADPermission command in the Exchange Management shell to grant Receive-As permission on the account, as follows:

Syntax

Add-ADPermission -Identity "Mailbox Store" -User "Trusted User" -ExtendedRights Receive-As

Example

Add-ADPermission -Identity "First Storage Group" -User CUPSAdmin -ExtendedRights Receive-As


Note You cannot use the Exchange Management Console to complete this step.



Related Topics

Creating an Account with a Mailbox

What To Do Next

Verifying Permissions on the Exchange Account

Verifying Permissions on the Exchange Account

After you have assigned the permissions to the Exchange account, you need to verify that the permissions propagate to mailbox level, and ensure that you can access the mailbox of the end-user. On Exchange 2007, it takes some time for the permissions to propagate to mailboxes.

Before You Begin

Delegate the appropriate roles and Receive-As permissions to the Exchange account.

Assume, for the purpose of the examples in the following procedures, that the Exchange account is named "cupsadmin" and the mail storage group is named "First Storage Group".

Procedure


Step 1 Open the Exchange Management shell for command line entry.

Step 2 Complete these actions to verify that the Exchange account is a member of "ExchangeView-Only Administrator" group:

a. Run this command in the Exchange Management shell:

([ADSI]"LDAP://CN=CUPS Admin,CN=Users,DC=r7,DC=com").memberof

Note The "CN=CUPS Admin,CN=Users,DC=r7,DC=com" is the DN (Distinguished Name) of the Exchange account. To determine the DN, use adsiedit.msc. Also verify the DN with your Active Directory administrator if required.


b. Ensure that the command output indicates the Exchange account is a member of "Exchange View-Only Administrator" group, as follows:

Example: Command Output

CN=Exchange View-Only Administrators,
OU=Microsoft Exchange Security Groups,
DC=r7,
DC=com

Step 3 Complete these actions to verify that the Exchange account has permissions on the mail storage group:

a. Run this command in the Exchange Management shell:

Get-ADPermission "First Storage Group" -user cupsadmin | Format-Table -AutoSize

Note The "First Storage Group" is the name of the mail storage group. The "cupsadmin" is the Exchange account.


b. Ensure that the command output indicates the Exchange account has "Receive-As" permission on the mail storage group, as follows:

Example: Command Output

Identity
- - - - - - 
User 
- - - -
Deny
- - - 
Inherited
- - - - - - 
Rights
- - - - - 
HTLUO-MAIL\First Storage Group 
R7\cupsadmin
False
False
Receive-As

Step 4 Complete these actions to verify that the Exchange account has permissions on an end-user mailbox:

a. Run this command in the Exchange Management shell:

Get-MailboxPermission jdoe -user cupsadmin | Format-Table -autosize

Note The "jdoe" is the mailbox of the end-user. The "cupsadmin" is the Exchange account.


b. Ensure that the command output indicates that the Exchange account has FullAccess permission on jdoe's mailbox, as follows:

Example: Command Output

Identity
- - - - - - 
User 
- - - -
AccessRights
- - - - - - - - 
IsInherited
- - - - - - - - 
Deny
- - - 
r7.com/Dallas/John Doe
R7\cupsadmin
{FullAccess}
True
False


Note This permission is inherited from the higher-level permission, in this instance, from the "First Storage Group". If the above command returns no output, the permission has not yet propagated to the mailbox. Do not proceed until you see that the Exchange account has FullAccess on the mailbox of the end user.



Related Topics

Delegating Roles and Receive-As Permissions to the Account

What To Do Next

Configuring a Presence Gateway on the Cisco Unified Presence Server.

6 Configuring a Presence Gateway on the Cisco Unified Presence Server

You must configure a Microsoft Exchange server (Microsoft Outlook) as a presence gateway for calendaring information exchange. This allows the Cisco Unified Presence server to collect availability information (calendar/meeting status) on a per-user basis and incorporate it into the availability status of the user.

Procedure


Step 1 Sign into Cisco Unified Presence Administration.

Step 2 Select Presence > Gateways.

Step 3 Select Add New.

Step 4 Select Outlook (Microsoft Exchange Calendaring gateway to allow the Exchange server to pass 'In a Meeting' availability information to Cisco Unified Presence.

Step 5 Enter a meaningful description in the Description field that will help you to distinguish between presence gateway instances when you have configured more than one type of gateway.

Step 6 Enter the server location for the presence gateway, and ensure that it matches the subject Common Name (CN) of the IIS certificate of the Exchange server. One of these values must connect with the Microsoft Exchange server:

FQDN

DNS SRV FQDN

IP address

See the Troubleshooting Tips for more information.

Step 7 Enter the name of the Receive-As account that Cisco Unified Presence uses to connect to the Microsoft Exchange server, in this format: <domain>\<username>, bearing in mind the following:.

If the Exchange server is configured to specify a default domain, it may not be necessary to include the domain as part of the user name.

Otherwise, specify the domain in front of the account name to avoid potential certificate errors (401 and 404 authentication responses).

See the Troubleshooting Tips for more information.

Step 8 Enter and confirm the Microsoft Exchange Account Password required for Cisco Unified Presence to connect to the Microsoft Exchange server. Enter the password again to confirm it. This value must match the Account Password of the previously configured account on the Microsoft Exchange Server.

Step 9 Enter the port used to connect with the Microsoft Exchange server. This value must match the available port on the Microsoft Exchange Server. See the Troubleshooting Tips for more information.


