Professional Documents
Culture Documents
Communicator Web
Access
(2007 release)
Guide to Lab
Deployment
Published: July 2007
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise
noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples
herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or
event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting
the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in
any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written
permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this
document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give
you any license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, Windows, Windows Server, Windows Vista, Active Directory, and Internet Explorer are either registered trademarks or
trademarks of the Microsoft group of companies.
Note
The deployment scenarios that are described in this document
are intended for test-lab purposes only. They might not be
suitable for a production environment.
2 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
Supported Browsers
Supported browsers for Communicator Web Access (2007 release) are shown in the following
table.
Table 1. Supported Browsers
Operating Internet Authentication
System Browser Mechanism
Microsoft Microsoft Internet NTLM
Windows® 2000 Explorer® 6 SP1 Kerberos
SP4
Forms-based
Custom
Windows XP SP2 Internet Explorer NTLM
6 SP2 Kerberos
Windows Internet Forms-based
Explorer 7
Custom
Important
Running Office Communications Server 2007 on a domain
controller is not supported.
Note
Installing Communicator Web Access (2007 release) and any
server role of Office Communications Server 2007 on the same
physical server is not supported.
4 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
Figure 1. Topology for Lab Scenario 1
Note
Running Office Communications Server 2007 on a domain
controller is not supported.
Disk Space
You install IIS 6.0 from the Windows Control Panel. For details, see the Windows Server
documentation.
To download Service Pack 1 for Windows Server 2003, go to
http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/default.mspx.
Server: ocs2k7.contoso.com
Table 3 shows the minimum system requirements for ocs2k7.contoso.com.
Table 3. Minimum Requirements for ocs2k7.contoso.com
Component Requirement
6 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
For details about installing Office Communications Server, Standard Edition, see the Microsoft
Office Communications Server 2007, Standard Edition Deployment Guide available on the Office
Communications Server 2007 installation media.
You install IIS 6.0 from the Windows Control Panel. For details, see the Windows Server
documentation.
To download Service Pack 1for Windows Server 2003, go to
http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/default.mspx.
To download the .NET Framework, go to http://www.microsoft.com/downloads/details.aspx?
familyid=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en.
Microsoft Office Communicator Web Access (2007 release) Guide to Lab
Deployment 7
Server: cwaserver.contoso.com
Table 4 shows the minimum system requirements for cwaserver.contoso.com. On this server, you
will install Communicator Web Access.
Table 4: cwaserver.contoso.com Minimum Requirements
Component Requirement
cwaserver.contoso.com – Communicator Web Access - IP Address =
10.10.10.35/24
Software
Disk format NTFS
Operating System Windows Server 2003 SP1 or later (Standard
Edition, Enterprise Edition, or Datacenter
Edition)
Other software required .NET Framework Version 2.0 or later
for Communicator Web
IIS 6.0
Access
ASP.NET 2.0
Communicator Web Access
Office Communications Server 2007, Unified
Communications Managed API v1.0 (installed
during setup)
Hardware
Processor Dual 3.2-GHz CPU
Networking 1-Gigabit Ethernet network adapter
Memory 4 GB of RAM
Disk Space 1 × 36-GB NTFS-formatted hard drives
Group memberships
To install Communicator User must be a member of Administrators
Web Access group.
To activate Communicator User must be a member of the DomainAdmins
Web Access group.
To create a virtual server User must be a member of Administrators
group.
Client Computers
Each client computer runs the Microsoft Windows XP with SP2 operating system with the
Microsoft Internet Explorer® 7 Internet browser. You can optionally add Office Communicator
2007 to one or both of the client computers.
Table 5. Minimum Requirements for Client 1 and Client 2
8 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
Component Requirement
Client 1 - Member client; name=Client1; IP Address=10.10.10.4/24
Client 2 - Member client; name=Client2; IP Address= 10.10.10.5/24
Software
Operating System Windows 2000 with Service Pack 41
Browser/Client Internet Explorer 6.0 with SP11
Other software Office Communicator 2007
Hardware
Processor 300-MHz CPU
Networking One network adapter
Memory 128 MB of RAM
Disk space 20 GB
1
Other operating systems or browsers can be used. For a list of supported operating
systems and browsers, see the Microsoft Office Communicator Web Access (2007
release) Planning and Deployment Guide.
