Table Of Contents
Configuring Cisco Unified Presence Release 8.0 with Microsoft Exchange Server
Calendaring Integration with Microsoft Exchange
Overview of Components
Prerequisites for this Integration
How to Configure Cisco Unified Presence for Integration with Microsoft Exchange 2003
Requirements for This Integration
Creating a Receive-As Account
Creating a User Account
Delegating Control as Exchange View Only to the Account
Adding Receive-As Permissions to the Account
How to Configure Cisco Unified Presence for Integration with Microsoft Exchange 2007
Requirements for This Integration
Creating an Account with a Mailbox
Delegating Roles and Receive-As Permissions to the Account
Verifying Permissions on the Exchange Account
Configuring a Presence Gateway on the Cisco Unified Presence Server
Configuring Microsoft Active Directory for Integration with Cisco Unified Presence
How to Configure Security between Cisco Unified Presence and the Microsoft Exchange Server
Installing the CA Service
Installing the CA on Windows Server 2003
Installing the CA on Windows Server 2008
Downloading the Root Certificate
Uploading the Root Certificate to the Cisco Unified Presence Server
Generating a CSR on IIS of Exchange Server
Generating a CSR - Running Window Server 2003
Generating a CSR - Running Window Server 2008
Submitting the CSR to the CA Server
Downloading the Signed Certificate
Uploading the Signed Certificate onto Exchange IIS
Uploading the Signed Certificate - Running Windows 2003
Uploading the Signed Certificate - Running Windows 2008
[Optional] How to Configure Multilingual Support for Calendaring Integration
Installing the Locale Installer on Cisco Unified Communications Manager
Installing the Locale Installer on Cisco Unified Presence
Setting User Locales for Multilingual Calendaring Integration
[Optional] Configuring the Microsoft Exchange Notification Port
[Optional] Configuring the Duration Range of Microsoft Exchange Calendar Notifications
Known Issues with Microsoft Exchange Server Integration
Microsoft Exchange 2003
Applying Microsoft HotFix KB841561
Form-Based Authentication
Getting More Information
Cisco Unified Presence
Cisco Unified Communications Manager
Microsoft Exchange 2003
Microsoft Exchange 2007
Microsoft Active Directory
Integration Guide
Configuring Cisco Unified Presence Release 8.0 with Microsoft Exchange Server
Revised: April 7, 2010
1 Calendaring Integration with Microsoft Exchange
Microsoft Exchange calendaring allows users to correlate their calendar status in Microsoft Outlook with their availability status in Cisco Unified Presence. The table below shows how Cisco Unified Presence updates the availability status based on the status of a user as shown in the Microsoft Outlook calendar.
Table 1 Aggregated Presence State Based on Calendar State
Cisco Unified Presence State
|
Microsoft Outlook State
|
Available
|
Free/Tentative
|
Idle/Busy
|
Busy
|
Away
|
Out of Office
|
2 Overview of Components
This document provides you with instructions for integrating Cisco Unified Presence with Microsoft Exchange Calendar 2003 or 2007. Figure 1 shows how the Microsoft Exchange server (2003 or 2007 versions) integrates in the presence network provided by Cisco Unified Presence via a calendar module interface.
Cisco Unified Presence communicates with the Exchange server using Outlook Web Access (OWA), a WebDAV interface exposed by the Exchange server. The integration with Microsoft Exchange requires a Presence Gateway to be configured on Cisco Unified Presence for calendar applications. Once you configure this Presence Gateway for Outlook, Cisco Unified Presence can retrieve the calendar state of a user (Free, Busy, Out of Office) and map it to an availability status for the user (Available, Busy, Away).
Figure 1 Microsoft Exchange Integration with Cisco Unified Presence Architecture
3 Prerequisites for this Integration
Before you proceed with this integration, ensure that:
•
You are running one of the following Windows environments:
–Active Directory 2003 and Windows Server 2003 -- OR --
–Active Directory 2008 and Windows Server 2008
•Cisco Unified Communications Manager (Release 6.x or a higher release) is installed and configured.
•Cisco Unified Presence (Release 8.0) is installed and correctly deployed with a Cisco Unified Communications Manager server.
•One of the following Microsoft Exchange platforms is installed together with the latest updates:
a. Microsoft Exchange Server 2003
–Servers should be running the latest Service Packs for both Windows Server 2003 (SP2) or 2008 (SP2) and Microsoft Exchange 2003 (SP2). -- OR --
b. Microsoft Exchange Server 2007
–Servers should be running the latest Service Packs for both Windows Server 2003 (SP2) or 2008 (SP2) and Microsoft Exchange 2007 (SP1).
•You have a third-party certificate or certificate server required to generate the certificates.
•Use the Cisco Unified Presence User Options pages to configure calendaring states on client applications.
Related Topics
•Microsoft Service Pack Road Map
•Known Issues with Microsoft Exchange Server Integration
4 How to Configure Cisco Unified Presence for Integration with Microsoft Exchange 2003
•Requirements for This Integration
•Creating a Receive-As Account.
•Creating a User Account
•Delegating Control as Exchange View Only to the Account
•Adding Receive-As Permissions to the Account
Requirements for This Integration
Cisco Unified Presence requires an Exchange account with special permissions to query end-user calendaring data. You may already have an administrator account that is configured on the Exchange server. We recommend that you create a separate administrator account for Exchange Calendar integration because the default administrator configuration may not let you log into other user accounts.
The Exchange account must comply with the following requirements:
•Be a member of the "Exchange View-Only Administrator" group.
•Have "Receive-As" permission on the end-user mailboxes. A user account is a regular account used by a regular Exchange user. Cisco Unified Presence requires additional Receive-As account privileges to inspect all the calendars of the user. We recommend you to assign this permission at a higher level (such as mail storage group) to enable population of all the mailboxes in the mail storage group.
Creating a Receive-As Account
Before You Begin
Ensure that you have completed the prerequisites, and understand the requirements for this integration.
Procedure
Step 1 Create a new account on the Exchange server.
Step 2 Check Delegate Control as Exchange View Only.
Step 3 Add Receive Permissions to the account.
Troubleshooting Tips
If you cannot see Administrative Groups, right click Exchange and check Display Administrative Groups.
Related Topics
•Prerequisites for this Integration
•Requirements for This Integration
What To Do Next
Creating a User Account
Creating a User Account
Before You Begin
Create a Receive-As account.
Procedure
Step 1 Start Active Directory Users and Computers (ADUC) on the Exchange server.
Step 2 Complete the following actions:
a. Right click the Users container.
b. Select New | User.
Step 3 Enter the naming information for the user account in the New Object User window.
Step 4 Select Next.
Step 5 Select Next again to accept the default mailbox settings for the user account.
Step 6 Select Finish to complete creating the user account.
Related Topics
Creating a Receive-As Account
What To Do Next
Delegating Roles and Receive-As Permissions to the Account
Delegating Control as Exchange View Only to the Account
Before You Begin
Create a User account.
Procedure
Step 1 Open the Exchange System Manager on the Exchange server.
Step 2 Navigate to the Administrative Groups folder.
Step 3 Select the Administrative Group to which you want to add the account that you created.
Step 4 Complete these actions:
a. Right click the group.
b. Select Delegate Control from the pop-up menu.
