Multi-tasking and native iPad support have been added!

iDialog (including iDialogPro) is the Microsoft Office Communications Server (OCS) and Lync compatible client for the Apple iPhone, iPad, and iPod Touch

We have been working hard to address all of our user’s feedback.  The update is very well tested and has been in use by a number of customers in production beta testing for several months.

The update will be available in iTunes from Wednesday May 18th, 2011.

New Features:

• Multi-tasking support on iOS4+.  iDialog will run in the background for 9 minutes.  During this time the user will appear online to other users and the user will receive a local push notification for any new chats.  An audio tone will be played and a notification badge will be added to the app icon for any new inbound IMs to existing chats.  After 9 minutes iDialog will sign the user out.  Bringing iDialog to the foreground (re-entering the app) will reset the 9 minute timer.
• Native iPad screen resolution
• Portrait and Landscape mode for all devices
• Supports searches that return Distribution Groups as well as users
• Users can email the contents of an IM session
• When viewing a contact and selecting email, iDialog now sends mail without leaving the app.
• Ability to capture debugging trace information to help us troubleshoot issues if users are unable to logon.

Q. What about “Push”?

A.  “Push” functionality enables a cloud-based service to send a wake-up notification to an application.   Some consumer Instant Messaging apps use this technique to notify the user of new incoming instant messages.   We do not believe push is the right model for iDialog, because this functionality would require us to host a service that captures your user’s enterprise credentials.  In order to support Push, a cloud-based service would have to act as a client and log into OCS/Lync on your user’s behalf.  We feel this is too much of a security/privacy concern for most customers.  Every customer we have spoken to about this agrees.   This is in contrast to consumer services like Skype, AOL, etc, where user’s supply their own personal credentials, and the user can make an informed decision about who they give these credentials to.

Q.  Why does multi-tasking only work for 9 minutes?

A.  The terms & conditions of Apple’s developer program do not allow instant messaging applications to use iOS background services for IM and Presence for an unlimited amount of time.  Apple’s App Store Review Guide states:

2.16 Multitasking apps may only use background services for their intended purposes: VoIP, audio playback, location, task completion, local notifications, etc

Battery usage and the impact of a background IM app on the device’s battery life was also a major factor in our design decision.  

iDialog uses a feature called “task completion” to run in the background for a short period of time after the user exits the app.  We feel that our current implementation, which is fully supported by Apple, is a significant improvement that addresses most user’s needs:  It provides the ability to switch back and forth between iDialog and other apps without signing-out and losing conversation state.

Q.  Who should I contact if I have any questions?

A.  Please contact us by email at iDialog@modalitysystems.com.  We always endeavor to respond as quickly as possible. Our office hours are Mon through Fri,  9am to 5pm GMT.

Thank you again to our users for all of their feedback!

-John

Integrating Cisco and Microsoft telephony environment can be a minefield. Depending on how your users work, what existing Cisco infrastructure you have and what your budget is will all have a bearing on which solution you use.

To address these problems, we’ve created a comprehensive white paper that covers all voice integration scenarios between Office Communications Server 2007 R2 and Cisco Unified Communications Manager. The purpose of this document is to understand the decision making process, allowing you to see what the user experience is like and compare each.

The following points are covered in this document:

• Provide background information on Office Communications Server (OCS) 2007 R2 telephony features and scenarios.
• Provide background information on the possible integration points between OCS 2007 R2 and Cisco Unified Communications Manager (CUCM)
• Communicate the features and capabilities of various scenarios involving the integration of OCS 2007 R2 and CUCM.

This white paper was written to cover the experience using OCS 2007 R2 and Office Communicator 2007 R2, however all integration scenarios remain valid today when integrating with Lync 2010.

Download it here in PDF format.

Findings From a New Study Published in The Journal of Computer Mediated Communication

The widespread assumption that Instant Messaging (IM) increases distractions in the workplace has always bothered me because I find it to be the exact opposite of my experience.  I actually find IM interruptions to be non-intrusive and often welcome. 