Setting Up contosodc.contoso.com
Preparing contosodc.contoso.com consists of the following steps:
1. Configure a static IP Address.
2. Prepare Active Directory using dcpromo and configure DNS.
3. Configure the server as a Windows Server 2003 SP1 or later Enterprise Root CA.
The following sections explain these steps in detail, assuming you are using a classic style start
menu.
Configure Static IP Address for contosodc
Connect the Server to Hub 1, and then configure the server with a static IP address.
To configure a static IP address for contosodc
1. Click Start, point to Settings, and then click Network Connections.
2. Right-click the connection for which you want to configure a static IP address, and
then click Properties.
3. Click Internet Protocol (TCP/IP), and then click Properties.
4. In the Internet Protocol (TCP/IP) Properties dialog box, click Use the following
IP address.
5. In the IP address box, type 10.10.10.1.
6. In the Subnet mask box, type 255.255.255.0.
7. Click Use the following DNS server addresses.
8. In the Preferred DNS server box, type 10.10.10.1.
Microsoft Office Communicator Web Access (2007 release) Guide to Lab
Deployment 9
9. Click OK twice, and then close the Network Connections window.
Prepare Active Directory by Using dcpromo and configure DNS
Use dcpromo to install Active Directory and promote contosodc.contoso.com to a domain
controller, and then configure DNS. You will need your Windows Server 2003 installation media
in order to complete the procedure.
To prepare Active Directory using dcpromo and configure DNS
1. Click Start, and then click Run.
2. In the Open box, type dcpromo, and then click OK.
3. On the Active Directory Installation Wizard Welcome page, click Next.
4. On the Operating System Compatibility page, click Next.
5. On the Domain Controller Type page, accept the default Domain controller for a
new domain, and then click Next.
6. On the Create New Domain page, accept the default Domain in a new forest, and
then click Next.
7. On the New Domain Name page, enter contoso.com in the text box, and then click
Next.
8. On the NetBIOS Domain Name page, accept the default CONTOSO, and then click
Next.
9. On the Database and Log Folders page, accept the default locations, and then click
Next.
10. On the Shared System Volume page, accept the default location, and then click
Next.
11. On the DNS Registration Diagnostics page, click Install and configure the DNS
server on this computer, and set this computer to use this DNS server as its
preferred DNS server, and then click Next.
12. On the Permissions page, accept the default Permissions compatible only with
Windows 2000 or Windows Server 2003 operating systems, and then click Next.
Office Communications Server 2007 requires native mode.
13. On the Directory Services Restore Mode Administration Password page, enter the
same password in both boxes, and then click Next.
14. On the Summary page, click Next.
15. If prompted, type the full path to the Windows Server 2003 installation folder or CD,
and then click Continue.
16. Click Finish.
17. Ensure that the domain controller is in native mode. See
http://support.microsoft.com/kb/322692.
10 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
Configure contosodc.contoso.com as a Windows Server 2003
Enterprise Root CA
Install certificate services and configure the server as an enterprise root certification authority.
To install certificate services and configure the server as an Enterprise
root CA
1. Click Start, point to Settings, click Control Panel, and then click Add or Remove
Programs.
2. Click Add or Remove Windows Components.
3. In the Windows Components Wizard, click Certificate Services.
4. On the Microsoft Certificate Services page, click Yes, and then click Next.
5. On the CA Type page, click Enterprise root CA, and then click Next.
6. On the CA Identifying Information page, type cwaserver in the Common name
for this CA box, and then click Next.
7. On the Certificate Database Settings page, click Next.
8. If prompted, type the full path to the Windows Server 2003 installation folder or CD,
and then click Continue.
9. In the Microsoft Certificate Services message, click Yes to allow IIS to be
temporarily stopped.
10. In the Microsoft Certificate Services message, click Yes to enable ASP and IIS.
After you have installed Microsoft Certificate Services, prepare the CA for issuing certificates by
duplicating the Web server certificate template. During this procedure, you must grant Enroll
and Auto enroll permissions for the following groups in all domains: AuthenticatedUsers,
DomainAdmins, DomainComputers, and EnterpriseAdmins. See the Microsoft Office
Communications Server 2007, Standard Edition Deployment Guide for the procedure to do this.