Step 5 Select Next in the Exchange Administration Delegation Wizard window.
Step 6 Select Add.
Step 7 Select Browse and select the user account that you created.
Step 8 For the role, select Exchange View Only Administrator.
Step 9 Select OK.
Step 10 Select Finish to save your changes.
Troubleshooting Tips
If you cannot see Administrative Groups, right click Exchange and check Display Administrative Groups.
Related Topics
Creating a User Account
What To Do Next
Adding Receive-As Permissions to the Account
Adding Receive-As Permissions to the Account
Cisco Unified Presence requires Receive-As permissions on the account to enable it to log in to that account when it connects to the Exchange server. However, because this account does not typically receive mail, you do not need to be concerned about allocating space for it.
Before You Begin
Delegate Exchange View Only control to the account.
Procedure
Step 1 Open the Exchange System Manager on the Exchange server.
Step 2 Select Administrative Groups > First Administrative Group > Servers > First Server > Mailbox Store.
Step 3 Right click the mailbox store and select Properties.
Step 4 Complete these actions:
a. Select the Security tab.
b. Select Add.
Step 5 Enter the name of the account that you want to use in the Enter the object name to select field.
Step 6 Select Receive-As to grant Receive-As permissions to this administrator account, and on all mailbox stores against which you need to access calendar information.
Step 7 Select OK.
Troubleshooting Tips
If you receive an error message indicating that the Exchange server is down and the certificate is configured properly, then the "Receive-As" account is not configured properly. Recreate the account using the steps in this procedure.
Related Topics
Delegating Control as Exchange View Only to the Account
What To Do Next
Configure the Receive-As account to the backend gateway using the appropriate password. See Configuring a Presence Gateway on the Cisco Unified Presence Server.
5 How to Configure Cisco Unified Presence for Integration with Microsoft Exchange 2007
•Requirements for This Integration
•Creating an Account with a Mailbox
•Delegating Roles and Receive-As Permissions to the Account
•Verifying Permissions on the Exchange Account
Requirements for This Integration
Cisco Unified Presence requires an Exchange account with special permissions to query end-user calendaring data. You may already have an administrator account that is configured on the Exchange server. We recommend that you create a separate administrator account for Exchange Calendar integration because the default administrator configuration may not let you log into other user accounts.
The Exchange account must comply with the following requirements:
•Be a member of the "Exchange View-Only Administrator" group.
•Have "Receive-As" permission on the end-user mailboxes. A user account is a regular account used by a regular Exchange user. Cisco Unified Presence requires additional Receive-As account privileges to inspect all the calendars of users.We recommend you to assign this permission at a higher level (such as mail storage group) to enable population of all the mailboxes in the mail storage group. Accounts without a mailbox in the specified storage will not work, and the account will stop working if you remove the mailbox at any stage
•We recommend that you do not install the mailbox role on the server running Client Access Server (CAS). When the mailbox role is installed on the same server as CAS, it has been observed that calendaring presence does not work correctly. Use a standalone CAS.
Creating an Account with a Mailbox
Before You Begin
Ensure that you have completed the prerequisites, and understand the requirements for this integration.
Procedure
Step 1 Sign in to an Exchange 2007 server using an account that is Exchange View-Only Administrator.
Step 2 Select Programs > Microsoft Exchange Server 2007 > Exchange Management Console on the Windows Start menu.
Step 3 Select Recipient Configuration in the console tree.
Step 4 Select New Mailbox.
Step 5 Complete the New Mailbox wizard:
Window
|
Configuration Steps
|
Introduction Window
Page 1 of 6
|
a. Select User Mailbox.
b. Select Next.
|
User Type Window
Page 2 of 6
|
a. Select New User.
b. Select Next.
|
User Information Window
Page 3 of 6
|
a. Complete the required fields as described in Table 2.
b. Select Next.
|
Mail Settings Window
Page 4 of 6
|
a. Complete the required fields as described in Table 3.
b. Select Next.
|
New Mail User Window
Page 5 of 6
|
Verify your configuration, and complete the following actions:
•Select Back to correct an error.
•Select Next to proceed.
|
Completion Window
Page 6 of 6
|
Select Finish.
|
Related Topics
•Prerequisites for this Integration
•Requirements for This Integration
What To Do Next
Delegating Roles and Receive-As Permissions to the Account
User Information Settings
Table 2 describes the user information configuration parameters.
Table 2 User Information Configuration Parameters
Field
|
Description
|
Organizational Unit
|
Displays the user container in Active Directory. To change the default organizational unit (OU), select Browse and select the OU you require.
|
First Name
|
[Optional] Enter the first name of the user.
|
Initials
|
[Optional] Enter the initials of the user.
|
Last Name
|
[Optional] Enter the last name of the user.
|
Name
|
Enter the first name, initials, and last name of the user. You can modify the name in this field.
|
User Logon Name (User Principal Name)
|
Enter the Microsoft domain name in which the user account resides followed by the name that the user requires to sign in to the mailbox.
Example: msoft-domain-name/username
|
User logon Name (pre-Windows 2000)
|
Enter the user name for the user that is compatible with versions of Microsoft Windows that existed prior to the release of Windows 2000 Server. This field is populated by default based on the User logon name (User Principal Name) field.
|
Password
|
Enter the password that the user requires to sign in to his or her mailbox.
|
Confirm Password
|
Reenter the password that you entered in the Password field.
|
User must change password at next logon
|
Check to prompt the user to reset the password.
|
Mailbox Settings
Table 3 describes the mailbox configuration parameters.
Table 3 Mailbox Configuration Parameters
Field
|
Description
|
Alias
|
This field is automatically populated based on the User logon name (User Principal Name) of the user. You can modify the alias in this field.
If any characters in the user logon name do not match the alias field, they are replaced by underscore characters (_). The alias must not exceed 64 characters and must be unique in the forest.
|
Mailbox database
|
Select Browse to open the Select Mailbox Database dialog box. Select the mailbox database you require, and select OK.
This dialog box lists all the mailbox databases in your Exchange organization. By default, the mailbox databases are sorted by name. Select the title of the corresponding column to sort the databases by storage group name or server name.
|
Managed folder mailbox policy
|
Check to specify a messaging records management (MRM) policy. Select Browse to select the MRM mailbox policy to associate with this mailbox.
|
Exchange ActiveSync mailbox policy
|
[Optional] Check to select the Exchange ActiveSync mailbox policy to associate with this mailbox. Select Browse.
|
Delegating Roles and Receive-As Permissions to the Account
Before You Begin
Create an account with a mailbox.
Procedure
Step 1 Add a user or group to an Administrator role using the Exchange Management console or Exchange Management shell:
If you want to use the:
|
Action
|
Exchange Management Console
|
a. Sign in to an Exchange 2007 server using an account that is an Exchange View-Only Administrator.
b. Select Programs > Microsoft Exchange Server 2007 > Exchange Management Console on the Windows Start menu.
c. Right-click Organization Configuration in the console tree.
d. Select Add Exchange Administrator.
e. Select Browse on the Add Exchange Administrator page.
f. Complete these actions in the Select User or Groups to Delegate dialog box:
–Select the installation account.
–Select OK.
g. Select the Exchange View-Only Administrator role under Select the role and scope of this Exchange administrator.
h. Select Add.
i. Select Finish in the Completion window.
|
Exchange Management Shell
|
Run the Add-Exchange command with associated arguments from the Run line or from the Command Prompt in the Exchange Management Shell.