Troubleshooting Tips

As you configure the Outlook presence gateway, note the following:

You must upload a valid certificate chain to Cisco Unified Presence. The value of the Presence Gateway field should match the Subject CN value of the leaf certificate of this certificate chain. Expect that this Subject CN value will typically be either the FQDN or IP address of the Exchange server.

If you have configured DNS on Cisco Unified Presence, the Subject CN value of the leaf certificate can be either the FQDN or IP address. The value of the Presence Gateway field must match the Subject CN value of the leaf certificate.

If you have not configured DNS on Cisco Unified Presence, the Subject CN value of the leaf certificate must be an IP address. If the Subject CN value is not an IP address, you must regenerate this Exchange certificate to specify the IP address of the Exchange server as the Subject CN value. The value of the Presence Gateway field must match the Subject CN value of the leaf certificate.

Cisco Unified Presence integration with Microsoft Exchange must occur over a secure HTTP connection. We recommend you to use port 443 (default port) and not to change to other ports.

If you correctly configure the Receive-As account credentials and certificate exchange, desk phones enabled with Cisco IP Phone Messenger will display the scheduled meetings of users. To verify that the Outlook Presence Gateway is configured correctly, perform these steps on an appropriately configured phone:

a. Select Services.

b. Press PhoneMessenger.

c. Sign into the IP Phone Messenger Service.

d. Select 1 Today's meetings.

e. Verify that the user's meetings for the day are listed.

If you are localizing your Calendaring integration, you need to ensure that the Exchange server URL contains the localized word for "Calendar". Perform these steps:

Install the same language locales (load the locale installer) on both Cisco Unified Presence and the Exchange server. For more information about installing locales on Cisco Unified Presence, see [Optional] How to Configure Multilingual Support for Calendaring Integration.

Restart the Cisco Unified Presence server, and sign into Cisco Unified Presence Administration.

Find and delete the existing Exchange Presence Gateway that supports a different locale for calendaring (select Presence >Gateways).

Add a new Exchange Presence (Outlook) gateway. Select Add New.

You can verify in the database (pebackendgateway table) that the 'localecalendarname' attribute is in whichever language locale you have installed.

If you have connection problems with the Exchange server, see the System Troubleshooter in Cisco Unified Presence Administration and implement the recommended solution. Select Diagnostics > System Troubleshooter.

What To Do Next

If you configure Outlook as the Presence Gateway type, you must

1. Verify that the connection succeeded between Cisco Unified Presence and the Exchange server. See More information about Exchange connection status and recommended actions:.

2. Review the status of the Exchange SSL certificate chain and take corrective actions if required. See More information about SSL Connection/Certificate Verification status and recommended actions:.

3. Review the Exchange Server Status, SSL Connection Status and Certificate Verification Status, and follow the recommended corrective actions. See More information about SSL Connection/Certificate Verification status and recommended actions:.

More information about Exchange connection status and recommended actions:

Test
Status Description and Recommended Action

Exchange Reachability (pingable)

Cisco Unified Presence successfully reached (pinged) the Exhange server.

Exchange Reachability (unreachable)

Cisco Unified Presence failed to ping the Exchange server. The server may not be reachable due to an incorrect field value or a possible issue with the customer's network, for example, cabling.

To resolve this, ensure that the Exchange Server field contains the correct value (FQDN or IP address) to reach the Exchange server over the network. Note that the UI does not require the Presence Gateway field value to be the Subject CN value. You can enter an IP address or a resolvable host name. However, later in the configuration process, this value will resolve to the Subject CN value.


More information about SSL Connection/Certificate Verification status and recommended actions:

Test
Status Description and Recommended Action

SSL Connection/Certificate Verification - Verified

Cisco Unified Presence verified the SSL connection with the Exchange server. Select View for the certificate details.

SSL Connection/Certificate Verification Failed - Certificate Missing From Chain

One or more certificates that Cisco Unified Presence requires to establish a secure connection to the Exchange server are missing. The Certificate Viewer can provide details of the missing certificates.

Complete these steps in the Certificate Viewer to display any missing certificates:

1. Select Configure to open the Certificate Viewer.

2. Check Accept Certificate Chain.

3. Select Save.

4. The certificate chain details display. Note any certificates with a status of Missing.

5. Close the Certificate Viewer.

6. To complete the certificate chain, you must:

a. Download the missing certificates files from the Exchange server.

b. Copy or FTP the missing certificate files to the computer that you use to administer Cisco Unified Presence.

Troubleshooting Tips

If the certificates are not available in the Certificate Viewer, you may need to manually download and install the missing certificates from the Exchange server, and upload these certificates in Cisco Unified OS Administration as follows:

If required, go to Cisco Unified OS Administration and upload certificates to complete the certificate chain.

Return to the Certificate Import Tool window in Cisco Unified Presence Administration, reopen the Certificate Viewer, and verify in the Certificate Viewer that all certificates in the certificate chain now have a status of Verified.

Select either Configure or View to launch the Certificate Chain Viewer where you can view the details of the certificate chain. The Configure button will display if there are any issues with the certificate chain that Cisco Unified Presence downloads from the Exchange server - for example, the missing certificates scenario described above. Once you successfully import and verify the certificate chain, the SSL Connection / Certificate Verification status will update to Verified and the View button will replace Configure.