In thinking about some of the reasons why this is the case, I came up with the following list:

• Presence lets people know when you’re available.  We have our Microsoft OCS-based IM system linked to our Outlook calendars and phone system, so colleagues not only know when I’m online, but also know when I’m in an important meeting or on the phone – all from quickly glancing at my presence.
• IM is brief and to the point.  The medium encourages brevity and cross-talk, both of which would be impolite in an face to face or phone conversation. 
• It can be as real-time as I want it to be.  I don’t have to immediately drop what I’m doing (like when answering a phone call).  Instead, I can delay my initial response by 15 – 20 seconds and still be within the boundaries of politeness in order to wrap up whatever mini-task I’m in the middle of completing.

In an article published in Science Daily, the journalist interviews R. Kelly Garrett, co-author of the study and assistant professor of communication at Ohio State. 

The study involved 912 people who worked at least 30 hours per week in an office and used a computer for at least five hours in a workday. Randomly selected participants from 12 metropolitan areas took a telephone survey between May and September 2006. The results were published recently in the Journal of Computer Mediated Communication.

“We found that the effect of instant messaging is actually positive. People who used instant messaging reported that they felt they were being interrupted less frequently.”

Importantly, Garret also go on to discuss how it has taken time to build a culture around the use of IM, but pervasive use in both personal and professional contexts is now the norm.

“People see a new technology and they are innovative in how they use it. They will tailor their use of the technology to their needs and their expectations. And with IM, people had enough time to learn about the technology at home and to find ways to use it productively.”

“It is not the case that people are engaging in extensive conversations or trying to resolve complex problems over this very limited medium. Instead, people are using the technology to solicit answers to quick questions from colleagues and coordinate their conversations at more convenient times.”

Although my personal experience counts for something when we engage our clients on the use of IM, having a concise academic study as back-up evidence will be incredibly useful.

-John Lamb, Modality Systems Ltd.

Recently I built a new OCS 2007 R2 Enterprise Edition pool for a customer, consisting of 4 Front End servers deployed behind a F5 BIG-IP hardware load balancer to provide IM and Presence and Web Conferencing to a few thousand users. You’d think “no worries right, follow the Deployment Wizard, she’ll be apples”.

Not quite in this case. From this, I learnt a lot more about what it takes to get things off the ground in a large, highly regulated and distributed Active Directory and LCS/OCS environment.

So the objective of this post is to share a few tips with you to help mitigate delays in your deployments in the future.

Back End SQL Database

Make sure you have necessary permissions on the SQL Server (cluster) for the account you are using to create databases in the instance you’re going to use. Note that a SQL Server instance that currently hosts LCS databases cannot be used to deploy the databases for OCS 2007 R2.

Also check with your DBA to see if any minimum database size requirements are in place as part of an existing new database template.

Forest Level Universal Group Memberships

As well as having Domain Admins group membership in the domain you’re deploying the pool in, to create the Enterprise Edition Pool you’ll need either membership of the RTCUniversalServerAdmins group at forest level (the parent domain – created during Forest Prep) or be a member of a group that has had these effective permissions delegated to it (see John’s post for more details).

Service Accounts

Once you’ve created the Enterprise Pool and entered all the necessary FQDNs, specified the back end server and the file shares to use, you’ll want to started installing OCS 2007 R2 on your Front End Servers and adding them to the pool. A few things to watch for here service account wise that you may require change control/approval on.

• The RTCService you create (or utilise from an existing deployment – same name or not) during Front End Server activation must be a member of the RTCHSUniversalServices universal group in forest root.
• The RTCComponentService account must be a member of the RTCComponentsUniversalServices universal group in forest root.
• The RTCGuestUserAccess account you create during Front End Server activation must be a member of the RTCUniversalGuestAccessGroup universal group in forest root.