The following provides the syntax and example of the command used to add a user to an administrator role:
Add-ExchangeAdministrator -Role "role"
-Identity "identity"
Add-ExchangeAdministrator -Role ViewOnlyAdmin
-Identity CUPSAdmin
|
Step 2 Run the Add-ADPermission command in the Exchange Management shell to grant Receive-As permission on the account, as follows:
Syntax
Add-ADPermission -Identity "Mailbox Store" -User "Trusted User" -ExtendedRights Receive-As
Example
Add-ADPermission -Identity "First Storage Group" -User CUPSAdmin -ExtendedRights Receive-As
Note You cannot use the Exchange Management Console to complete this step.
Related Topics
Creating an Account with a Mailbox
What To Do Next
Verifying Permissions on the Exchange Account
Verifying Permissions on the Exchange Account
After you have assigned the permissions to the Exchange account, you need to verify that the permissions propagate to mailbox level, and ensure that you can access the mailbox of the end-user. On Exchange 2007, it takes some time for the permissions to propagate to mailboxes.
Before You Begin
•Delegate the appropriate roles and Receive-As permissions to the Exchange account.
•Assume, for the purpose of the examples in the following procedures, that the Exchange account is named "cupsadmin" and the mail storage group is named "First Storage Group".
Procedure
Step 1 Open the Exchange Management shell for command line entry.
Step 2 Complete these actions to verify that the Exchange account is a member of "ExchangeView-Only Administrator" group:
a. Run this command in the Exchange Management shell:
([ADSI]"LDAP://CN=CUPS Admin,CN=Users,DC=r7,DC=com").memberof
Note The "CN=CUPS Admin,CN=Users,DC=r7,DC=com" is the DN (Distinguished Name) of the Exchange account. To determine the DN, use adsiedit.msc. Also verify the DN with your Active Directory administrator if required.
b. Ensure that the command output indicates the Exchange account is a member of "Exchange View-Only Administrator" group, as follows:
Example: Command Output
CN=Exchange View-Only Administrators,
|
OU=Microsoft Exchange Security Groups,
|
|
|
Step 3 Complete these actions to verify that the Exchange account has permissions on the mail storage group:
a. Run this command in the Exchange Management shell:
Get-ADPermission "First Storage Group" -user cupsadmin | Format-Table -AutoSize
Note The "First Storage Group" is the name of the mail storage group. The "cupsadmin" is the Exchange account.
b. Ensure that the command output indicates the Exchange account has "Receive-As" permission on the mail storage group, as follows:
Example: Command Output
|
|
|
|
|
HTLUO-MAIL\First Storage Group
|
|
|
|
|
Step 4 Complete these actions to verify that the Exchange account has permissions on an end-user mailbox:
a. Run this command in the Exchange Management shell:
Get-MailboxPermission jdoe -user cupsadmin | Format-Table -autosize
Note The "jdoe" is the mailbox of the end-user. The "cupsadmin" is the Exchange account.
b. Ensure that the command output indicates that the Exchange account has FullAccess permission on jdoe's mailbox, as follows:
Example: Command Output
Note This permission is inherited from the higher-level permission, in this instance, from the "First Storage Group". If the above command returns no output, the permission has not yet propagated to the mailbox. Do not proceed until you see that the Exchange account has FullAccess on the mailbox of the end user.
Related Topics
Delegating Roles and Receive-As Permissions to the Account
What To Do Next
Configuring a Presence Gateway on the Cisco Unified Presence Server.
6 Configuring a Presence Gateway on the Cisco Unified Presence Server
You must configure a Microsoft Exchange server (Microsoft Outlook) as a presence gateway for calendaring information exchange. This allows the Cisco Unified Presence server to collect availability information (calendar/meeting status) on a per-user basis and incorporate it into the availability status of the user.
Procedure
Step 1 Sign into Cisco Unified Presence Administration.
Step 2 Select Presence > Gateways.
Step 3 Select Add New.
Step 4 Select Outlook (Microsoft Exchange Calendaring gateway to allow the Exchange server to pass 'In a Meeting' availability information to Cisco Unified Presence.
Step 5 Enter a meaningful description in the Description field that will help you to distinguish between presence gateway instances when you have configured more than one type of gateway.
Step 6 Enter the server location for the presence gateway, and ensure that it matches the subject Common Name (CN) of the IIS certificate of the Exchange server. One of these values must connect with the Microsoft Exchange server:
–FQDN
–DNS SRV FQDN
–IP address
See the Troubleshooting Tips for more information.
Step 7 Enter the name of the Receive-As account that Cisco Unified Presence uses to connect to the Microsoft Exchange server, in this format: <domain>\<username>, bearing in mind the following:.
–If the Exchange server is configured to specify a default domain, it may not be necessary to include the domain as part of the user name.
–Otherwise, specify the domain in front of the account name to avoid potential certificate errors (401 and 404 authentication responses).
See the Troubleshooting Tips for more information.
Step 8 Enter and confirm the Microsoft Exchange Account Password required for Cisco Unified Presence to connect to the Microsoft Exchange server. Enter the password again to confirm it. This value must match the Account Password of the previously configured account on the Microsoft Exchange Server.
Step 9 Enter the port used to connect with the Microsoft Exchange server. This value must match the available port on the Microsoft Exchange Server. See the Troubleshooting Tips for more information.
Troubleshooting Tips
•As you configure the Outlook presence gateway, note the following:
–You must upload a valid certificate chain to Cisco Unified Presence. The value of the Presence Gateway field should match the Subject CN value of the leaf certificate of this certificate chain. Expect that this Subject CN value will typically be either the FQDN or IP address of the Exchange server.
–If you have configured DNS on Cisco Unified Presence, the Subject CN value of the leaf certificate can be either the FQDN or IP address. The value of the Presence Gateway field must match the Subject CN value of the leaf certificate.
–If you have not configured DNS on Cisco Unified Presence, the Subject CN value of the leaf certificate must be an IP address. If the Subject CN value is not an IP address, you must regenerate this Exchange certificate to specify the IP address of the Exchange server as the Subject CN value. The value of the Presence Gateway field must match the Subject CN value of the leaf certificate.
•Cisco Unified Presence integration with Microsoft Exchange must occur over a secure HTTP connection. We recommend you to use port 443 (default port) and not to change to other ports.
•If you correctly configure the Receive-As account credentials and certificate exchange, desk phones enabled with Cisco IP Phone Messenger will display the scheduled meetings of users. To verify that the Outlook Presence Gateway is configured correctly, perform these steps on an appropriately configured phone:
a. Select Services.
b. Press PhoneMessenger.
c. Sign into the IP Phone Messenger Service.
d. Select 1 Today's meetings.
e. Verify that the user's meetings for the day are listed.
•If you are localizing your Calendaring integration, you need to ensure that the Exchange server URL contains the localized word for "Calendar". Perform these steps:
–Install the same language locales (load the locale installer) on both Cisco Unified Presence and the Exchange server. For more information about installing locales on Cisco Unified Presence, see [Optional] How to Configure Multilingual Support for Calendaring Integration.
–Restart the Cisco Unified Presence server, and sign into Cisco Unified Presence Administration.