SSL Connection/Certificate Verification Failed- Subject CN Mismatch

The Presence Gateway field value must match the Subject CN value of the leaf certificate in the Certificate Chain. You can resolve this issue manually using the Certificate Viewer, or by entering the correct value in the Presence Gateway field.

Verify that your entry in the Presence Gateway field is correct as follows:

1. Reenter the correct Subject CN value in the Presence Gateway field. Cisco Unified Presence uses the Presence Gateway field value to ping the server. The host (FQDN or IP address) that you enter must exactly match the IIS certificate Subject Common Name.

2. Select Save.

Alternatively, complete these steps if you want to use the Certificate Viewer to resolve the Subject CN mismatch:

1. Select Configure to open the Certificate Viewer.

2. Select Accept Certificate Chain.

3. Select Save.

4. When you save the Certificate Chain, an alert displays to indicate a change to the Presence Gateway field value. After the window refreshes completely, close the Certificate Viewer.

5. Verify that the value of the Presence Gateway field is updated.

6. Verify that the value of the SSL Connection / Certificate Verification reads Verified.

Troubleshooting Tips

Select either Configure or View to launch the Certificate Chain Viewer where you can view the details of the certificate chain. The Configure button will display if there are any issues with the certificate chain downloaded from the Exchange server - for example, the missing certificates scenario described above. Once you successfully import and verify the certificate chain, the SSL Connection / Certificate Verification status will update to Verified and the View button will replace Configure.

SSL Connection/Certificate Bad Certificates

Information in the certificate is incorrect, which renders it invalid.

Typically, this occurs if the certificate matches the required Subject CN but not the public key. This could happen if the Exchange server regenerates the certificate but the Cisco Unified Presence server still maintains the old certificate.

To resolve this, complete these actions:

Select the logs to determine the cause of the error.

If the error is due to a bad signature, you need to remove the outdated certificate from Cisco Unified Presence in Cisco Unified OS Administration, and then upload a new certificate in Cisco Unified OS Administration.

If the error is due to an unsupported algorithm, you need to upload a new certificate that contains the supported algorithm in Cisco Unified OS Administration.

SSL Connection/Certificate Network Error

Due to network issues, for example, a no-response timeout, Cisco Unified Presence cannot verify the SSL connection.

We recommend that you verify the network connectivity to the Exchange server, and ensure that the Exchange server is accepting connections using the correct IP address and port number.

SSL Connection/Certificate Verification Failed

Verification failed for a non-specific reason or because Cisco Unified Presence cannot perform the reachability test.

We recommend that you review the debug log files for more information.


Related Topics

Uploading the Root Certificate to the Cisco Unified Presence Server

Configuration and Maintenance Guide for Cisco Unified Presence.

Cisco Unified Communications Operating System Maintenance Guide for Cisco Unified Presence

7 Configuring Microsoft Active Directory for Integration with Cisco Unified Presence

After the Exchange server is installed and configured, you can add your users to the Active Directory and associate telephone numbers with those users.

In the Microsoft Active Directory Application window, add a user name and the telephone number that are associated with each particular user. The user names configured in Active Directory must be identical to those names defined in Cisco Unified Communications Manager.


Note For detailed information about how to configure Active Directory, see the Active Directory online help. You can also find more information about Microsoft Windows Server Active Directory at the following URL:
http://technet2.microsoft.com/windowsserver/en/technologies/featured/ad/default.mspx


8 How to Configure Security between Cisco Unified Presence and the Microsoft Exchange Server

The certificate exchange process in this section applies to Windows 2003 and Windows 2008. Note, however, that some of the configuration procedures will differ depending on your platform.

Installing the CA Service

Downloading the Root Certificate

Uploading the Root Certificate to the Cisco Unified Presence Server

Generating a CSR on IIS of Exchange Server

Submitting the CSR to the CA Server

Downloading the Signed Certificate.

Uploading the Signed Certificate onto Exchange IIS

Installing the CA Service

The Certificate Authority (CA) can be the same as the Exchange server. However, Cisco recommends you to use a different Windows server to run the CA.

Installing the CA on Windows Server 2003

Installing the CA on Windows Server 2008

Installing the CA on Windows Server 2003

Before You Begin

Ensure that you have Windows Server disc 1 and SP1 discs.

Procedure


Step 1 Select Start > Control Panel > Add or Remove Programs.

Step 2 Select Add/Remove Windows Components in the Add or Remove Programs window.

Step 3 Check Certificate Services under Components.

Step 4 Select Yes when the Warning displays about domain membership.

Step 5 Complete these actions in the CA Type window:

a. Select Stand-alone Root CA.

b. Select Next.

Step 6 Complete these actions in the CA Identifying Information window:

a. Enter the name of the server in the Common Name field for the CA Server. If there is no DNS, type the IP address.

b. Select Next.

Step 7 Accept the defaults settings in the Certificate Database Settings window, and select Next.

Step 8 Select Yes when you are prompted to stop Internet Information Services.

Step 9 Select Yes when you are prompted to enable Active Server Pages (ASP).

Step 10 Select Finish after the installation process completes.


Troubleshooting Tips

Remember that the CA is a third-party authority. The common name of the CA should not be the same as the common name used to generate a CSR.

Related Topics

Prerequisites for this Integration

What To Do Next

Downloading the Root Certificate

Installing the CA on Windows Server 2008

Procedure


Step 1 Select Start > Administrative Tools > Server Manager.

Step 2 Select Roles in the console tree.

