OpenScape V2.0 Installation Guide

HiPath OpenScape V2.
0
Installation Guide
*1PA31003-S5020-S100-1-7620*
1P A31003-S5020-S100-1-7620
The information provided in this document contains merely general descriptions or

characteristics of performance which in case of actual use do not always apply as described or which may change as a result of further development of the products.
An obligation to provide the respective characteristics shall only exist if expressly
agreed in the terms of contract.
Siemens AG 2004
Information and Communication Networks,
Hofmannstrae 51, D-81359 Mnchen, Germany
Reference No.: A31003-S5020-S100-1-7620 Printed in the Federal Republic of Germany.
Subject to availability. Right of modification reserved.
5454TOC.fm
Nur fr den internen Gebrauch
Content
Content
1 About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.1 Prerequisite Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2 Purpose of This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3 How to Use This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.4 Related Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.5 Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1-1
1-1
1-1
1-1
1-3
1-3
2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1 Upgrades from V1 SPCR to V2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1.1 Production Mode with Upgrade of Media Server Software . . . . . . . . . . . . . . . . . .
2.1.2 Production Mode with Re-installation of Media Server PC . . . . . . . . . . . . . . . . . .
2.1.3 Early Deployment Mode with Upgrade of Media Server Software . . . . . . . . . . . .
2.1.4 Early Deployment Mode with Re-installation of Media Server PC . . . . . . . . . . . .
2.2 System Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1 OpenScape Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.1 OpenScape Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.2 OpenScape Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.3 OpenScape Management Console (OMC). . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.4 OpenScape MCU (Multipoint Control Unit). . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.5 OpenScape Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.6 OpenScape Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.7 OpenScape Trace File Accumulator (TFA). . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.8 OpenScape Early Deployment Mode (EDM) . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.9 OpenScape Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.10 OpenScape Forest Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.1.11 SIP Phones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2 Non-Siemens Prerequisite Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2.1 Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2.2 Windows Server 2003 Active Directory Application Mode (ADAM) . . . . . . . .
2.2.2.3 Microsoft SQL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2.4 Microsoft Office LC Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2.5 Microsoft Exchange 2000/2003 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2.6 Microsoft Windows Server 2003 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2.7 Microsoft .NET Framework V1.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2.2.8 Microsoft Web Service Enhancements (WSE) 2.0 . . . . . . . . . . . . . . . . . . . . .
2.3 OpenScape Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3.1 Infrastructure Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3.1.1 Production Mode vs. Early Deployment Mode . . . . . . . . . . . . . . . . . . . . . . . .
2.3.2 OpenScape Application Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3.3 Additional Devices and Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3.4 Deployment Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2-1
2-1
2-1
2-1
2-1
2-1
2-1
2-1
2-1
2-2
2-2
2-2
2-2
2-2
2-2
2-2
2-2
2-2
2-3
2-3
2-3
2-3
2-3
2-3
2-3
2-3
2-3
2-4
2-4
2-4
2-5
2-5
2-5
2-6
A31003-S5020-S100-1-7620, July 2004

HiPath OpenScape V2.0, Installation Guide
0-1
5454TOC.fm
Content
2.3.5 Deployment Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