–Find and delete the existing Exchange Presence Gateway that supports a different locale for calendaring (select Presence >Gateways).
–Add a new Exchange Presence (Outlook) gateway. Select Add New.
You can verify in the database (pebackendgateway table) that the 'localecalendarname' attribute is in whichever language locale you have installed.
•If you have connection problems with the Exchange server, see the System Troubleshooter in Cisco Unified Presence Administration and implement the recommended solution. Select Diagnostics > System Troubleshooter.
What To Do Next
If you configure Outlook as the Presence Gateway type, you must
1. Verify that the connection succeeded between Cisco Unified Presence and the Exchange server. See More information about Exchange connection status and recommended actions:.
2. Review the status of the Exchange SSL certificate chain and take corrective actions if required. See More information about SSL Connection/Certificate Verification status and recommended actions:.
3. Review the Exchange Server Status, SSL Connection Status and Certificate Verification Status, and follow the recommended corrective actions. See More information about SSL Connection/Certificate Verification status and recommended actions:.
More information about Exchange connection status and recommended actions:
Test
|
Status Description and Recommended Action
|
Exchange Reachability (pingable)
|
Cisco Unified Presence successfully reached (pinged) the Exhange server.
|
Exchange Reachability (unreachable)
|
Cisco Unified Presence failed to ping the Exchange server. The server may not be reachable due to an incorrect field value or a possible issue with the customer's network, for example, cabling.
To resolve this, ensure that the Exchange Server field contains the correct value (FQDN or IP address) to reach the Exchange server over the network. Note that the UI does not require the Presence Gateway field value to be the Subject CN value. You can enter an IP address or a resolvable host name. However, later in the configuration process, this value will resolve to the Subject CN value.
|
More information about SSL Connection/Certificate Verification status and recommended actions:
Test
|
Status Description and Recommended Action
|
SSL Connection/Certificate Verification - Verified
|
Cisco Unified Presence verified the SSL connection with the Exchange server. Select View for the certificate details.
|
SSL Connection/Certificate Verification Failed - Certificate Missing From Chain
|
One or more certificates that Cisco Unified Presence requires to establish a secure connection to the Exchange server are missing. The Certificate Viewer can provide details of the missing certificates.
Complete these steps in the Certificate Viewer to display any missing certificates:
1. Select Configure to open the Certificate Viewer.
2. Check Accept Certificate Chain.
3. Select Save.
4. The certificate chain details display. Note any certificates with a status of Missing.
5. Close the Certificate Viewer.
6. To complete the certificate chain, you must:
a. Download the missing certificates files from the Exchange server.
b. Copy or FTP the missing certificate files to the computer that you use to administer Cisco Unified Presence.
Troubleshooting Tips
•If the certificates are not available in the Certificate Viewer, you may need to manually download and install the missing certificates from the Exchange server, and upload these certificates in Cisco Unified OS Administration as follows:
–If required, go to Cisco Unified OS Administration and upload certificates to complete the certificate chain.
–Return to the Certificate Import Tool window in Cisco Unified Presence Administration, reopen the Certificate Viewer, and verify in the Certificate Viewer that all certificates in the certificate chain now have a status of Verified.
•Select either Configure or View to launch the Certificate Chain Viewer where you can view the details of the certificate chain. The Configure button will display if there are any issues with the certificate chain that Cisco Unified Presence downloads from the Exchange server - for example, the missing certificates scenario described above. Once you successfully import and verify the certificate chain, the SSL Connection / Certificate Verification status will update to Verified and the View button will replace Configure.
|
SSL Connection/Certificate Verification Failed- Subject CN Mismatch
|
The Presence Gateway field value must match the Subject CN value of the leaf certificate in the Certificate Chain. You can resolve this issue manually using the Certificate Viewer, or by entering the correct value in the Presence Gateway field.
Verify that your entry in the Presence Gateway field is correct as follows:
1. Reenter the correct Subject CN value in the Presence Gateway field. Cisco Unified Presence uses the Presence Gateway field value to ping the server. The host (FQDN or IP address) that you enter must exactly match the IIS certificate Subject Common Name.
2. Select Save.
Alternatively, complete these steps if you want to use the Certificate Viewer to resolve the Subject CN mismatch:
1. Select Configure to open the Certificate Viewer.
2. Select Accept Certificate Chain.
3. Select Save.
4. When you save the Certificate Chain, an alert displays to indicate a change to the Presence Gateway field value. After the window refreshes completely, close the Certificate Viewer.
5. Verify that the value of the Presence Gateway field is updated.
6. Verify that the value of the SSL Connection / Certificate Verification reads Verified.
Troubleshooting Tips
Select either Configure or View to launch the Certificate Chain Viewer where you can view the details of the certificate chain. The Configure button will display if there are any issues with the certificate chain downloaded from the Exchange server - for example, the missing certificates scenario described above. Once you successfully import and verify the certificate chain, the SSL Connection / Certificate Verification status will update to Verified and the View button will replace Configure.
|
SSL Connection/Certificate Bad Certificates
|
Information in the certificate is incorrect, which renders it invalid.
Typically, this occurs if the certificate matches the required Subject CN but not the public key. This could happen if the Exchange server regenerates the certificate but the Cisco Unified Presence server still maintains the old certificate.
To resolve this, complete these actions:
•Select the logs to determine the cause of the error.
•If the error is due to a bad signature, you need to remove the outdated certificate from Cisco Unified Presence in Cisco Unified OS Administration, and then upload a new certificate in Cisco Unified OS Administration.
•If the error is due to an unsupported algorithm, you need to upload a new certificate that contains the supported algorithm in Cisco Unified OS Administration.
|
SSL Connection/Certificate Network Error
|
Due to network issues, for example, a no-response timeout, Cisco Unified Presence cannot verify the SSL connection.
We recommend that you verify the network connectivity to the Exchange server, and ensure that the Exchange server is accepting connections using the correct IP address and port number.
|
SSL Connection/Certificate Verification Failed
|
Verification failed for a non-specific reason or because Cisco Unified Presence cannot perform the reachability test.
We recommend that you review the debug log files for more information.
|
Related Topics
•Uploading the Root Certificate to the Cisco Unified Presence Server
•Configuration and Maintenance Guide for Cisco Unified Presence.
•Cisco Unified Communications Operating System Maintenance Guide for Cisco Unified Presence
7 Configuring Microsoft Active Directory for Integration with Cisco Unified Presence
After the Exchange server is installed and configured, you can add your users to the Active Directory and associate telephone numbers with those users.
In the Microsoft Active Directory Application window, add a user name and the telephone number that are associated with each particular user. The user names configured in Active Directory must be identical to those names defined in Cisco Unified Communications Manager.
Note For detailed information about how to configure Active Directory, see the Active Directory online help. You can also find more information about Microsoft Windows Server Active Directory at the following URL:
http://technet2.microsoft.com/windowsserver/en/technologies/featured/ad/default.mspx
8 How to Configure Security between Cisco Unified Presence and the Microsoft Exchange Server
The certificate exchange process in this section applies to Windows 2003 and Windows 2008. Note, however, that some of the configuration procedures will differ depending on your platform.
•Installing the CA Service
•Downloading the Root Certificate
•Uploading the Root Certificate to the Cisco Unified Presence Server
•Generating a CSR on IIS of Exchange Server
•Submitting the CSR to the CA Server
•Downloading the Signed Certificate.