Step 3 Select Action > Add Roles.

Step 4 Complete the Add Roles wizard:

Window
Configuration Steps

Before You Begin Window

Page 1 of 13

a. Ensure that you have completed all prerequisites listed in the window.

b. Select Next.

Select Server Roles Window

Page 2 of 13

a. Check Active Directory Certificate Services.

b. Select Next.

Introduction Window

Page 3 of 13

Select Next.

Select Role Services Window

Page 4 of 13

a. Check these check boxes:

Certificate Authority

Certificate Authority Web Enrollment

Online Responder

b. Select Next.

Specify Setup Type Window

Page 5 of 13

Select Standalone.

Specify CA Type Window

Page 6 of 13

Select Root CA.

Set Up Private Key Window

Page 7 of 13

Select Create a new private key.

Configure Cryptography for CA Window

Page 8 of 13

Select the default cryptographic service provider.

Configure CA Name Window

Page 9 of 13

Enter a common name to identify the CA.

Set Validity Period Window

Page 10 of 13

Set the validity period for the certificate generated for the CA.

Note The CA will issue valid certificates only to the specified expiration date.

Configure Certificate Database Window

Page 11 of 13

Select the default certificate database locations.

Confirm Installation Selections Window

Page 12 of 13

Select Install.

Installation Results Window

Page 13 of 13

a. Verify that the Installation Succeeded message displays for all components.

b. Select Close.

Note Active Directory Certificate Services is now listed as one of the roles on the Server Manager.



Related Topics

Prerequisites for this Integration

What To Do Next

Downloading the Root Certificate

Downloading the Root Certificate

Before You Begin

Install the CA service.

Procedure


Step 1 Sign in to your CA server and open a web browser.

Step 2 Open the URL specific to your windows platform type:

Windows server 2003 - http://127.0.0.1/certsrv

Windows server 2008 - https://127.0.0.1/certsrv

Step 3 Select Download a CA certificate, certificate chain, or CRL.

Step 4 For the Encoding Method, select Base 64.

Step 5 Select Download CA Certificate.

Step 6 Save the certificate, certnew.cer, to the local disk.


Troubleshooting Tips

If you do not know the Subject Common Name (CN) of the root certificate, you can use an external certificate management tool to find this information. On a Windows operating system, right-click the certificate file with a .CER extension and open the certificate properties.

Related Topics

Installing the CA Service

What To Do Next

Uploading the Root Certificate to the Cisco Unified Presence Server

Uploading the Root Certificate to the Cisco Unified Presence Server

Cisco Unified Presence allows you to upload Exchange server trust certificates with or without a Subject Common Name (CN).

Before You Begin

Download the root certificate.

If you have a third-party CA-signed Exchange server certificate, note that you must upload all CA certificates in the certificate chain to Cisco Unified Presence as a Cisco Unified Presence Trust certificate (cup-trust).

Procedure


Step 1 Choose your upload method and complete the steps:

If a certificate is:
Upload the certificate via:
Actions

Not yet uploaded, and has no Subject CN

Certificate Import Tool in Cisco Unified Presence Administration.

The Certificate Import tool simplifies the process of installing trust certificates on Cisco Unified Presence and is the primary method for certificate exchange. The tool allows you to specify the host and port of the Exchange server and attempts to download the certificate chain from the server. Once approved, the tool will automatically install missing certificates.


Note The Certificate Import Tool is the primary method to upload certificates. However, note that you may still need to manually import the certificates as described below.


a. Select System > Security > Certificate Import Tool.

b. Select CUP Trust as the Certificate Trust Store where you want the to install the certificates. This stores the Presence Engine trust certificates required for Exchange Integration.

c. Enter one of these values to connect with the Exchange server:

IP address

Host name

FQDN

The value that you enter in this Peer Server field must exactly match the IP address, host name or FQDN of the Exchange server.

d. Enter the port that will allow communication with the Exchange server. This value must match the available port on the Exchange server.

e. Select Submit. After the tool finishes, it reports these states for each test:

Peer Server Status—indicates if Cisco Unified Presence has successfully established a secure connection with Exchange server. See More information about Exchange connection status and recommended actions:.

SSL Connection/Certificate Verification Status—indicates whether or not the Certificate Import Tool succeeded in downloading certificates from the specified peer server. See More information about SSL Connection/Certificate Verification status and recommended actions:.

Already uploaded, and has a Subject CN

Cisco Unified Operating System Administration

If the Exchange server does not provide the CA certificates during the SSL/TLS handshake, you cannot use the Certificate Import Tool to import those certificates. In this case, you must manually import the missing certificates using the Certificate Management tool in Cisco Unified OS Administration (select Security > Certificate Management).

a. Copy or FTP the certnew.cer certificate file to the computer that you use to administer your Cisco Unified Presence server.

b. From the Navigation menu on the Cisco Unified Presence Administration login window, select Cisco Unified OS Administration and select Go.

c. Enter your username and password for Cisco Unified Operating System Administration and select Login.

d. Select Security > Certificate Management.

e. Select Upload Certificate in the Certificate List window.

f. Complete these actions when the Upload Certificate pop-up window displays:

Select Cisco Unified Presence Trust from the Certificate Name list box.

Enter the root certificate name without any extension.

g. Select Browse and select certnew.cer.

h. Select Upload File.


Step 2 Restart the Presence Engine and SIP Proxy service after you upload all Exchange trust certificates.