2.3.6 Typical Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10
2.4 Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
2.5 OpenScape Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13
2.5.1 Existing Licenses from V1.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13
2.5.2 New Licenses in V2.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15
2.6 Non-OpenScape Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18
3 Pre-Installation Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
3.1 Recommended Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
3.2 Infrastructure Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
3.2.1 Required Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
3.2.2 OpenScape Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
3.2.2.1 MS SQL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
3.2.2.2 SSL Encryption for MS SQL Server 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
3.2.2.3 JAVA Runtime Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
3.2.2.4 WSE2.0 for SDK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
3.2.3 OpenScape Routing Dispatcher on LC Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
3.2.4 OpenScape Administrator on Client Machine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
3.2.5 MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
3.2.6 Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
3.2.7 OpenScape Trace File Accumulator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
3.2.8 OpenScape Early Deployment Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
3.2.9 End Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
3.2.10 Recommendations Based on Number of OpenScape Users . . . . . . . . . . . . . . . . 3-5
3.2.10.1 Normal Traffic Call Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
3.2.10.2 High Traffic Call Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
3.2.11 Database Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
3.3 Infrastructure Server Verification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
3.3.1 Domain Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7
3.4 Server Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8
3.5 Account/Group/Permissions Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9
3.5.1 By Network/Domain Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9
3.5.1.1 Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9
3.5.1.2 Imported AD Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11
3.5.2 By Installer/Local Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12
3.5.2.1 Account Requirements for OpenScape Management . . . . . . . . . . . . . . . . . . 3-12
3.5.2.2 Namespace Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13
3.6 SIP Phone Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15
4 Installing Live Communications Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.1 Installing the LC Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.2 Local Machine Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.3 Installing and Setting Up the Windows Messenger (WM) Client. . . . . . . . . . . . . . . . . .
4.3.1 Testing with Windows Messenger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
0-2
4-1
4-1
4-2
4-2
4-3
A31003-S5020-S100-1-7620, July 2004

5454TOC.fm
Content
4.3.2 Uninstalling Windows Messenger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4.3.3 Installing Windows Messenger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.3.4 Configuring the WM Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.4 Configuring the RTCService Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.5 LCS Setup Checklist and Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4-3
4-4
4-4
4-4
4-6
5 Active Directory Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5.1 Environment Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.2 Attributes and Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.2.1 Attributes and Objects Hierarchy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.3 Attribute Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.4 Class Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.4.1 siemensOSServices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.4.2 siemensOSServiceConnectionPoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.4.3 siemensOSGlobalContainer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.4.4 siemensOSDomain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.4.5 siemensOSTrustedService . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.5 Early Deployment Mode or Production Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5-1
5-1
5-1
5-2
5-4
5-5
5-5
5-6
5-6
5-6
5-6
5-7
6 Setting up OpenScape in Early Deployment Mode (EDM) . . . . . . . . . . . . . . . . . . . .

6.1 Installation Requirements for EDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.2 Domain and System Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.3 ADAM Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.4 EDM Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.4.1 Verifying the ADAM Schema Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.5 MIgrating from EDM to Production Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.5.1 Installation Requirements for Migration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.5.2 Migrating from ADAM to Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6.5.2.1 Checking for OpenScape Users that are members of Administrative Groups
6.5.3 Verifying the Migration from ADAM to Active Directory. . . . . . . . . . . . . . . . . . . . .
6-1
6-2
6-2
6-2
6-3
6-4
6-4
6-5
6-5
6-6
6-7
7 Setting Up a Forest in Production Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7.1 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7.2 Modifying the Enterprise Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7.3 Verifying the Enterprise Schema Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7-1
7-1
7-1
7-2
8 Preparing the OpenScape Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.2 Hints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.3 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.3.1 Installing the First OpenScape System into a Prepared Forest . . . . . . . . . . . . . .
8.3.2 Installing the Second OpenScape System into a Prepared Forest Upgrade . . . .
8.3.3 Complex Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.3.4 Brief Description of Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.4 Important . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.5 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.6 XML File for Environment Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8-1
8-1
8-1
8-2
8-2
8-3
8-4
8-6
8-7
8-8
8-8
A31003-S5020-S100-1-7620, July 2004

0-3
5454TOC.fm
Content
8.7 Root Domain Preparation and Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9