•Uploading the Signed Certificate onto Exchange IIS
Installing the CA Service
The Certificate Authority (CA) can be the same as the Exchange server. However, Cisco recommends you to use a different Windows server to run the CA.
•Installing the CA on Windows Server 2003
•Installing the CA on Windows Server 2008
Installing the CA on Windows Server 2003
Before You Begin
Ensure that you have Windows Server disc 1 and SP1 discs.
Procedure
Step 1 Select Start > Control Panel > Add or Remove Programs.
Step 2 Select Add/Remove Windows Components in the Add or Remove Programs window.
Step 3 Check Certificate Services under Components.
Step 4 Select Yes when the Warning displays about domain membership.
Step 5 Complete these actions in the CA Type window:
a. Select Stand-alone Root CA.
b. Select Next.
Step 6 Complete these actions in the CA Identifying Information window:
a. Enter the name of the server in the Common Name field for the CA Server. If there is no DNS, type the IP address.
b. Select Next.
Step 7 Accept the defaults settings in the Certificate Database Settings window, and select Next.
Step 8 Select Yes when you are prompted to stop Internet Information Services.
Step 9 Select Yes when you are prompted to enable Active Server Pages (ASP).
Step 10 Select Finish after the installation process completes.
Troubleshooting Tips
Remember that the CA is a third-party authority. The common name of the CA should not be the same as the common name used to generate a CSR.
Related Topics
Prerequisites for this Integration
What To Do Next
Downloading the Root Certificate
Installing the CA on Windows Server 2008
Procedure
Step 1 Select Start > Administrative Tools > Server Manager.
Step 2 Select Roles in the console tree.
Step 3 Select Action > Add Roles.
Step 4 Complete the Add Roles wizard:
Window
|
Configuration Steps
|
Before You Begin Window
Page 1 of 13
|
a. Ensure that you have completed all prerequisites listed in the window.
b. Select Next.
|
Select Server Roles Window
Page 2 of 13
|
a. Check Active Directory Certificate Services.
b. Select Next.
|
Introduction Window
Page 3 of 13
|
Select Next.
|
Select Role Services Window
Page 4 of 13
|
a. Check these check boxes:
–Certificate Authority
–Certificate Authority Web Enrollment
–Online Responder
b. Select Next.
|
Specify Setup Type Window
Page 5 of 13
|
Select Standalone.
|
Specify CA Type Window
Page 6 of 13
|
Select Root CA.
|
Set Up Private Key Window
Page 7 of 13
|
Select Create a new private key.
|
Configure Cryptography for CA Window
Page 8 of 13
|
Select the default cryptographic service provider.
|
Configure CA Name Window
Page 9 of 13
|
Enter a common name to identify the CA.
|
Set Validity Period Window
Page 10 of 13
|
Set the validity period for the certificate generated for the CA.
Note The CA will issue valid certificates only to the specified expiration date.
|
Configure Certificate Database Window
Page 11 of 13
|
Select the default certificate database locations.
|
Confirm Installation Selections Window
Page 12 of 13
|
Select Install.
|
Installation Results Window
Page 13 of 13
|
a. Verify that the Installation Succeeded message displays for all components.
b. Select Close.
Note Active Directory Certificate Services is now listed as one of the roles on the Server Manager.
|
Related Topics
Prerequisites for this Integration
What To Do Next
Downloading the Root Certificate
Downloading the Root Certificate
Before You Begin
Install the CA service.
Procedure
Step 1 Sign in to your CA server and open a web browser.
Step 2 Open the URL specific to your windows platform type:
•Windows server 2003 - http://127.0.0.1/certsrv
•Windows server 2008 - https://127.0.0.1/certsrv
Step 3 Select Download a CA certificate, certificate chain, or CRL.
Step 4 For the Encoding Method, select Base 64.
Step 5 Select Download CA Certificate.
Step 6 Save the certificate, certnew.cer, to the local disk.
Troubleshooting Tips
If you do not know the Subject Common Name (CN) of the root certificate, you can use an external certificate management tool to find this information. On a Windows operating system, right-click the certificate file with a .CER extension and open the certificate properties.
Related Topics
Installing the CA Service
What To Do Next
Uploading the Root Certificate to the Cisco Unified Presence Server
Uploading the Root Certificate to the Cisco Unified Presence Server
Cisco Unified Presence allows you to upload Exchange server trust certificates with or without a Subject Common Name (CN).
Before You Begin
•Download the root certificate.
•If you have a third-party CA-signed Exchange server certificate, note that you must upload all CA certificates in the certificate chain to Cisco Unified Presence as a Cisco Unified Presence Trust certificate (cup-trust).
Procedure
Step 1 Choose your upload method and complete the steps:
If a certificate is:
|
Upload the certificate via:
|
Actions
|
Not yet uploaded, and has no Subject CN
|
Certificate Import Tool in Cisco Unified Presence Administration.
The Certificate Import tool simplifies the process of installing trust certificates on Cisco Unified Presence and is the primary method for certificate exchange. The tool allows you to specify the host and port of the Exchange server and attempts to download the certificate chain from the server. Once approved, the tool will automatically install missing certificates.
Note The Certificate Import Tool is the primary method to upload certificates. However, note that you may still need to manually import the certificates as described below.
|
a. Select System > Security > Certificate Import Tool.
b. Select CUP Trust as the Certificate Trust Store where you want the to install the certificates. This stores the Presence Engine trust certificates required for Exchange Integration.
c. Enter one of these values to connect with the Exchange server:
–IP address
–Host name
–FQDN
The value that you enter in this Peer Server field must exactly match the IP address, host name or FQDN of the Exchange server.
d. Enter the port that will allow communication with the Exchange server. This value must match the available port on the Exchange server.
e. Select Submit. After the tool finishes, it reports these states for each test:
–Peer Server Status—indicates if Cisco Unified Presence has successfully established a secure connection with Exchange server. See More information about Exchange connection status and recommended actions:.
–SSL Connection/Certificate Verification Status—indicates whether or not the Certificate Import Tool succeeded in downloading certificates from the specified peer server. See More information about SSL Connection/Certificate Verification status and recommended actions:.
|
Already uploaded, and has a Subject CN
|
Cisco Unified Operating System Administration
If the Exchange server does not provide the CA certificates during the SSL/TLS handshake, you cannot use the Certificate Import Tool to import those certificates. In this case, you must manually import the missing certificates using the Certificate Management tool in Cisco Unified OS Administration (select Security > Certificate Management).
|
a. Copy or FTP the certnew.cer certificate file to the computer that you use to administer your Cisco Unified Presence server.
b. From the Navigation menu on the Cisco Unified Presence Administration login window, select Cisco Unified OS Administration and select Go.
c. Enter your username and password for Cisco Unified Operating System Administration and select Login.
d. Select Security > Certificate Management.
e. Select Upload Certificate in the Certificate List window.
f. Complete these actions when the Upload Certificate pop-up window displays:
–Select Cisco Unified Presence Trust from the Certificate Name list box.
–Enter the root certificate name without any extension.
g. Select Browse and select certnew.cer.
h. Select Upload File.
|
Step 2 Restart the Presence Engine and SIP Proxy service after you upload all Exchange trust certificates.