Setting Up ocs2k7.contoso.com
Preparing ocs2k7.contoso.com consists of the following steps:
1. Configure a static IP Address.
2. Install and configure Office Communications Server 2007, Standard Edition.
Note
Running Office Communications Server 2007 on a domain
controller is not supported.
Note
The MTLS (mutual TLS) certificates for both Office
Communications Server 2007, Standard Edition, and
Communicator Web Access must be issued from the same
certification authority (CA) and must use a duplicated Web
server template in which the Mark keys as exportable option
is enabled.
Setting Up cwaserver.contoso.com
For this lab scenario, cwaserver.contoso.com functions as the Communicator Web Access server.
Preparing cwaserver for this role consists of the following steps:
1. Configure a static IP address and name resolution.
2. Add cwaserver to the contoso.com domain.
3. Request the required certificates for Communicator Web Access.
4. Install and configure Communicator Web Access.
The following sections describe these steps in detail.
Configure the Static IP Address
Connect cwaserver to Hub1, and then configure cwaserver with a static IP address.
To configure cwaserver with a static IP address
12 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
1. Click Start, point to Settings, and click Network Connections.
2. Right-click the connection for which you want to configure a static IP address, and
then click Properties.
3. In the Properties dialog box, click Internet Protocol (TCP/IP), and then click
Properties.
4. In the Internet Protocol (TCP/IP) Properties dialog box, click Use the following
IP address.
5. In the IP address box, type 10.10.10.35.
6. In the Subnet mask box, type 255.255.255.0.
7. Click Use the following DNS server addresses.
8. In the Preferred DNS server box, type 10.10.10.1.
9. Click OK twice, and then close the Network Connections window.
Add cwaserver to the contoso Domain
The cwaserver server must be a member server in the contoso.com domain.
To add cwaserver to the contoso domain
1. Right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the Computer Name tab, and then click
Change.
3. In the Computer Name Change dialog box, click Domain.
4. In the Domain box, type contoso.com, and then click OK.
5. In the Authentication dialog box, type the user name and password of a member of
the DomainAdmins group, and then click OK.
6. On the Computer Name Changes authentication page, type the Domain Admin
credentials, and then click OK.
7. In the Confirmation/Welcome dialog box, click OK.
8. In the Restart notification dialog box, click OK.
9. In the Restart confirmation dialog box, click OK to restart the server.
Request a Certificate
Because you have set up contosodc.contoso.com as a Windows Server 2003 enterprise CA and
enabled autoenrollment, cwaserver.contoso.com will receive the enterprise CA certificate chain
when it is added to the domain. However, you will need to request a Web server certificate with
the FQDN (fully qualified domain name) cwaserver.contoso.com. You will be asked to choose
this certificate during the Communicator Web Access setup process.
Microsoft Office Communicator Web Access (2007 release) Guide to Lab
Deployment 13
Notes
The certificates for Office Communications Server 2007,
Standard Edition and Communicator Web Access must be
issued from the same certification authority and must use a
duplicated Web server template in which the Mark keys as
exportable option is enabled. See the Microsoft Office
Communications Server 2007 Standard Edition Deployment
Guide for the procedure detailing how to do this.
Lab scenario 1 uses the Microsoft certification authority (CA)
that you set up on contosodc.contoso.com, and the procedures
in this document assume the use of an internal CA. You can use
an external CA for this lab scenario, but you might need to
modify the certificate procedures to comply with the
requirements of the external CA, in addition to the certification
requirements of Office Communications Server 2007 and
Communicator Web Access.
The Communicator Web Access server requires an MTLS (mutual TLS) certificate and an SSL
IIS certificate. For this lab scenario, you can use the same certificate for both. The Communicator
Web Access certificate requirements for this lab scenario are as follows:
• MTLS certificates must be issued from the same CA from which the Office
Communications Server 2007, Standard Edition MTLS certificates are issued.
• Certificates must use a duplicated Web server template in which the Mark keys as
exportable option is enabled.