8.7.1 Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9
8.7.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9
8.7.1.2 Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10
8.7.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11
8.8 OpenScape System Domain Preparation and Verification . . . . . . . . . . . . . . . . . . . . . 8-12
8.8.1 Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12
8.8.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12
8.8.1.2 Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14
8.8.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15
8.9 User Only Domain Preparation and Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16
8.9.1 Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16
8.9.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16
8.9.1.2 Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-17
8.9.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18
8.10 Root Domain Membership and Verification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-19
8.10.1 Membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-19
8.10.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-19
8.10.1.2 Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20
8.10.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20
8.11 Domain Membership and Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20
8.11.1 Domain Membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20
8.11.1.2 Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-21
8.11.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-21
8.12 XML File for System Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-22
8.13 OpenScape System Preparation and Verification. . . . . . . . . . . . . . . . . . . . . . . . . . . 8-22
8.13.1 System Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-22
8.13.1.2 Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-24
8.13.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-27
8.14 Routing Dispatcher/LCS System Preparation and Verification . . . . . . . . . . . . . . . . . 8-28
8.14.1.2 Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-29
8.14.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-30
8.15 Media Server System Preparation and Verification . . . . . . . . . . . . . . . . . . . . . . . . . 8-30
8.15.1.2 Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-32
8.15.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33
8.16 MCU System Preparation and Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33
0-4
A31003-S5020-S100-1-7620, July 2004

5454TOC.fm
Content
8.16.1.2 Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.16.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.17 TFA System Preparation and Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.17.1 System Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.17.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . .
8.17.1.2 Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.17.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.18 EDM System Preparation and Verification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.18.1 System Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.18.1.1 Using the Environment Preparation Tool . . . . . . . . . . . . . . . . . . . . . . . . . .
8.18.1.2 Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.18.2 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8-35
8-35
8-35
8-36
8-36
8-37
8-37
8-38
8-38
8-38
8-39
8-40
9 Installing OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1 Pre-Installation Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.1 Raising the Domain Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.2 Synchronizing the Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.3 Windows Server 2003 Terminal Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.3.1 Remote Administration Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.3.2 Application Server Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.3.3 Terminal Services service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.4 Setting Up User and Administrator Cross-Functionality . . . . . . . . . . . . . . . . . . . .
9.1.5 Firewall Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.5.1 Portal Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.5.2 OpenScape Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.6 Virus Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1.7 Account Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.2 Verifying the Server Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.3 Installing the OpenScape Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.4 Verifying and Configuring Ports and Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.5 Installing OpenScape. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9-1
9-1
9-1
9-1
9-2
9-2
9-3
9-3
9-3
9-4
9-4
9-4
9-4
9-4
9-5
9-5
9-6
9-9
10 Installing OMC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.2 Installing Microsoft Hotfix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.3 Installing the OMC Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.4 Configuring the OMC, TFA and RD Snap-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.5 Configuring the OpenScape Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.6 Installing the OpenScape License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.7 Configuring the SMTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.8 Testing the OMC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.9 Symptoms and Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.10 Testing OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10-1
10-1
10-2
10-2
10-2
10-3
10-4
10-5
10-5
10-5
10-6
11 Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

11.1 OpenScape using IPSec Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
A31003-S5020-S100-1-7620, July 2004
0-5
5454TOC.fm
Content
11.2 Special Steps for SDK Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

12 Installing OpenScape MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12.1 MCU Installation Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12.2 Installing the Standalone MCU (MC and MP on same box) . . . . . . . . . . . . . . . . . . .
12.3 Installing the Standalone MCU (MC and MP(s) on different boxes) . . . . . . . . . . . . .
12.3.1 Installing MC with MP on a different box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12.3.2 Installing MP with MC on a different box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12.4 Configuring MCU SiP URI and Testing the MCU . . . . . . . . . . . . . . . . . . . . . . . . . . .
12.5 One Box Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12.5.1 Installing the MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12.5.2 Configuring the DNS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12.5.3 Configuring the MC SIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12.5.4 Configuring the LCS Route and Testing the MCU . . . . . . . . . . . . . . . . . . . . . . .
12-1
12-1
12-1
12-2
12-2
12-3
12-4
12-5
12-5
12-5
12-5
12-6
13 Installing the OpenScape Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1

14 Service Packs and Miscellaneous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14.1 Service Packs for Server Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14.2 Document Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14.3 Security Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14.4 RSA SecurID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14.5 Trace File Accumulator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14.5.1 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14.5.2 Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14.5.3 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14.5.4 Symptoms and Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14-1
14-1
14-1
14-1
14-2
14-2
14-2
14-3
14-3
14-3
15 Installing the OpenScape Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1