These are all things that are usually taken care of during the entire deployment process, but could snag you up in a more complicated environment. So when you submit that change request to get RTCUniversalServerAdmins group (or equivalent delegated) membership, send through the names of the service accounts you intend on using also.

Issuing certificates to servers when using the Certificate Wizard isn’t an option

Generally once each Front End Server is installed, added to the pool and activated, we kick on with assigning certificates to these servers. We do this using the Certificate Wizard included with the OCS 2007 R2 Admin Tools.

If you don’t have the necessary rights to wanton request certificates from the CA (e.g. you might only have rights to issue certificates from one particular template) or you can’t request using the Web Server template that the OCS Certificate Wizard uses, you’ll need to either submit CSR files or get your certs from the CA’s web enrolment page. During this deployment, I opted for the later.

Because we generally need to specify a SAN (Subject Alternative Name) or two for things like pool FQDN, machine FQDN and External Web Farm FQDN, we need to make sure these get on the cert. This works a bit differently than in the OCS 2007 R2 Certificate Wizard.

Navigate to the Web Enrolment page of your CA (generally https://serverhostname/certsrv) and click through (in order) the Request a Certificate, Advanced certificate request and Create and submit a request to this CA pages.

Specify the certificate template (Web Server ideally, but if you can only use a certificate template that grants the equivalent or greater specs than this, select that). Fill in all the usual details like you would in the OCS 2007 R2 Certificate Wizard.

Now, here’s the cool part. In the Attributes box at the bottom of the page, you can specify the additional SANs you need. Your string should take the following format:

(san:dns=SN FQDN&dns=SAN FQDN) e.g. san:dns=hostname.domain.com&dns=poolname.domain.com&dns=abs.domain.com

Note that each SAN FQDN is separated by a & (ampersand) sign.

Once you’ve specified your SANs, click Submit.
If the CA is not configured to issue certificates automatically; a Certificate Pending page appears and requests that you wait for the CA administrator to issue the certificate that you requested.
Otherwise, the Certificate Issued Web page appears and you can click Install this Certificate to install the certificate.

This step installs the certificate to the User container in the Certificates MMC snap-in, so make sure to properly move it to the Machine container so you can assign it to your Front End servers.

Conclusion

You won’t come across a lot of these issues in every Enterprise Edition pool deployment you do, but it’s worth being aware of them for those peskier, more locked down environments.

If anyone has any questions regarding anything I’ve mentioned, feel free to post it in the comments section.

- Justin Morris, Modality Systems

The next meeting of the UCVUG will take place on Monday April 19th, 2010.

I would like to pass on details of the next UCVUG meeting.  Please support this great community by registering for the event and participating.

April 2010 Meeting Details

The Microsoft Unified Communications Virtual User Group (UCVUG) will be hosting its next quarterly meeting on April 19th, 2010 at 12:00 PM Eastern Time (-5 GMT). This event will be broadcast online via Microsoft Live Meeting. Please register if  you plan to attend so that we can get a count of how many attendees to plan for.

Agenda

• UCVUG Welcome – Dustin Hannifin
• Exchange 2010 UM and OCS 2007 R2 Integration – Alex Lewis
• Prize Drawing and Closing – This month we will be giving away copies of Windows 7

Speaker Bio

Alex Lewis is a senior Unified Communications consultant at Convergent Computing and author of many books in the “Unleashed” series. He has contributed to Exchange Server 2003 Unleashed, Exchange Server 2007 Unleashed and Exchange Server 2010 unleashed and is currently writing “Microsoft Communications Server W14 Unleashed”. You can follow Alex on Twitter and read more about his UC implementation experiences on his blog, Windows into Silicon Valley.