For this lab scenario, in which the FQDN of the server is cwaserver.contoso.com, the certificate
FQDN is cwaserver.contoso.com; however, if the server name differs for your deployment, use a
certificate with the FQDN of the server on which you are installing Communicator Web Access.
The following procedure assumes that cwaserver.contoso.com and the user who is signed in have
permission to access the internal CA on contosodc.contoso.com by using the physical network
and Certificate Services Web enrollment feature.
To request the certificate
1. On cwaserver.contoso.com, open a Web browser.
2. In the Address box, type http://contosodc.contoso.com/certsrv, and then press
ENTER.
3. Click Request a Certificate.
4. Click Advanced certificate request.
5. Click Create and submit a request to this CA.
6. In the Certificate Template list, select the name of the duplicated Web server
template that you created for the Office Communications Server 2007, Standard
Edition certificates.
14 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
7. In the Identifying Information for Offline Template box, type
cwaserver.contoso.com.
8. Verify that the Mark keys as exportable check box is selected (the default for the
duplicated Web server template). If the check box is cleared, select it.
9. In the Key Options area, select the Store certificate in the local computer
certificate store check box.
10. Click Submit.
11. If a potential scripting violation warning appears, and you understand and accept the
implications, click Yes.
Now that you have requested the certificate, you can install it.
To install the certificate on the computer
1. Click Install this certificate. If a potential scripting violation warning appears, and
you understand and accept the implications, click Yes.
2. Click Start, click Run, type mmc, and then click OK.
3. On the File menu, click Add/Remove Snap-in.
4. In the Add/Remove Snap-in dialog box, click Add.
5. In the list of Available Standalone Snap-ins, click Certificates.
6. Click Add.
7. Click Computer account, and then click Next.
8. In the Select Computer dialog box, ensure that the Local computer: (the computer
this console is running on) check box is selected, and then click Finish.
9. Click Close, and then click OK.
10. In the left pane of the Certificates console, expand Certificates (Local Computer),
expand Trusted Root Certification Authorities, and then click Certificates.
11. Confirm that the certificate that you just requested and installed contains an FQDN of
cwaserver.contoso.com and is located in this folder. If it is not, copy it from the
Certificates folder under the Personal folder node, just above.
Install and Configure Communicator Web Access
Installing and configuring Communicator Web Access involves the following procedures:
1. Install Communicator Web Access.
2. Activate the Communicator Web Access server.
3. Create the Communicator Web Access virtual server.
Microsoft Office Communicator Web Access (2007 release) Guide to Lab
Deployment 15
To install Communicator Web Access on cwaserver.contoso.com
1. Log on to cwaserver.contoso.com as a member of the Administrators group.
2. From the Office Communications Server 2007 installation media, double-click
setup.exe.
3. On the Office Communications Server 2007, Standard Edition Deployment
page, click Deploy Other Server Roles.
16 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
4. On the Deploy Other Server Roles page, click Deploy Communicator Web
Access.
5. On the Deploy Office Communications Server 2007, Communicator Web Access page,
under Step 1: Install Communicator Web Access, click Install.
Note
Activating the server creates the account CWAService in Active
Directory.
Note
The first virtual server is created during this step. You can
create additional virtual servers in Office Communicator Web
Access Manager (2007 release).
5. On the Select authentication method page, accept the default, and then click
Next.
Microsoft Office Communicator Web Access (2007 release) Guide to Lab
Deployment 19
6. On the Select Browser Connection Type page, accept the default of HTTPS
(recommended), and then click Select Certificate.
7. On the Select Certificate page, click the certificate with the FQDN of
cwaserver.contoso.com or the server name that you are using, and then click OK.
8. On the Select Browser Connection Type page, click Next.
9. On the Select IP address and port setting page, accept all defaults, and then
click Next.
10. On the Name the Virtual Server page, accept the default name Communicator
Web Access, and then click Next.
11. On the Automatically Start Virtual Server page, accept the default, and then click
Next.
12. On the Review Settings page, click Next.
13. On the Success page, click Finish.
9. In the Server or pool field, click the arrow, select ocs2k7.contoso.com from the list,
and then click Configure.