15.1 Installing the OpenScape Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1
15.2 OpenScape Client Registry Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2
16 Installing SIP Phones. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16.1 Configuring DNS SRV Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16.2 Obtaining a Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16.3 SIP Phone Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16.3.1 Importing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16.3.2 Verifying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16.4 LC Server Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16.4.1 Identifying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16.4.2 Verifying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16.5 OpenScape Phones Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16.5.1 Configuring Profiles for SIP Phones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16.6 Assigning OpenScape Phones from Unassigned Phones . . . . . . . . . . . . . . . . . . .
16.6.1 Phone Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16-1
16-1
16-1
16-1
16-1
16-2
16-2
16-2
16-3
16-3
16-5
16-6
16-7
17 Final Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1
0-6
A31003-S5020-S100-1-7620, July 2004

5454TOC.fm
Content
A References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
A.1 Adding Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
A.1.1 User Creation via OMC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
A.1.2 User Creation via Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
A.2 Configuring Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2
A.3 Upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4
A.4 Uninstalling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4
A.4.1 Environment Preparation Tool Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4
A.4.2 OpenScape (Main Server) Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5
A.4.3 Problems Uninstalling OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5
A.4.4 OpenScape Client Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6
A.4.5 OpenScape MCU Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6
A.4.6 Media Server Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6
A.4.7 Service Pack Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6
A.5 Creating an SRV Record on DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6
A.6 Obtaining a SIP Phone Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7
A.6.1 Creating and Issuing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7
A.6.2 Requesting (Windows 2003 Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8
A.6.3 Requesting (Windows 2000 Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-9
A.6.4 Locating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-10
B Preparing Exchange 2000/2003 for OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
B.1 Enabling WebDAV on the Exchange 2003 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
B.2 Configuring the Account Security Privileges in the Exchange Server Stores . . . . . . . B-1
B.3 Converting the SiemensIC Account into an OpenScape User . . . . . . . . . . . . . . . . . . B-4
B.4 Converting the SiemensCR Account into an OpenScape User. . . . . . . . . . . . . . . . . . B-4
B.5 Installing Schedule+FreeBusy Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-6
B.6 Portals Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-8
B.6.1 Enabling SSL in IIS on the OpenScape Server . . . . . . . . . . . . . . . . . . . . . . . . . . B-8
B.6.2 Enabling SSL for Outlook Web Access (OWA) on the Exchange Server . . . . . . . B-9
B.6.3 Opening and Verifying the Portals in Internet Explorer. . . . . . . . . . . . . . . . . . . . B-10
C Creating OpenScape Users for Media Server Routing . . . . . . . . . . . . . . . . . . . . . . . . C-1
C.1 CRDirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-1
C.2 CRForward . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-2
C.3 Creating Forwarding Rule Target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-3
D Settings Changed by the Environment Preparation Tool. . . . . . . . . . . . . . . . . . . . . . D-1
D.1 Root Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1
D.1.1 Accounts and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1
D.1.2 Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-1
D.1.3 Permissions on the Domain-DNS Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2
D.2 Child Domain Hosting OpenScape Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-2
D.2.2 Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-5
D.2.3 Permissions on the Domain-DNS Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-5
A31003-S5020-S100-1-7620, July 2004
0-7
5454TOC.fm
Content
D.2.4 Permissions on the Service Connection Point (Child of Computer Object for Computers Hosting OpenScape Core, RD, TFA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-6
D.2.5 Permissions on the EDM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-6
D.2.6 Access Rights to the OpenScape Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-6
D.2.7 Access Rights on the WMI CIM Repository (for servers hosting OpenScape Core, RD,
TFA, EDM, MCU, MS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-6
D.3 Child Domains Containing User Objects Only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-7
D.3.2 Permissions on the Domain-DNS Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-7
E IPSec Security Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-1
E.1 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-1
E.2 Creating a Custom MMC Console for IPSec Configuration . . . . . . . . . . . . . . . . . . . . . E-3
E.3 Creating a New IPSec Policy for Media Server on the Media Server Server Machine. E-4
E.3.1 Media Server to LC Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-5
E.3.2 LC Server to Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-6
E.3.3 Media Server to License Server (OpenScape) . . . . . . . . . . . . . . . . . . . . . . . . . . . E-6
E.4 Creating a New IPSec Policy for LC Server on the LC Server Machine. . . . . . . . . . . . E-8
E.4.1 LCS to Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-9
E.4.2 Media Server to LCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-9
E.4.3 LCS to MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-10
E.4.4 MCU to LCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-10
E.4.5 LCS to B2BUA (OpenScape Server) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-11
E.4.6 LCS to a Gateway that supports IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-11
E.4.7 LCS to a Gateway that does not support IPSec. . . . . . . . . . . . . . . . . . . . . . . . . . E-12
E.5 Creating a New IPSec Policy for OpenScape on the OpenScape Server Machine . . E-14
E.5.1 License Server (OpenScape) to Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . E-14
E.5.2 B2BUA (OpenScape Server) to the LCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-15
E.5.3 License Server (OpenScape) to MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-16
E.6 Creating a New IPSec Policy for MCU on MCU Server Machine . . . . . . . . . . . . . . . . E-17
E.6.1 MCU to LCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-17
E.6.2 LCS to MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-18
E.6.3 MCU to License Server (OpenScape) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-19
E.6.4 MC to MP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-19
E.6.5 MP to MC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-20
E.7 Setting the Block Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E-21
F OpenScape Installation - Tools, Utilities and Hints . . . . . . . . . . . . . . . . . . . . . . . . . .
F.1 CheckSPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F.2 MSMQ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F.3 OpenScape RTC Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F.3.1 Display Current RTC Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F.3.2 Create new RTC Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F.3.3 Set RTC Port Trusted/un-Trusted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
F.3.4 Create new Static Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
0-8
F-1
F-1
F-1
F-1
F-2
F-2
F-3
F-3
A31003-S5020-S100-1-7620, July 2004