Registration

If you plan to attend this event, please register via the registration link here:

http://ucvugapril2010.eventbrite.com/

-John Lamb, Modality Systems

Gurdeep Singh Pall Delivers the Goods During Microsoft  Keynote at VoiceCon 2010 Orlando

Gurdeep is is the Corporate VP of the Unified Communications R&D group at Microsoft.  I had the distinct pleasure of working with Gurdeep when I was at Microsoft.  He’s not only an incredibly technical and passionate leader, but a great speaker as well.  I always make a point of taking extensive notes whenever he presents, because of the wealth of information and key talking points that he delivers.

Here are my notes from his VoiceCon Orlando keynote presentation.

On-Demand Presentation Recording:

You can watch the keynote here:  http://tv.voicecon.com/

• Register and go to Live TV. 
• In the video window, click Menu, and navigate to on-demand presentations for VoiceCon (March 2010, Orlando)

Statistics Presented in the Introduction Video:

• 1 in 6 US households don’t have fixed line phones
• US mobile phone users send 1.7x more texts than phone calls on average (I expect this is much higher in UK/Europe)
• The statistic rises to 10x among teenagers
• 70% of mobile phone calls originate from cars
• 4 million “millennials” enter the workforce each year
• The most popular online destination for the millennial demographic is social networks
• 300 million people use Windows Live Messenger to make voice calls
• In December 2009, AT&T asked the FCC to eliminate the regulatory requirement to provide landlines to households
• “The next generation is here”

Introduction:

“The only thing that is constant is change”

Computer and phone have been separate, and over the last decades, computers kept getting faster and faster, but phones have  the same

The average information worker only spends 40% of time at their desk.  (So most communications systems are designed for 40% of use?  What about the other 60%?)

Microsoft Has Just “One” Idea: 

If we had to design communications system, starting anew, without being tethered to the past, how would you go about designing that system? 

How do you take software to create a communications system like that?

Microsoft had a luxury:  They could be disruptive because there was no legacy business to protect.

OCS Today:

70% of "fortune X”( ? – didn’t catch the number) companies have OCS today

Microsoft and entire industry led the transformation from mainframes to PC’s.  The ethos was: don’t buy hardware, software and services and software from a single vendor, build an ecosystem

“Mainframe era economics plagues the PBX industry.”

New Wave 14 features Demo:

Jamie Stark did a great job showing new features of “Communications Server Wave 14”.  I was happy to see that they skipped past the typical “Presence is dialtone” explanation and embedded presence in Outlook.  This is a very powerful message, but one that this particular audience has all seen before.

Demo highlights:

• Location awareness
• E911 services – powered by the location awareness (Location is carried in the SIP channel and sent to a public service providers in the cloud.)
• “Visual Voice Mail” type voice mail UI – directly accessible in Office Communicator
• Click to convert to Voice Mail to text via Exchange UM  (cool feature: each transcribed word is a hyperlink that will jump to the right place in the audio playback.)
• Contact Card & Skill Search  This is an interface directly into the SharePoint index of skillsets and information
• Call Admission Control

Case Studies

This section was followed by a great demo from Clarity Consulting around a hosted Call Centre solution they built on OCS 2007 R2.   

There was also a customer presentation from AT Kearney, a business consulting company with 3500 employees and 47 offices.

• Replaced legacy PBX with OCS R2, extended for mobile users
• Improved employee work/life balance and lowered TCO
• 300k IM / day
• 450 – 500 video calls / day
• Anecdote: OCS federation with clients like Best Buy enables secure & compliant communication (both data and voice) at no extra cost.

Gartner Magic Quadrants:

For four years in a row, Microsoft has been a leader in the Gartner magic quadrant for UC, and Microsoft is also a leader in the following MQ’s: 

• Enterprise Content Management
• Social Software
• Information Access Technology

Gurdeep’s Predictions

In next 3 years

• 50% of voice calls will be more than voice
• 75% of apps will be communications enabled

Quote: "The success of UC will be like salt in food.  It’s always there, an important ingredient, but you never see it."  (referring to the fact that it will be embedded into applications by default).