10. On the Other Options page, select the Enable remote user check box, and then
click OK.
11. Click Apply, and then click OK.
Sign in to Communicator Web Access
To test the deployment on client 1, sign in to Communicator Web Access as bob with domain
credentials by performing the following procedure on each client.
To sign in to Communicator Web Access
1. On the client1.contoso.com computer, open a supported browser.
2. In the Address box of the browser, type https://cwaserver.contoso.com.
3. In the Security Alert message box, click Yes if you understand the implications and
are comfortable with them.
4. On the Communicator Web Access sign-in page, set a presence level by clicking the
arrow next to Sign In and select the presence, and then click Sign In.
Note
If you wish to sign in as a user other than the account with
which you are signed in to the computer, click Sign in with a
different account and enter the sign-in address for the
account that you want to use, click Sign In, enter account
information in the Connect to dialog box, and then click OK.
Microsoft Office Communicator Web Access (2007 release) Guide to Lab
Deployment 23
5. On client 2, repeat this procedure for alice@contoso.com.
Note
Installing Communicator Web Access (2007 release) and any
server role of Office Communications Server 2007 on the same
physical server is not supported.
Microsoft Office Communicator Web Access (2007 release) Guide to Lab
Deployment 27
In lab scenario 2, the fictitious Contoso Corporation network includes the following:
• A domain controller that runs Microsoft Active Directory Domain Services, DNS
Server, and a private certification authority.
• Office Communications Server 2007, Standard Edition, deployed on server
ocs2k7.contoso.com.
Note
Running Office Communications Server 2007 on a domain
controller is not supported.
In addition to issuing certificates that are required for Office Communications Server 2007,
Standard Edition, Communicator Web Access, and Office Communicator 2007,
contosodc.contoso.com also issues the certificates that are required by ISA Server 2006 when it
is enabled for SSO. For production environments, a certificate that is issued from a public CA
can eliminate the need for installing the root certificate on external client computers.
Server: ocs2k7.contoso.com
You configured ocs2k7.contoso.com during lab scenario 1. The ocs2k7.contoso.com server runs
Windows Server 2003 SP1 or later and Office Communications Server 2007.
Server: cwaserver.contoso.com
You configured cwaserver.contoso.com during lab scenario 1. The cwaserver.contoso.com server
runs Windows Server 2003 SP1 or later and Communicator Web Access and will be configured
in lab scenario 2 with an external virtual server configured to use custom authentication.
Server: isa2006.contoso.com
The isa2006.contoso.com server is running ISA Server 2006 Standard Edition. The next table
shows the minimum system requirements for isa2006.contoso.com.
30 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
Table 7: Minimum Requirements for isa2006.contoso.com
Component Requirement
Client Computers
Each client computer runs the Microsoft Windows XP with SP2 operating system and the
Internet Explorer 7 Internet browser. You can optionally add Office Communicator 2007 to the
clients. Otherwise, the configuration of the client computers is the same as that for lab scenario 1,
except for a change of the IP address for client1.
Important
The MTLS certificates must be issued from the same CA as the
certificates that are used for the Communicator Web Access
(2007 release) server and the Office Communications Server
2007 server and must use a duplicated Web server template. A
certificate issued from a public CA is supported.
For details about certificate requirements and procedures, see Digital Certificates for ISA Server
2004 at http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/digitalcertificates.mspx.
Create the Communicator Web Access Virtual Server Using
Custom Authentication
Now create the external virtual server that will handle SSO-enabled traffic. The virtual server
must be configured to use custom authentication, and it must be published to the Web by an
SSO-enabled ISA Server 2006. Users must enter the exact URL that is configured in ISA Server
2006 to get the SSO experience. The user then must enter domain credentials when they first
access the SSO-enabled site. The credentials are cached on ISA Server 2006 so that subsequent
access by the same user is not challenged.
To create the Communicator Web Access external virtual server using
custom authentication
1. Click Start, point to Programs, point to Administrative Tools, and then click
Communicator Web Access (2007 release).
2. In the scope pane, right-click the server FQDN node, and then click Create Virtual
Web Server.