5454TOC.fm
Content
F.3.5 Set Static Route Trusted/un-Trusted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-4

F.3.6 Create Application Uri . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-5
F.3.7 Re-Sequence Application Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-5
F.3.8 Configure All OpenScape Specific RTC Settings . . . . . . . . . . . . . . . . . . . . . . . . . F-5
F.4 OpenScape Scripting Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-6
F.4.1 Adding Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-7
F.4.2 Converting LCS Users to OpenScape Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-8
F.4.3 Displaying OpenScape Components on a Server or in a Domain . . . . . . . . . . . F-10
F.5 SOS Script Tool for Serviceability Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-13
F.6 Different Storages of User Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-13
F.6.1 HiPath OpenScape Core MSSQL Database XpSystem. . . . . . . . . . . . . . . . . . F-13
F.6.2 User Attributes in Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-13
F.6.3 HiPath OpenScape Tables in LCS (RTC) MSDE Database . . . . . . . . . . . . . . . . F-16
F.7 ConvertAdmins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-18
F.7.1 Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-19
F.7.2 Usage Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-20
G Required Licenses and Software Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . .G-1
G.1 Infrastructure Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-1
G.2 OpenScape Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-1
G.3 OpenScape Administration Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-2
G.4 MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-2
G.5 Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-3
G.6 Trace File Accumulator (TFA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-3
G.7 Early Deployment Mode (EDM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-3
G.8 Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-3
G.9 End Points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-4
G.10 OpenScape Order Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G-5
H Upgrade - Production Mode with Upgrade of Media Server Software . . . . . . . . . . . H-1
H.1 Pre-Requisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-1
H.2 Environment Preparation for Upgrade from V1-SPCR to V2 . . . . . . . . . . . . . . . . . . . H-1
H.2.1 Forest Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-1
H.2.2 Root Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-1
H.2.3 Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-1
H.2.4 Add Domain to Root Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-2
H.2.5 System Preparation - OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-2
H.2.6 System Preparation - RD (LCS Server) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-3
H.2.7 System Preparation - TFA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-3
H.2.8 System Preparation - MCU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-3
H.3 Upgrade Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-4
H.3.1 Backup the OpenScape Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-4
H.3.2 Uninstall OpenScape and keep the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . H-4
H.3.3 Check for Admins as OpenScape Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-4
H.3.4 Install OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-5
A31003-S5020-S100-1-7620, July 2004
0-9
5454TOC.fm
Content
H.3.5 Uninstall Routing Dispatcher (RTC Extension) . . . . . . . . . . . . . . . . . . . . . . . . . . . H-5