My Takeaways

I think the big takeaway is that Microsoft is leading in Enterprise Collaboration.  Voice is becoming an increasingly a smaller part of collaboration, and while still critically important, must fit seamlessly into the bigger picture of real-time (synchronous) and non-real-time (asynchronous) collaboration.  This, along with seamless mobility, are the most critical factors to consider when developing a UC strategy within an organization.

-John Lamb, Modality Systems 

Last year, I deployed a new set of Exchange Server 2007 servers (Client Access and Hub Transport on one server, Mailbox Server on another) into an Exchange Server 2003 environment for a customer as part of the build phase of the messaging migration component of a large infrastructure upgrade project. I went about testing mailbox access, mail routing etc and found that I had some weird behaviour occurring.

I couldn’t log on using OWA to mailboxes I created on the new Mailbox Server or mailboxes I migrated from the Exchange 2003 server because I was getting a "you do not have permission to access this mailbox" error (below).

I checked the mailbox permissions on the mailboxes and everything looked fine (NT AUTHORITY\SELF was specified).

I could however log onto mailboxes on the Exchange 2003 using the Exchange 2007 OWA, meaning OWA itself looked ok. No mail was traversing between the two environments nor was it getting to external recipients from Exchange 2007 mailboxes.

In addition to that, I was getting these warnings on the Mailbox Server:

Log Name: Application

Source: MSExchangeMailSubmission

Date: 24/06/2009 2:29:44 PM

Event ID: 1009

Task Category: MSExchangeMailSubmission

Level: Warning

Keywords: Classic

User: N/A

Computer: MBX.domain.local

Description:

The Microsoft Exchange Mail Submission Service is currently unable to contact any Hub Transport servers in the local Active Directory site. The servers may be too busy to accept new connections at this time.

And these on the Client Access/Hub Transport Server:

Log Name: Application

Source: MSExchangeTransport

Date: 24/06/2009 5:51:41 AM

Event ID: 1035

Task Category: SmtpReceive

Level: Warning

Keywords: Classic

User: N/A

Computer: CASHT.domain.local

Description:

Inbound authentication failed with error LogonDenied for Receive connector Default CASHT. The authentication mechanism is Gssapi. The source IP address of the client who tried to authenticate to Microsoft Exchange is [ipaddressofex2003machine].

And:

Log Name: Application

Source: MSExchangeSA

Date: 18/06/2009 8:37:22 AM

Event ID: 9186

Task Category: General

Level: Warning

Keywords: Classic

User: N/A

Computer: CASHT.domain.local

Description:

Microsoft Exchange System Attendant has detected that the local computer is not a member of group ‘/dc=local/dc=domain/ou=Microsoft Exchange Security Groups/cn=Exchange Servers’. System Attendant is going to add the local computer into the group.

The current members of the group are ‘CN=Exchange Install Domain Servers,CN=Microsoft Exchange System Objects,DC=domain,DC=local; CN=CASHT,OU=Servers,OU=IT,OU=Company,DC=domain,DC=local; CN=MBX,OU=Servers,OU=IT,OU=Company,DC=domain,DC=local; ‘.

Because this was a new install of Exchange Server 2007, I thought something was up with the install so redeployed the virtual machines from template and installed from scratch and reconfigured everything but alas, no dice. I’d never seen these kind of issues on other deployments so found it really weird.

I google’d everything I could to find a solution but nothing came up. I ran the Exchange BPA and Troubleshooting agents, ran Test-MAPIConnectivity and Test-OWAConnectivity but to no avail.

Quite perplexed, it was here that I called Microsoft Product Support Services to check out the problem with me.

We increased event logging levels on OWA, Information Store, Mail Submission on the relevant servers but still didn’t see anything compelling to determine the problem. I also tried removing the OWA virtual directory and recreating it but this didn’t help.