Troubleshooting Tips

If you use the Meeting Notification feature, you must restart the Presence Engine and SIP Proxy for all types of certificates. After you upload your certificates, go to Cisco Unified Serviceability and restart the Presence Engine first followed by the Proxy restart.

Related Topics

Downloading the Root Certificate

Configuring a Presence Gateway on the Cisco Unified Presence Server

Serviceability Configuration and Maintenance Guide for Cisco Unified Presence

What To Do Next

Generating a CSR on IIS of Exchange Server

Generating a CSR on IIS of Exchange Server

Generating a CSR - Running Window Server 2003

Generating a CSR - Running Window Server 2008

Generating a CSR - Running Window Server 2003

You must generate a Certificate Signing Request on the IIS server for Exchange, which is subsequently signed by the CA server.

Before You Begin

Upload the root certificate to Cisco Unified Presence.

Procedure


Step 1 From Administrative Tools, open Internet Information Services.\

Step 2 Complete the following steps in the Internet Information Services window:

a. Right-click Default Web Site

b. Select Properties.

Step 3 Complete the following steps in the Default Web Site Properties window:

a. Select the Directory Security tab.

b. Select Server Certificate.

Step 4 Select Next when the Web Server Certificate Wizard window displays.

Step 5 Complete the Web Server Certificate Wizard:

Window
Configuration Steps

Server Certificate Window

Page 1 of 9

a. Select Create a new certificate.

b. Select Next.

Delayed or Immediate Request Window

Page 2 of 9

a. Select Prepare the request now, but send it later.

b. Select Next.

Name and Security Settings Window

Page 3 of 9

a. Accept the Default Web Site certificate name

b. Select 1024 for the bit length.

c. Select Next.

Organization Information Window

Page 4 of 9

a. Enter your Company name in the Organization field.

b. Enter the organizational unit of your company in the Organizational Unit field.

c. Select Next.

Your Site's Common Name Window

Page 5 of 9

a. For Common Name, enter the Exchange Server hostname or IP address.


Note The IIS certificate Common Name that you enter is used to configure the Presence Gateway on Cisco Unified Presence, and must be identical to the Host (URI or IP address) you are trying to reach.


b. Select Next.

Geographical Information Window

Page 6 of 9

a. Enter your geographical information, as follows:

Country/Region

State/province

City/locality

b. Select Next.

Certificate Request File Name Window

Page 7 of 9

a. Enter an appropriate filename for the certificate request.

a. Select Next.


Note Make sure that you save the CSR without any extension and only use Notepad to open the file.


Request File Summary Window

Page 8 of 9

a. Review your information about the Request File Summary window.

b. Select Next.

Web Server Certificate Completion Window

Page 9 of 9

Select Finish.



Related Topics

Uploading the Root Certificate to the Cisco Unified Presence Server

What To Do Next

Submitting the CSR to the CA Server

Generating a CSR - Running Window Server 2008

You must generate a Certificate Signing Request on the IIS server for Exchange, which is subsequently signed by the CA server.

Before You Begin

Upload the root certificate to Cisco Unified Presence.

Procedure


Step 1 From Administrative Tools, open Internet Information Services (IIS) Manager.

Step 2 Select the Exchange Server under Connections in the left frame of the IIS Manager.

Step 3 Double-click Server Certificates.

Step 4 Select Create Certificate Request under Actions in the right frame of the IIS Manager.

Step 5 Complete the Request Certificate Wizard:

Window
Configuration Steps

Distinguished Name Properties Window

Page 1 of 5

a. For Common Name, enter the Exchange Server hostname or IP address.


Note The IIS certificate Common Name that you enter is used to configure the Presence Gateway on Cisco Unified Presence, and must be identical to the Host (URI or IP address) you are trying to reach.


b. Enter your Company name in the Organization field.

c. Enter the organizational unit that your company belongs to in the Organizational Unit field.

d. Enter your geographical information, as follows:

City/locality

State/province

Country/Region

e. Select Next.

Cryptographic Service Provider Properties Window

Page 2 of 5

a. Accept the default Cryptographic service provider

2. Select 1024 for the bit length.

a. Select Next.

Certificate Request File Name Window

Page 3 of 5

a. Enter an appropriate filename for the certificate request.

a. Select Next.


Note Make sure that you save the CSR without any extension and only use Notepad to open the file.


Request File Summary Window

Page 4 of 5

a. Confirm that the information is correct in the Request File Summary window.

b. Select Next.

Request Certificate Completion Window

Page 5 of 5

Select Finish.



Submitting the CSR to the CA Server

We recommend that the default SSL certificate, generated for Exchange on IIS, should use the Fully Qualified Domain Name (FQDN) of the Exchange server and be signed by a Certificate Authority Cisco Unified Presence trusts. This procedure allows the CA to sign the CSR from Exchange IIS. Perform the following procedure on your CA server, and configure the FQDN of the Exchange server in the:

Exchange certificate.

Outlook Gateway field in Cisco Unified Presence Administration.

Before You Begin

Generate a CSR on IIS of the Exchange server.

Procedure


Step 1 Copy the certificate request file to your CA server.

Step 2 Open the following URL:

http://local-server/certserv

or

http://127.0.0.1/certsrv

Step 3 Select Request a certificate.

Step 4 Select advanced certificate request.

Step 5 Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

Step 6 Using a text editor like Notepad, open the CSR that you generated.