H.3.6 Install Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-6
H.3.7 Uninstall MCU (only if installed on a separate Server) . . . . . . . . . . . . . . . . . . . . . H-6
H.3.8 Install MCU (only if installed on a separate Server). . . . . . . . . . . . . . . . . . . . . . . . H-6
H.3.9 Uninstalling ComResponse V1 and V1 Third Party Software . . . . . . . . . . . . . . . . H-6
H.3.10 System Preparation - Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-7
H.3.11 Pre-installation of the Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-7
H.3.12 Install Third Party Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-7
H.3.13 Install Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-7
H.3.14 Cleanup Old Groups and Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H-8
I Upgrade - Production Mode with Re-Install of Media Server PC . . . . . . . . . . . . . . . . . I-1
I.1 Pre-Requisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-1
I.2 Environment Preparation for Upgrade from V1-SPCR to V2 . . . . . . . . . . . . . . . . . . . . . I-1
I.2.1 Forest Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-1
I.2.2 Root Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-1
I.2.3 Domain Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-1
I.2.4 Add Domain to Root Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-2
I.2.5 System Preparation - OpenScape. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-2
I.2.6 System Preparation - RD (LCS Server). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-3
I.2.7 System Preparation - TFA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-3
I.2.8 System Preparation - MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-3
I.3 Upgrade Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-4
I.3.1 Backup the OpenScape Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-4
I.3.2 Uninstall OpenScape and Keep the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-4
I.3.3 Check for Admins as OpenScape Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-4
I.3.4 Install OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-5
I.3.5 Uninstall Routing Dispatcher (RTC Extension) . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-5
I.3.6 Install Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-6
I.3.7 Uninstall MCU (only if installed on a separate Server) . . . . . . . . . . . . . . . . . . . . . . I-6
I.3.8 Install MCU (only if installed on a separate Server) . . . . . . . . . . . . . . . . . . . . . . . . I-6
I.3.9 Backup the Media Server Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-6
I.3.10 Backup User-Created Applications on Media Server . . . . . . . . . . . . . . . . . . . . . . I-6
I.3.11 Backing Up Report Files on Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-7
I.3.12 Reinstall the Operating System on the Media Server PC . . . . . . . . . . . . . . . . . . . I-8
I.3.13 System Preparation - Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-8
I.3.14 Install Third Party Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-8
I.3.15 Restoring the Media Server Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-8
I.3.16 Install Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-8
I.3.17 Restoring the User-Created Applications on the Media Server. . . . . . . . . . . . . . . I-9
I.3.18 Restoring Report Files on the Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-9
I.3.19 Cleanup Old Groups and Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-10
J Upgrade - Early Deployment Mode with Upgrade of Media Server Software. . . . . . J-1
J.1 Pre-Requisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J-1
0-10
A31003-S5020-S100-1-7620, July 2004

5454TOC.fm
Content
J.2 Environment Preparation for Upgrade from V1-SPCR to V2 . . . . . . . . . . . . . . . . . . . . .