Finally, we checked the Local Security Policy on the Mailbox Server under

Computer Configuration -> Windows Settings -> Security Settings -> Local Policies – User Rights Assignment and looked at the Access this computer from the network policy setting. It was here that I found that the Default Domain Policy was enforcing DOMAIN\Domain Users rather than not being defined at all as it should be.

Once I removed this setting and did a gpupdate /force on the two Exchange 2007 servers, everything lit up and worked as it should. I could log into an Exchange Server 2007 mailbox using OWA, mail started flowing between the two environments and to external recipients and all the warnings in the Application logs on both servers cleared up.

This is definitely not something you’ll come across regularly in your Exchange travels as it was a unique pre-existing issue with the customer environment, but worth checking out if you’re experiencing behaviour and warnings like this after you install Exchange Server 2007 into an Exchange Server 2003 environment.

A corporate version of the successful iDialog client is now available

Corporate Licensing

iDialogPro is the corporate version of the iDialog client (based on iDialog version 1.2), now available with volume licensing and controlled distribution to your users.  

How It Works

iDialogPro is available as a free (no cost) application in the Apple iTunes store.   This enables your users to download and install iDialogPro as they would any other iPhone or iPod Touch application.   Upon launching the application, the user will be asked to provide an authorization code in order to unlock and use the application beyond the initial trial period.   The code is tied to your company‘s OCS domain and is therefore automatically secure from unauthorized distribution outside of your company.   This enables the code to be distributed freely to your users, for example, via email.

What do I need?

In order to use iDialogPro, you will need the following:

• An Apple iPhone or iPod Touch device with a network connection (WiFi, 3G, EDGE, GPRS, etc)
• iDialogPro installed on the device.
• A Microsoft OCS 2007 or 2007 R2 server system that is properly configured
• An OCS Communicator Web Access (CWA) Server, preferably accessible via the Internet

Trial Capability

If you would like to try iDialogPro, download and install the application from the Apple iTunes store.  When you launch the application for the first time, use the activation code “CanIConnect”.   This code will enable use of the product for 3 days. 

If you have any questions or would like more information about licensing iDialogPro for your organization, please contact us: idialog@modalitysystems.com

-John

John Lamb, Modality Systems

Skype is getting serious about business voice

I posted recently on Skype hiring Jonathan Rosenberg.  Today, Skype announced that David Gurle has joined the team as GM and VP of Skype for Business.

Mr. Gurle was instrumental in laying the foundation for LCS/OCS at Microsoft, and more recently turned Thomson Reuters into a major collaboration player within the financial services market.

I don’t like making predictions, but is this the start of a 3 horse race in Enterprise UC?  Or will Skype simply fill an important gap in the small and mid-market businesses where the major Enterprise UC players require too much investment and heavy-lifting?

If Skype starts with adoption at smaller companies and and grows up-market through continuous innovation, they will be well-positioned for success. 

-John

John Lamb, Modality Systems

To provide a seamless experience for your staff working remotely outside the corporate LAN in addition to an Edge Server, OCS 2007 R2 (and R1) also requires a reverse proxy in your DMZ/perimeter network to publish your Web Components Server role (IIS) of the Front End Server. This is to provide a few things:

• Address book download (GAL search capabilities) in Office Communicator.
• Distribution group expansion within Office Communicator.
• Meeting content download during a web conference in Live Meeting and;
• Download of device firmware update for Office Communicator Phone Edition (OCPE – Tanjay) devices.

If the client applications (Office Communicator and Live Meeting) can’t retrieve these items, you will experience problems such as:

• The much maligned “Cannot synchronise corporate address book” error in Communicator.
• The inability to expand distribution groups in a users contact list in Communicator.
• PowerPoint presentations, whiteboards and any other uploaded content will not display in Live Meeting and;
• Any OCPE devices external to the corporate LAN won’t be able to get new firmware updates.