Step 7 Copy all information from and including

-----BEGIN CERTIFICATE REQUEST

to and including

END CERTIFICATE REQUEST-----

Step 8 Paste the content of the CSR into the Certificate Request text box

Step 9 (Optional) By default the Certificate Template drop-down list defaults to the Administrator template, which may or may not produce a valid signed certificate appropriate for server authentication. If you have an enterprise root CA, select the "Web Server"certificate template from the Certificate Template drop-down list. The "Web Server" certificate template may not display, and therefore this step may not apply, if you have already modified your CA configuration.

Step 10 Select Submit.

Step 11 In Administrative Tools, select Start > Administrative Tools > Certification > Authority >CA name > Pending request to open the Certification Authority. The Certificate Authority window displays the request you just submitted under Pending Requests.

Step 12 Right click on your request, and complete these actions:

Navigate to All Tasks.

Select Issue.

Step 13 Select Issued certificates and verify that your certificate has been issued.


Related Topics

Generating a CSR on IIS of Exchange Server

What To Do Next

Downloading the Signed Certificate.

Downloading the Signed Certificate

Before You Begin

Submit the CSR to the CA server.

Procedure


Step 1 In Administrative Tools, open the Certification Authority. The Certificate Request that you just issued displays in Issued Requests.

Step 2 Right click the request and select Open.

Step 3 Select the Details tab.

Step 4 Select Copy to File.

Step 5 Select Next when the Certificate Export Wizard displays.

Step 6 Complete the Certificate Export Wizard:

Window
Configuration Steps

Export File Format Window

Page 1 of 3

a. Select Base-64 encoded X.509.

b. Select Next.

File to Export Window

Page 2 of 3

a. Enter the location where you want to store the certificate and use cert.cer for the certificate name, for example, c:/cert.cer.

b. Select Next.

Certificate Export Wizard Completion Window

Page 3 of 3

a. Review the summary information.

b. Select Finish.


Step 7 Copy or FTP the cert.cer to the computer that you use to administer Cisco Unified Presence.


Related Topics

Submitting the CSR to the CA Server

What To Do Next

Uploading the Signed Certificate onto Exchange IIS

Uploading the Signed Certificate onto Exchange IIS

Uploading the Signed Certificate - Running Windows 2003

Uploading the Signed Certificate - Running Windows 2008

Uploading the Signed Certificate - Running Windows 2003

This procedure takes the signed CSR and uploads it onto IIS. To upload the signed certificate, perform the following step on the computer that you use to administer Cisco Unified Presence.

Before You Begin

Download the signed certificate.

Procedure


Step 1 From Administrative Tools, open Internet Information Services.

Step 2 Complete the following steps in the Internet Information Services window:

a. Right click Default Web Site

b. Select Properties.

Step 3 Complete the following steps in the Default Web Site Properties window:

a. Select the Directory Security tab.

b. Select Server Certificate.

Step 4 Select Next when the Web Server Certificate Wizard window displays.

Step 5 Complete the Web Server Certificate Wizard:

Window
Configuration Steps

Pending Certificate Request Window

Page 1 of 4

a. Select Process the pending request and install the certificate.

b. Select Next.

Process a Pending Request Window

Page 2 of 4

a. Select Browse to locate your certificate.

b. Navigate to the correct path and filename.

c. Select Next.

SSL Port Window

Page 3 of 4

a. Enter 443 for the SSL port.

b. Select Next.

Web Server Certificate Completion Window

Page 4 of 4

Select Finish.



Troubleshooting Tips

If your certificate is not in the trusted certificates store, the signed CSR will not be trusted. To establish trust, Complete these actions:

Select View Certificate in the Directory Security tab.

Select Details > Highlight root certificate, and select View.

Select the Details tab for the root certificate and install the certificate.

Related Topics

Downloading the Signed Certificate

Uploading the Signed Certificate - Running Windows 2008

This procedure takes the signed CSR and uploads it onto IIS. To upload the signed certificate, perform the following step on the computer that you use to administer Cisco Unified Presence.

Before You Begin

Download the signed certificate.

Procedure


Step 1 From Administrative Tools, open Internet Information Services (IIS) Manager.

Step 2 Select the Exchange Server under Connections in the left frame of the IIS Manager.

Step 3 Double-click Server Certificates.

Step 4 Select Complete Certificate Request under Actions in the right frame of the IIS Manager.

Step 5 Complete these actions in the Specify Certificate Authority Response window:

a. Select the ellipsis [...] to locate your certificate.

b. Navigate to the correct path and filename.

c. Enter a user-friendly name for your certificate.

d. Select Ok. The certificate that you completed will display in the certificate list.

Step 6 Complete the following steps in the Internet Information Services window to bind the certificate:

a. Select Default Web Site.

b. Select Bindings under Actions in the right frame of the IIS Manager.

Step 7 Complete the following steps in the Site Bindings window:

a. Select https.

b. Select Edit

Step 8 Complete the following steps in the Edit Site Binding window:

a. Select the certificate that you just created from the SSL certificate list box. The "friendly name" that you applied to the certificate will display.

b. Select Ok.


9 [Optional] How to Configure Multilingual Support for Calendaring Integration

User locales are country-specific, and user locale files provide the translated text for user applications and user web pages in a given locale. If you want to expand your Microsoft Exchange deployment to support multiple languages, you must configure Cisco Unified Communications Manager and Cisco Unified Presence to support the user locales that you require in your calendaring integration. There is no limit to the number of supported languages.