Microsoft Office Communicator Web Access (2007 release) Guide to Lab
Deployment 37
3. On the Welcome page, click Next.
4. On the Select Virtual Server Type page, click External, and then click Next.
38 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
5. On the Select Authentication Type page, click Use custom authentication, enter
?Cmd=logoff, and click Next.
6. On the Select Connection Type page, click HTTPS (recommended), and then click
Select Certificate.
7. On the Select Certificate page, select the certificate for cwaserver.contoso.com, and
then click OK.
Microsoft Office Communicator Web Access (2007 release) Guide to Lab
Deployment 39
8. On the Select Connection Type page, click Next.
9. On the Select IP Address and Port Settings page, in the Port box, type 444, and
click Next. This port number must be different from the port number (443) that you
used for the other Communicator Web Access virtual server (lab scenario 1).
10. On the Server Description page, type cwaSSO, and then click Next.
40 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
11. On the Start Server Option page, click Next.
12. On the Review Settings before Virtual Server Creation page, click Next.
If you choose to specify the LDAP server when you create the Web listener in the next step, the
New Web Listener Wizard will provide a page where you can do so. In either case, for details
about how to specify the LDAP server, see the Secure Application Publishing paper at
https://www.microsoft.com/technet/isa/2006/secure_web_publishing.mspx.
Create the SSO-Enabled Web Listener
You will now create the SSO-enabled Web listener that listens on the external ssoServer network
interface card.
To create the SSO-enabled Web listener
1. On isa2006.contoso.com, open the ISA server snap-in: click Start, point to
Programs, point to Microsoft ISA Server, and then click ISA Server
Management.
Microsoft Office Communicator Web Access (2007 release) Guide to Lab
Deployment 43
2. On the Firewall Policy (default) result pane, on the Toolbox tab on the right side
of the result pane, select Network Objects, click New, and then click Web Listener.
3. On the Welcome page, enter ssoServer in the Web listener name box, and then
click Next.
44 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
4. On the Client Connection Security page, accept the default Require SSL
secured connections with clients, and then click Next.
5. On the Web Listener IP Addresses page, under Listen for incoming Web requests
on these networks, select the External check box, and then click Select IP
Addresses.
11. On the Select Certificate page, select the certificate you created for the ssoServer
Web listener. This certificate should have the FQDN of the URL used to access the
ssoServer listener; in this case, cwa.contoso.com. Click Select.
Microsoft Office Communicator Web Access (2007 release) Guide to Lab
Deployment 47
13. On the Authentication Settings page, select HTML Form Authentication, select
LDAP (Active Directory), and then click Next.
48 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
14. On the Single Sign On Settings page, select the Enable SSO check box. In the SSO
domain name box, enter .contoso.com (notice the leading “.” in .contoso.com), and
then click Next.
Microsoft Office Communicator Web Access (2007 release) Guide to Lab
Deployment 49
15. If you did not configure the LDAP verification server before creating the Web
listener, you can configure it now on the page that appears. If you have already configured
the server, skip to the next step.
16. On the Completing the New Web Listener Wizard page, click Finish.
17. In the ISA MMC Firewall Policy result pane, click Apply.
19. In the ISA Server snap-in, right-click the Server node in the scope pane, and then
click Refresh.
50 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
Publish the Communicator Web Access ssoServer Virtual Server
Use the following procedure to create an SSL Web publishing rule for the Communicator Web
Access ssoServer virtual server that is configured for custom authentication, and then attach the
listener to that publishing rule.
To publish the Communicator Web Access ssoServer site
1. In the scope pane of the ISA Server snap-in, click the Firewall Policy node.
2. Click the Tasks tab, and then click Publish Web Sites.
3. On the Welcome page, in the Web publishing rule name box, type ssoCWA,
and then click Next.
Microsoft Office Communicator Web Access (2007 release) Guide to Lab
Deployment 51
4. On the Select Rule Action page, click Allow, and then click Next.
5. On the Publishing Type page, verify that Publish a single Web site or load
balancer is selected, and then click Next.
6. On the Server Connection Security page, select the Use SSL to connect to the
published Web server or server farm check box, and then click Next. Using SSL is
required.