In addition to this, a reverse proxy would usually be required to publish other services such as Communicator Web Access, Outlook Web Access/App, SharePoint, etc. ISA Server 2006 is your best weapon of choice for this purpose, but the reverse proxy requirement for OCS can also be achieved using other firewall/web publishing devices you might have.

Today I’m going to focus on a neat trick you can utilise with ISA Server to use 1 less certificate, FQDN and IP address when publishing your OCS IIS directories by utilising an existing URL.

All the requirements and steps for setting up ISA Server are detailed in the Microsoft documentation. The focus of this post won’t be to go into the detail of how to configure rules and web listeners in ISA. I’ll assume you’re all cluey enough to get that bit sorted out.
I’ll use publishing SharePoint with OCS as an example, but this could be adapted to be used with the other resources as listed above, depending on your publishing method.

Because we are specifying explicit URL paths to forward web requests to OCS, we can layer this on top of a rule that already forwards requests to the /* of your URL and use its FQDN as well. The end product should look like this:

The only requirement for this scenario is that the underlying URL must be using a web listener that supports No Authentication in the Authentication tab of the web listener. You can’t use a URL that is being published using ISA Server forms-based authentication or another type of authenticaiton, because OCS requires No Authentication to work.

Today I’ll go through the process of completing the following tasks:

1. Changing your External Web Farm FQDN on your OCS pool to match the desired URL.
2. Configuring your OCS web publishing rule to respond to requests on the new URL.
3. Specifying explicit required paths on the new URL.

I recommend that you either test this configuration in a lab environment first or schedule an outage window to implement this as it may cause an interruption of service to the existing URL you’re utilising.

Changing your External Web Farm FQDN

Firstly, you’ll want to identify which FQDN you’re going to use for the OCS External Web Farm FQDN from your existing FQDNs published on ISA Server. Let’s say for example sharepoint.contoso.com.

1. Log on to the Standard Edition server or Enterprise Edition server in the pool with an account that is a member of RTCUniversalServerAdmins group or has equivalent permissions
2. Open a command-line prompt.
3. Navigate to the \Program Files\Common Files\Microsoft Office Communications Server 2007 directory.
4. To set the external URL for the Web farm, type the following command:

5. Lcscmd /web /action:updatepoolurls /externalwebfqdn:sharepoint.contoso.com /poolname:<poolname>

This will update the WMI parameters for the pool and allow OCS to respond to requests to the FQDN specified.

Configuring the OCS web publishing rule to respond to requests on the new URL

As you progress through the Web Publishing Rule Wizard as detailed in the documentation, you’ll need to configure the fields on the Public Name Details page with the FQDN of the existing service you’re going to utilise (SharePoint in our case).

Specify the path /Abs/* for now, we’ll specify more paths later.

Continue with configuration of the web publishing rule to the Select Web Listener page and select the web listener already configured for the FQDN you want to use.

Continue configuration as detailed in the documentation.

Specifying explicit required paths on the new URL

After you’ve created the web publishing rule for OCS, open the Properties dialog and select the Paths tab.

In addition to the /Abs/* path you added during creation, add the following additional paths for this web publishing rule:

/RequestHandler/*

/GroupExpansion/*

/DeviceUpdateFiles_Ext/*

/etc/*

Your paths should look like this (they might be in a different order, this is ok):

And the rule you have created for publishing SharePoint should look like this:

This rule then effectively becomes a “catch-all”, and must be ordered after the OCS publishing rule in your ISA Server firewall policy (as illustrated in the first image in this post).

By creating these two rules in ISA Server, we ensure that only requests from Office Communicator and Live Meeting to the explicit paths we have specified for OCS are proxied to your OCS 2007 R1/R2 pool/front end server, and all other requests are proxied to your SharePoint server (or whatever other service you choose).

This results in only utilising the one IP address, SSL certificate and FQDN, thus cutting down on costs and management.

Feel free to post any questions to the comments section.

- Justin