Installing the Locale Installer on Cisco Unified Communications Manager

Installing the Locale Installer on Cisco Unified Presence

Setting User Locales for Multilingual Calendaring Integration

Installing the Locale Installer on Cisco Unified Communications Manager

Before you begin this procedure, consider the following caveats:

You must install Cisco Unified Communications Manager (Release 6.x or a higher release) on every server in the cluster before you install the Cisco Unified Communications Manager locale installer.

If you want to use a locale other than English, you must install the appropriate language installers on both Cisco Unified Communications Manager and on Cisco Unified Presence. Ensure the locale installer is installed on every server in the cluster (install on the Publisher server before the Subscriber servers).

User locales should not be set until all appropriate locale installers are loaded on both systems. Users may experience problems with calendaring if they inadvertently set their user locale after the locale installer is loaded on Cisco Unified Communications Manager but before the locale installer is loaded on Cisco Unified Presence. If issues are reported, we recommend that you notify each user to sign into Cisco Unified Communications Manager User Options pages and change their locale from the current setting to English and then back again to the appropriate language. Yo u can also use the BAT tool to synchronize user locales to the appropriate language.

You must restart the server for the changes to take effect. After you complete all locale installation procedures, restart each server in the cluster. Updates do not occur in the system until you restart all servers in the cluster; services restart after the server reboots.

Make sure that you install the same components on every server in the cluster.

To complete this procedure on Cisco Unified Communications Manager, see the Cisco Unified Communications Operating System Administration Guide here:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/8_0_1/cucos/iptpch7.html#wp1054072

What To Do Next

Installing the Locale Installer on Cisco Unified Presence

Installing the Locale Installer on Cisco Unified Presence

Before You Begin

Install the locale installer on Cisco Unified Communications Manager. If you want to use a locale other than English, you must install the appropriate language installers on both Cisco Unified Communications Manager and on Cisco Unified Presence.

If your Cisco Unified Presence cluster has more than one node, make sure that the locale installer is installed on every server in the cluster (install on the Publisher server before the Subscriber servers).

User locales should not be set until all appropriate locale installers are loaded on both systems. Users may experience problems with calendaring if they inadvertently set their user locale after the locale installer is loaded on Cisco Unified Communications Manager but before the locale installer is loaded on Cisco Unified Presence. If issues are reported, we recommend that you notify each user to sign into Cisco Unified Communications Manager user options pages and change their locale from the current setting to English and then back again to the appropriate language. Yo u can also use the BAT tool to synchronize user locales to the appropriate language.

You must restart the server for the changes to take effect. After you complete all locale installation procedures, restart each server in the cluster. Updates do not occur in the system until you restart all servers in the cluster; services restart after the server reboots.

Procedure


Step 1 Browse to this location on Cisco.com to locate the Cisco Unified Presence locale installer:

http://tools.cisco.com/support/downloads/go/ReleaseType.x?optPlat=&isPlatform=Y&mdfid=281820245&sftType=Unified+Presence+Locale+Installer&treeName=Voice+and+Unified+Communications&modelName=Cisco+Unified+Presence+Version+7.0&mdfLevel=Software%20Version/Option&treeMdfId=278875240&modifmdfid=null&imname=&hybrid=Y&imst=N

Step 2 Select the version of the Cisco Unified Presence locale installer that is appropriate for your working environment.

Step 3 After downloading the file, save the file to the hard drive and note the location of the saved file.

Step 4 Copy this file to a server that supports SFTP.

Step 5 Sign into Cisco Unified OS Administration using your administrator account and password.

Step 6 Select Software Upgrades > Install/Upgrade.

Step 7 Select Remote File System as the software location source.

Step 8 Enter the file location, for example /tmp, in the Directory field.

Step 9 Enter the name of the server that contains the locale installer file (the server that you specified in Step 4). This copies the file to your Cisco Unified Presence server where you can install it.

Step 10 Enter your username and password credentials in the User Name and User Password fields.

Step 11 Select SFTP for the Transfer Protocol.

Step 12 Select Next.

Step 13 Select the Cisco Unified Presence locale installer from the list of search results.

Step 14 Select Next to load the installer file and validate it.

Step 15 After you complete the locale installation, restart each server in the cluster.

Step 16 The default setting for installed locales is "English, United States". While your Cisco Unified Presence server is restarting, change the language of your browser, if necessary, to match the locale of the installer that you have downloaded.

If you use this browser:
Configuration Steps

Internet Explorer

Version 6.x

a. Select Tools > Internet Options.

b. Select the General tab.

c. Select Languages.

d. Use the Move Up button to move your preferred language to the top of the list.

e. Select OK.

Mozilla Firefox

Version 3.x

a. Select Tools > Options.

b. Select the Content tab.

c. Select Choose in the Languages section of the window.

d. Use the Move Up button to move your preferred language to the top of the list.

e. Select OK.


Step 17 Verify that your users can select the locale(s) for supported products.


Troubleshooting Tips

Make sure that you install the same components on every server in the cluster.

What To Do Next

Setting User Locales for Multilingual Calendaring Integration

Setting User Locales for Multilingual Calendaring Integration

There are two ways to complete this procedure, depending on whether your role is the Administrator or user.