52 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
7. On the Internal Publishing Details page, in the Internal site name box, type the
name of the internal site (cwaserver.contoso.com). If necessary, specify the computer name
or IP address: select the Use a computer name or IP address to connect to the published
server check box, and then, in the Computer name or IP address box, type
cwaserver.contoso.com. When this page is as you want it, click Next.
8. On the next page, which is also titled Internal Publishing Details, type /* and then
click Next.
Microsoft Office Communicator Web Access (2007 release) Guide to Lab
Deployment 53
9. On the Public Name Details page, in the Public name box, type
cwa.contoso.com, and then click Next.
10. On the Select Web Listener page, in the Web listener list, click ssoServer, and then
click Next.
54 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
11. On the Authentication Delegation page, click Basic authentication, and then click
Next.
13. On the Completing the New Web Publishing Rule Wizard page, click Finish.
Microsoft Office Communicator Web Access (2007 release) Guide to Lab
Deployment 55
14. In the snap-in, click Apply, click OK, and then refresh the ISA server node: in the
scope pane, right-click the server node, and then click Refresh.
Configure ISA Server to Redirect ssoServer Traffic to Port 444
Now configure ISA Server to redirect ssoServer traffic from port 443 to the Communicator Web
Access ssoServer virtual server that is running on port 444 on cwaserver.contoso.com.
To configure ISA to redirect https://cwa.contoso.com requests to port
444 on cwaserver
1. In the ISA Server Management scope pane, click the Firewall Policy node.
2. In the result pane, right-click the ssoServer Web Publishing rule, and then click
Properties.
3. On the ssoServer Properties page, click the Bridging tab.
4. On the Bridging tab, click Web server.
5. Clear the Redirect requests to HTTP port check box, click Redirect requests to
SSL port, and then type 444 in box next to it. You do not need to select a certificate
on this page.
6. Click Apply, and then click OK.
7. On the main ISA management console, click Apply to commit the changes.
8. On the Apply New Configuration confirmation box, click OK.
The Communicator Web Access Contact List appears, as seen in the next figure.
Figure 11: Signed In
The Call-Forwarding button, seen in the next figure, will appear only if the user has been enabled
for Enterprise Voice.
58 Microsoft Office Communicator Web Access (2007 release) Guide to Lab Deployment
Note
Clients cannot connect directly to the SSO-enabled
Communicator Web Access external virtual server without first
traversing an ISA Server 2006 that is enabled for SSO.
2 On Ted’s computer, click Ted at the top of Ted’s presence is shown as Away on both
the Communicator Web Access main client computers.
page. On the menu that appears, click
Away.
Exercise 6: Set Alice’s presence status to Do Not Disturb and send Alice an instant message from
Ted.
1 On Alice’s computer, close the Ted - N/A
Conversation dialog box.
2 On Alice’s computer, click Alice at the top Alice’s presence is shown as Do Not
of the Communicator Web Access main Disturb on both client computers.
page. On the menu that appears, click Do
Not Disturb.
3 From Ted’s computer, send Alice an A message in Ted’s Communicator Web
instant message as described previously. Access page indicates that Alice’s status
is Do Not Disturb.
Exercise 7: Remove Alice from Ted’s Contact List
1 On Ted’s computer, on the main Ted is prompted to confirm that he wants
Communicator Web Access page, under to remove Alice from his Contact List.
Other Contacts, right-click Alice, and
then click Remove from Contact List.
2 In the confirmation dialog box, click OK. Alice is removed from Ted’s Contact List.
Exercise 8: Test SSO for ssoServer users
1 On the ssoServer client, open a browser You are challenged for credentials, with
window and go to Communicator Web an ISA form before gaining access to
Access at https://cwa.contoso.com in the Communicator Web Access for initial
browser. attempts in a browser instance when
persistent cookies are not enabled.
2 Enter domain credentials. You access the main Communicator Web
Access page.
3 Sign out of the Communicator Web Access You see just the Parent browser with the
page: On the toolbar, click Connect, and Sign In Again button.
then click sign out. Close the child
browser page, but do not close the parent
browser page.
4 On the main browser page, click Sign In You gain access to Communicator Web
Again. Access without being challenged for
credentials.
5 Test your solution. A user experience as designed.