Troubleshooting Tips
If you use the Meeting Notification feature, you must restart the Presence Engine and SIP Proxy for all types of certificates. After you upload your certificates, go to Cisco Unified Serviceability and restart the Presence Engine first followed by the Proxy restart.
Related Topics
•Downloading the Root Certificate
•Configuring a Presence Gateway on the Cisco Unified Presence Server
•Serviceability Configuration and Maintenance Guide for Cisco Unified Presence
What To Do Next
Generating a CSR on IIS of Exchange Server
Generating a CSR on IIS of Exchange Server
•Generating a CSR - Running Window Server 2003
•Generating a CSR - Running Window Server 2008
Generating a CSR - Running Window Server 2003
You must generate a Certificate Signing Request on the IIS server for Exchange, which is subsequently signed by the CA server.
Before You Begin
Upload the root certificate to Cisco Unified Presence.
Procedure
Step 1 From Administrative Tools, open Internet Information Services.\
Step 2 Complete the following steps in the Internet Information Services window:
a. Right-click Default Web Site
b. Select Properties.
Step 3 Complete the following steps in the Default Web Site Properties window:
a. Select the Directory Security tab.
b. Select Server Certificate.
Step 4 Select Next when the Web Server Certificate Wizard window displays.
Step 5 Complete the Web Server Certificate Wizard:
Window
|
Configuration Steps
|
Server Certificate Window
Page 1 of 9
|
a. Select Create a new certificate.
b. Select Next.
|
Delayed or Immediate Request Window
Page 2 of 9
|
a. Select Prepare the request now, but send it later.
b. Select Next.
|
Name and Security Settings Window
Page 3 of 9
|
a. Accept the Default Web Site certificate name
b. Select 1024 for the bit length.
c. Select Next.
|
Organization Information Window
Page 4 of 9
|
a. Enter your Company name in the Organization field.
b. Enter the organizational unit of your company in the Organizational Unit field.
c. Select Next.
|
Your Site's Common Name Window
Page 5 of 9
|
a. For Common Name, enter the Exchange Server hostname or IP address.
Note The IIS certificate Common Name that you enter is used to configure the Presence Gateway on Cisco Unified Presence, and must be identical to the Host (URI or IP address) you are trying to reach.
b. Select Next.
|
Geographical Information Window
Page 6 of 9
|
a. Enter your geographical information, as follows:
–Country/Region
–State/province
–City/locality
b. Select Next.
|
Certificate Request File Name Window
Page 7 of 9
|
a. Enter an appropriate filename for the certificate request.
a. Select Next.
Note Make sure that you save the CSR without any extension and only use Notepad to open the file.
|
Request File Summary Window
Page 8 of 9
|
a. Review your information about the Request File Summary window.
b. Select Next.
|
Web Server Certificate Completion Window
Page 9 of 9
|
Select Finish.
|
Related Topics
Uploading the Root Certificate to the Cisco Unified Presence Server
What To Do Next
Submitting the CSR to the CA Server
Generating a CSR - Running Window Server 2008
You must generate a Certificate Signing Request on the IIS server for Exchange, which is subsequently signed by the CA server.
Before You Begin
Upload the root certificate to Cisco Unified Presence.
Procedure
Step 1 From Administrative Tools, open Internet Information Services (IIS) Manager.
Step 2 Select the Exchange Server under Connections in the left frame of the IIS Manager.
Step 3 Double-click Server Certificates.
Step 4 Select Create Certificate Request under Actions in the right frame of the IIS Manager.
Step 5 Complete the Request Certificate Wizard:
Window
|
Configuration Steps
|
Distinguished Name Properties Window
Page 1 of 5
|
a. For Common Name, enter the Exchange Server hostname or IP address.
Note The IIS certificate Common Name that you enter is used to configure the Presence Gateway on Cisco Unified Presence, and must be identical to the Host (URI or IP address) you are trying to reach.
b. Enter your Company name in the Organization field.
c. Enter the organizational unit that your company belongs to in the Organizational Unit field.
d. Enter your geographical information, as follows:
–City/locality
–State/province
–Country/Region
e. Select Next.
|
Cryptographic Service Provider Properties Window
Page 2 of 5
|
a. Accept the default Cryptographic service provider
2. Select 1024 for the bit length.
a. Select Next.
|
Certificate Request File Name Window
Page 3 of 5
|
a. Enter an appropriate filename for the certificate request.
a. Select Next.
Note Make sure that you save the CSR without any extension and only use Notepad to open the file.
|
Request File Summary Window
Page 4 of 5
|
a. Confirm that the information is correct in the Request File Summary window.
b. Select Next.
|
Request Certificate Completion Window
Page 5 of 5
|
Select Finish.
|
Submitting the CSR to the CA Server
We recommend that the default SSL certificate, generated for Exchange on IIS, should use the Fully Qualified Domain Name (FQDN) of the Exchange server and be signed by a Certificate Authority Cisco Unified Presence trusts. This procedure allows the CA to sign the CSR from Exchange IIS. Perform the following procedure on your CA server, and configure the FQDN of the Exchange server in the:
•Exchange certificate.
•Outlook Gateway field in Cisco Unified Presence Administration.
Before You Begin
Generate a CSR on IIS of the Exchange server.
Procedure
Step 1 Copy the certificate request file to your CA server.
Step 2 Open the following URL:
http://local-server/certserv
or
http://127.0.0.1/certsrv
Step 3 Select Request a certificate.
Step 4 Select advanced certificate request.
Step 5 Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
Step 6 Using a text editor like Notepad, open the CSR that you generated.
Step 7 Copy all information from and including
-----BEGIN CERTIFICATE REQUEST
to and including
END CERTIFICATE REQUEST-----
Step 8 Paste the content of the CSR into the Certificate Request text box
Step 9 (Optional) By default the Certificate Template drop-down list defaults to the Administrator template, which may or may not produce a valid signed certificate appropriate for server authentication. If you have an enterprise root CA, select the "Web Server"certificate template from the Certificate Template drop-down list. The "Web Server" certificate template may not display, and therefore this step may not apply, if you have already modified your CA configuration.
Step 10 Select Submit.
Step 11 In Administrative Tools, select Start > Administrative Tools > Certification > Authority >CA name > Pending request to open the Certification Authority. The Certificate Authority window displays the request you just submitted under Pending Requests.
Step 12 Right click on your request, and complete these actions:
•Navigate to All Tasks.
•Select Issue.
Step 13 Select Issued certificates and verify that your certificate has been issued.
Related Topics
Generating a CSR on IIS of Exchange Server
What To Do Next
Downloading the Signed Certificate.
Downloading the Signed Certificate
Before You Begin
Submit the CSR to the CA server.
Procedure
Step 1 In Administrative Tools, open the Certification Authority. The Certificate Request that you just issued displays in Issued Requests.
Step 2 Right click the request and select Open.
Step 3 Select the Details tab.
Step 4 Select Copy to File.
Step 5 Select Next when the Certificate Export Wizard displays.