Before You Begin

Install the Cisco Unified Communications Manager and Cisco Unified Presence Locale Installers that contain all the available languages. User locales should not be set until all appropriate locale installers are loaded on both systems.

You may experience problems with calendaring if you inadvertently set your user locale after the locale installer is loaded on Cisco Unified Communications Manager but before the locale installer is loaded on Cisco Unified Presence. To force the system to use the appropriate language, we recommend that you sign into Cisco Unified Communications Manager user pages and change the user locale from the current setting to English. Then reset the locale to the language that you require.

Procedure


Step 1 Complete the procedure specific to your role, as follows:

If you are an:
Configuration Steps

Administrator

a. Sign in to Cisco Unified Communications Manager Administration using the administrator account and password.

b. Select User Management > End User.

c. Use the Find and List functionality to search for and locate the user that you require.

d. Select the User ID hyperlink for the user that you require.

e. Select the appropriate language for the user from the User Locale drop-down list.

f. Select Save.

User

a. Sign in to Cisco Unified Communications Manager User Options using the user account and password.

b. Select User Options > User Settings Configuration.

c. Select the appropriate language for the user from the User Locale drop-down list.

d. Select Save.



Related Topics

Installing the Locale Installer on Cisco Unified Communications Manager

Installing the Locale Installer on Cisco Unified Presence

10 [Optional] Configuring the Microsoft Exchange Notification Port

By default, the Presence Engine listens for incoming notifications from the Exchange server on UDP port 50020. This topic only applies if you want to use another port for any reason specific to your network configuration.

Before You Begin

If you change from the default port, make sure that the replacement port that you assign is not already in use.

Procedure


Step 1 Select Cisco Unified Presence Administration > System > Service Parameters.

Step 2 Select the Cisco Unified Presence server from the Server menu.

Step 3 Select Cisco UP Presence Engine (Active) from the Service menu.

Step 4 Edit the parameter value for the Microsoft Exchange Notification Port field in the Presence Engine Configuration section. By default this parameter is 50020.

Step 5 Select Save.


Troubleshooting Tips

If you change from the default port, the Presence Engine will continue to use the existing calendar information for users, (including the number of meetings and the start and end times) until such time as the Exchange subscription for the user is renewed. It may take up to an hour for the Presence Engine to receive notifications that a user's calendar has changed.

11 [Optional] Configuring the Duration Range of Microsoft Exchange Calendar Notifications

By default, the Presence Engine allows for meeting/busy notifications to be sent 50 seconds after the top-of-minute. If you have a small user base, we recommend that your shorten this delay using the formula specified in this procedure. However, note that this topic is optional and only applies if you want to change the duration range for any reason specific to your network configuration.

Before You Begin

Use this formula to configure this field value (in seconds): Maximum number of assigned users / 100. For example, if a node has a maximum number of users of 1000, then the offset range is 10 seconds.

Procedure


Step 1 Select Cisco Unified Presence Administration > System > Service Parameters.

Step 2 Select the Cisco Unified Presence server from the Server menu.

Step 3 Select Cisco UP Presence Engine (Active) from the Service menu.

Step 4 Edit the parameter value in the Calendar Spread field. By default this parameter is 50.

Step 5 Select Save.


What To Do Next

You must restart the Cisco UP Presence Engine if you change this parameter. Select Cisco Unified Serviceability > Tools > Service Activation.

Troubleshooting Tips

This parameter limit is 59 seconds. If meetings start or end more than one minute late, it interferes with meeting start/end counters and notifications.

12 Known Issues with Microsoft Exchange Server Integration

Microsoft Exchange 2003

Microsoft Exchange 2003

Applying Microsoft HotFix KB841561

Form-Based Authentication

Applying Microsoft HotFix KB841561

Apply Microsoft HotFix KB841561 if you encounter problems with the Exchange 2003 server and it returns a "500 Internal Server Error".

Procedure


Step 1 Uninstall SP2 for Windows Server 2003 and for Microsoft Exchange 2003.

Step 2 Install SP1 for Windows Server 2003 and Exchange 2003.

Step 3 Download and install KB841561 from the following URL: http://www.microsoft.com/downloads/details.aspx?familyid=050be883-11fc-4045-b988-c737e79c65d0&displaylang=en

Step 4 Install SP2 for Windows Server 2003 and for Microsoft Exchange 2003.


Form-Based Authentication

Issues with Form-Based Authentication (FBA) do not exist in Release 7.0(3) or higher releases of Cisco Unified Presence.

13 Getting More Information

Cisco Unified Presence

For additional Cisco Unified Presence documentation, see the following URL:

http://www.cisco.com/en/US/products/ps6837/tsd_products_support_series_home.html

Cisco Unified Communications Manager

For Cisco Unified Communications Manager documentation, see the following URL:

http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.html

Microsoft Exchange 2003

For details on installing, configuring and deploying MS Exchange 2003, see the following URL:

http://technet.microsoft.com/en-us/library/bb123872.aspx

Microsoft Exchange 2007

For details on installing, configuring and deploying MS Exchange, see the following URL:

http://technet.microsoft.com/en-us/library/bb124558.aspx

For more information about how to configure FBA for Outlook web access in Exchange 2007, see the following URL:

http://technet.microsoft.com/en-us/library/aa998867(EXCHG.80).aspx

Microsoft Active Directory

For information about Microsoft Windows Server Active Directory, see the following URL

http://technet2.microsoft.com/windowsserver/en/technologies/featured/ad/default.mspx