Step 6 Complete the Certificate Export Wizard:
Window
|
Configuration Steps
|
Export File Format Window
Page 1 of 3
|
a. Select Base-64 encoded X.509.
b. Select Next.
|
File to Export Window
Page 2 of 3
|
a. Enter the location where you want to store the certificate and use cert.cer for the certificate name, for example, c:/cert.cer.
b. Select Next.
|
Certificate Export Wizard Completion Window
Page 3 of 3
|
a. Review the summary information.
b. Select Finish.
|
Step 7 Copy or FTP the cert.cer to the computer that you use to administer Cisco Unified Presence.
Related Topics
Submitting the CSR to the CA Server
What To Do Next
Uploading the Signed Certificate onto Exchange IIS
Uploading the Signed Certificate onto Exchange IIS
•Uploading the Signed Certificate - Running Windows 2003
•Uploading the Signed Certificate - Running Windows 2008
Uploading the Signed Certificate - Running Windows 2003
This procedure takes the signed CSR and uploads it onto IIS. To upload the signed certificate, perform the following step on the computer that you use to administer Cisco Unified Presence.
Before You Begin
Download the signed certificate.
Procedure
Step 1 From Administrative Tools, open Internet Information Services.
Step 2 Complete the following steps in the Internet Information Services window:
a. Right click Default Web Site
b. Select Properties.
Step 3 Complete the following steps in the Default Web Site Properties window:
a. Select the Directory Security tab.
b. Select Server Certificate.
Step 4 Select Next when the Web Server Certificate Wizard window displays.
Step 5 Complete the Web Server Certificate Wizard:
Window
|
Configuration Steps
|
Pending Certificate Request Window
Page 1 of 4
|
a. Select Process the pending request and install the certificate.
b. Select Next.
|
Process a Pending Request Window
Page 2 of 4
|
a. Select Browse to locate your certificate.
b. Navigate to the correct path and filename.
c. Select Next.
|
SSL Port Window
Page 3 of 4
|
a. Enter 443 for the SSL port.
b. Select Next.
|
Web Server Certificate Completion Window
Page 4 of 4
|
Select Finish.
|
Troubleshooting Tips
If your certificate is not in the trusted certificates store, the signed CSR will not be trusted. To establish trust, Complete these actions:
•Select View Certificate in the Directory Security tab.
•Select Details > Highlight root certificate, and select View.
•Select the Details tab for the root certificate and install the certificate.
Related Topics
Downloading the Signed Certificate
Uploading the Signed Certificate - Running Windows 2008
This procedure takes the signed CSR and uploads it onto IIS. To upload the signed certificate, perform the following step on the computer that you use to administer Cisco Unified Presence.
Before You Begin
Download the signed certificate.
Procedure
Step 1 From Administrative Tools, open Internet Information Services (IIS) Manager.
Step 2 Select the Exchange Server under Connections in the left frame of the IIS Manager.
Step 3 Double-click Server Certificates.
Step 4 Select Complete Certificate Request under Actions in the right frame of the IIS Manager.
Step 5 Complete these actions in the Specify Certificate Authority Response window:
a. Select the ellipsis [...] to locate your certificate.
b. Navigate to the correct path and filename.
c. Enter a user-friendly name for your certificate.
d. Select Ok. The certificate that you completed will display in the certificate list.
Step 6 Complete the following steps in the Internet Information Services window to bind the certificate:
a. Select Default Web Site.
b. Select Bindings under Actions in the right frame of the IIS Manager.
Step 7 Complete the following steps in the Site Bindings window:
a. Select https.
b. Select Edit
Step 8 Complete the following steps in the Edit Site Binding window:
a. Select the certificate that you just created from the SSL certificate list box. The "friendly name" that you applied to the certificate will display.
b. Select Ok.
9 [Optional] How to Configure Multilingual Support for Calendaring Integration
User locales are country-specific, and user locale files provide the translated text for user applications and user web pages in a given locale. If you want to expand your Microsoft Exchange deployment to support multiple languages, you must configure Cisco Unified Communications Manager and Cisco Unified Presence to support the user locales that you require in your calendaring integration. There is no limit to the number of supported languages.
•Installing the Locale Installer on Cisco Unified Communications Manager
•Installing the Locale Installer on Cisco Unified Presence
•Setting User Locales for Multilingual Calendaring Integration
Installing the Locale Installer on Cisco Unified Communications Manager
Before you begin this procedure, consider the following caveats:
•You must install Cisco Unified Communications Manager (Release 6.x or a higher release) on every server in the cluster before you install the Cisco Unified Communications Manager locale installer.
•If you want to use a locale other than English, you must install the appropriate language installers on both Cisco Unified Communications Manager and on Cisco Unified Presence. Ensure the locale installer is installed on every server in the cluster (install on the Publisher server before the Subscriber servers).
•User locales should not be set until all appropriate locale installers are loaded on both systems. Users may experience problems with calendaring if they inadvertently set their user locale after the locale installer is loaded on Cisco Unified Communications Manager but before the locale installer is loaded on Cisco Unified Presence. If issues are reported, we recommend that you notify each user to sign into Cisco Unified Communications Manager User Options pages and change their locale from the current setting to English and then back again to the appropriate language. Yo u can also use the BAT tool to synchronize user locales to the appropriate language.
•You must restart the server for the changes to take effect. After you complete all locale installation procedures, restart each server in the cluster. Updates do not occur in the system until you restart all servers in the cluster; services restart after the server reboots.
•Make sure that you install the same components on every server in the cluster.
To complete this procedure on Cisco Unified Communications Manager, see the Cisco Unified Communications Operating System Administration Guide here:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/8_0_1/cucos/iptpch7.html#wp1054072
What To Do Next
Installing the Locale Installer on Cisco Unified Presence
Installing the Locale Installer on Cisco Unified Presence
Before You Begin
•Install the locale installer on Cisco Unified Communications Manager. If you want to use a locale other than English, you must install the appropriate language installers on both Cisco Unified Communications Manager and on Cisco Unified Presence.
•If your Cisco Unified Presence cluster has more than one node, make sure that the locale installer is installed on every server in the cluster (install on the Publisher server before the Subscriber servers).
•User locales should not be set until all appropriate locale installers are loaded on both systems. Users may experience problems with calendaring if they inadvertently set their user locale after the locale installer is loaded on Cisco Unified Communications Manager but before the locale installer is loaded on Cisco Unified Presence. If issues are reported, we recommend that you notify each user to sign into Cisco Unified Communications Manager user options pages and change their locale from the current setting to English and then back again to the appropriate language. Yo u can also use the BAT tool to synchronize user locales to the appropriate language.
•You must restart the server for the changes to take effect. After you complete all locale installation procedures, restart each server in the cluster. Updates do not occur in the system until you restart all servers in the cluster; services restart after the server reboots.
Procedure
Step 1 Browse to this location on Cisco.com to locate the Cisco Unified Presence locale installer:
http://tools.cisco.com/support/downloads/go/ReleaseType.x?optPlat=&isPlatform=Y&mdfid=281820245&sftType=Unified+Presence+Locale+Installer&treeName=Voice+and+Unified+Communications&modelName=Cisco+Unified+Presence+Version+7.0&mdfLevel=Software%20Version/Option&treeMdfId=278875240&modifmdfid=null&imname=&hybrid=Y&imst=N
Step 2 Select the version of the Cisco Unified Presence locale installer that is appropriate for your working environment.
Step 3 After downloading the file, save the file to the hard drive and note the location of the saved file.
Step 4 Copy this file to a server that supports SFTP.
Step 5 Sign into Cisco Unified OS Administration using your administrator account and password.
Step 6 Select Software Upgrades > Install/Upgrade.
Step 7 Select Remote File System as the software location source.
Step 8 Enter the file location, for example /tmp, in the Directory field.
Step 9 Enter the name of the server that contains the locale installer file (the server that you specified in Step 4). This copies the file to your Cisco Unified Presence server where you can install it.
Step 10 Enter your username and password credentials in the User Name and User Password fields.
Step 11 Select SFTP for the Transfer Protocol.
Step 12 Select Next.
Step 13 Select the Cisco Unified Presence locale installer from the list of search results.
Step 14 Select Next to load the installer file and validate it.
Step 15 After you complete the locale installation, restart each server in the cluster.
Step 16 The default setting for installed locales is "English, United States". While your Cisco Unified Presence server is restarting, change the language of your browser, if necessary, to match the locale of the installer that you have downloaded.
If you use this browser:
|
Configuration Steps
|
Internet Explorer
Version 6.x
|
a. Select Tools > Internet Options.
b. Select the General tab.
c. Select Languages.
d. Use the Move Up button to move your preferred language to the top of the list.
e. Select OK.
|
Mozilla Firefox
Version 3.x
|
a. Select Tools > Options.
b. Select the Content tab.
c. Select Choose in the Languages section of the window.
d. Use the Move Up button to move your preferred language to the top of the list.
e. Select OK.
|
Step 17 Verify that your users can select the locale(s) for supported products.
Troubleshooting Tips
Make sure that you install the same components on every server in the cluster.
What To Do Next
Setting User Locales for Multilingual Calendaring Integration
Setting User Locales for Multilingual Calendaring Integration
There are two ways to complete this procedure, depending on whether your role is the Administrator or user.
Before You Begin
•Install the Cisco Unified Communications Manager and Cisco Unified Presence Locale Installers that contain all the available languages. User locales should not be set until all appropriate locale installers are loaded on both systems.
•You may experience problems with calendaring if you inadvertently set your user locale after the locale installer is loaded on Cisco Unified Communications Manager but before the locale installer is loaded on Cisco Unified Presence. To force the system to use the appropriate language, we recommend that you sign into Cisco Unified Communications Manager user pages and change the user locale from the current setting to English. Then reset the locale to the language that you require.
Procedure
Step 1 Complete the procedure specific to your role, as follows:
If you are an:
|
Configuration Steps
|
Administrator
|
a. Sign in to Cisco Unified Communications Manager Administration using the administrator account and password.
b. Select User Management > End User.
c. Use the Find and List functionality to search for and locate the user that you require.
d. Select the User ID hyperlink for the user that you require.
e. Select the appropriate language for the user from the User Locale drop-down list.
f. Select Save.
|
User
|
a. Sign in to Cisco Unified Communications Manager User Options using the user account and password.
b. Select User Options > User Settings Configuration.
c. Select the appropriate language for the user from the User Locale drop-down list.
d. Select Save.
|
Related Topics
•Installing the Locale Installer on Cisco Unified Communications Manager
•Installing the Locale Installer on Cisco Unified Presence
10 [Optional] Configuring the Microsoft Exchange Notification Port
By default, the Presence Engine listens for incoming notifications from the Exchange server on UDP port 50020. This topic only applies if you want to use another port for any reason specific to your network configuration.
Before You Begin
If you change from the default port, make sure that the replacement port that you assign is not already in use.
Procedure
Step 1 Select Cisco Unified Presence Administration > System > Service Parameters.
Step 2 Select the Cisco Unified Presence server from the Server menu.
Step 3 Select Cisco UP Presence Engine (Active) from the Service menu.
Step 4 Edit the parameter value for the Microsoft Exchange Notification Port field in the Presence Engine Configuration section. By default this parameter is 50020.
Step 5 Select Save.
Troubleshooting Tips
If you change from the default port, the Presence Engine will continue to use the existing calendar information for users, (including the number of meetings and the start and end times) until such time as the Exchange subscription for the user is renewed. It may take up to an hour for the Presence Engine to receive notifications that a user's calendar has changed.
11 [Optional] Configuring the Duration Range of Microsoft Exchange Calendar Notifications
By default, the Presence Engine allows for meeting/busy notifications to be sent 50 seconds after the top-of-minute. If you have a small user base, we recommend that your shorten this delay using the formula specified in this procedure. However, note that this topic is optional and only applies if you want to change the duration range for any reason specific to your network configuration.
Before You Begin
Use this formula to configure this field value (in seconds): Maximum number of assigned users / 100. For example, if a node has a maximum number of users of 1000, then the offset range is 10 seconds.
Procedure
Step 1 Select Cisco Unified Presence Administration > System > Service Parameters.
Step 2 Select the Cisco Unified Presence server from the Server menu.
Step 3 Select Cisco UP Presence Engine (Active) from the Service menu.
Step 4 Edit the parameter value in the Calendar Spread field. By default this parameter is 50.
Step 5 Select Save.
What To Do Next
You must restart the Cisco UP Presence Engine if you change this parameter. Select Cisco Unified Serviceability > Tools > Service Activation.
Troubleshooting Tips
This parameter limit is 59 seconds. If meetings start or end more than one minute late, it interferes with meeting start/end counters and notifications.
12 Known Issues with Microsoft Exchange Server Integration
•Microsoft Exchange 2003
Microsoft Exchange 2003
•Applying Microsoft HotFix KB841561
•Form-Based Authentication
Applying Microsoft HotFix KB841561
Apply Microsoft HotFix KB841561 if you encounter problems with the Exchange 2003 server and it returns a "500 Internal Server Error".
Procedure
Step 1 Uninstall SP2 for Windows Server 2003 and for Microsoft Exchange 2003.
Step 2 Install SP1 for Windows Server 2003 and Exchange 2003.
Step 3 Download and install KB841561 from the following URL: http://www.microsoft.com/downloads/details.aspx?familyid=050be883-11fc-4045-b988-c737e79c65d0&displaylang=en
Step 4 Install SP2 for Windows Server 2003 and for Microsoft Exchange 2003.
Form-Based Authentication
Issues with Form-Based Authentication (FBA) do not exist in Release 7.0(3) or higher releases of Cisco Unified Presence.
13 Getting More Information
Cisco Unified Presence
For additional Cisco Unified Presence documentation, see the following URL:
http://www.cisco.com/en/US/products/ps6837/tsd_products_support_series_home.html
Cisco Unified Communications Manager
For Cisco Unified Communications Manager documentation, see the following URL:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.html
Microsoft Exchange 2003
For details on installing, configuring and deploying MS Exchange 2003, see the following URL:
http://technet.microsoft.com/en-us/library/bb123872.aspx
Microsoft Exchange 2007
•For details on installing, configuring and deploying MS Exchange, see the following URL:
http://technet.microsoft.com/en-us/library/bb124558.aspx
•For more information about how to configure FBA for Outlook web access in Exchange 2007, see the following URL:
http://technet.microsoft.com/en-us/library/aa998867(EXCHG.80).aspx
Microsoft Active Directory
For information about Microsoft Windows Server Active Directory, see the following URL
http://technet2.microsoft.com/windowsserver/en/technologies/featured/ad/default.mspx
Feedback