J.2.1 Root Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.2.2 Domain Preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.2.3 Add Domain to Root Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.2.4 System Preparation EDM/ADAM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.2.5 System Preparation - OpenScape. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.2.6 System Preparation - RD (LCS Server). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.2.7 System Preparation - TFA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.2.8 System Preparation - MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.3 Upgrade Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.3.1 Backup the OpenScape Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.3.2 Uninstall OpenScape and Keep the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.3.3 Check for Admins as OpenScape Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.3.4 Install ADAM and EDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.3.5 Install OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.3.6 Uninstall Routing Dispatcher (RTC Extension) . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.3.7 Install Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.3.8 Uninstall MCU (only if installed on a separate Server) . . . . . . . . . . . . . . . . . . . . . .
J.3.9 Install MCU (only if installed on a separate Server) . . . . . . . . . . . . . . . . . . . . . . . .
J.3.10 Uninstalling ComResponse V1 and V1 Third Party Software . . . . . . . . . . . . . . . .
J.3.11 System Preparation - Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.3.12 Pre-installation of the Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.3.13 Install Third Party Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.3.14 Install Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J.3.15 Cleanup Old Groups and Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
J-1
J-1
J-1
J-2
J-2
J-2
J-3
J-3
J-3
J-4
J-4
J-4
J-4
J-5
J-5
J-6
J-6
J-6
J-6
J-6
J-7
J-8
J-8
J-8
J-8
K Upgrade - Early Deployment Mode with Re-Install of Media Server PC . . . . . . . . . . K-1

K.1 Pre-Requisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-1
K.2 Environment Preparation for Upgrade from V1-SPCR to V2. . . . . . . . . . . . . . . . . . . . K-1
K.2.1 Root Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-1
K.2.2 Domain Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-1
K.2.3 Add Domain to Root Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-2
K.2.4 System Preparation EDM/ADAM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-2
K.2.5 System Preparation - OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-2
K.2.6 System Preparation - RD (LCS Server) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-3
K.2.7 System Preparation - TFA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-3
K.2.8 System Preparation - MCU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-3
K.3 Upgrade Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-4
K.3.1 Backup the OpenScape Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-4
K.3.2 Uninstall OpenScape and Keep the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . K-4
K.3.3 Check for Admins as OpenScape Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-4
K.3.4 Install ADAM and EDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-5
K.3.5 Install OpenScape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-6
K.3.6 Uninstall Routing Dispatcher (RTC Extension) . . . . . . . . . . . . . . . . . . . . . . . . . . . K-6
K.3.7 Install Routing Dispatcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-6
A31003-S5020-S100-1-7620, July 2004
0-11
5454TOC.fm
Content
K.3.8 Uninstall MCU (only if installed on a separate Server). . . . . . . . . . . . . . . . . . . . . . K-6

K.3.9 Install MCU (only if installed on a separate Server) . . . . . . . . . . . . . . . . . . . . . . . . K-6
K.3.10 Backup the Media Server Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-6
K.3.11 Backup User-Created Applications on Media Server. . . . . . . . . . . . . . . . . . . . . . K-7
K.3.12 Backing Up Report Files on Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-8
K.3.13 Reinstall the Operating System on the Media Server PC . . . . . . . . . . . . . . . . . . K-8
K.3.14 System Preparation - Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-8
K.3.15 Install Third Party Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-9
K.3.16 Restoring the Media Server Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-9
K.3.17 Install Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-9
K.3.18 Restoring the User-created Applications on the Media Server . . . . . . . . . . . . . . K-9
K.3.19 Restoring Report Files on the Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . K-10
K.3.20 Cleanup Old Groups and Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . K-10
List of Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Y-1
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z-1
0-12
A31003-S5020-S100-1-7620, July 2004

5454noti.fm
About This Guide
Prerequisite Knowledge
About This Guide
This guide describes the installation process for HiPath OpenScape V2.0.
Check the KMOSS website at https://kmoss.icn.siemens.de for the latest version of this guide.
1.1
Prerequisite Knowledge
This guide is intended for VARs, SIs, IT Domain and Enterprise Administrators, etal to help with
the installation of OpenScape.
1.2
Purpose of This Guide
This guide provides the steps necessary to install OpenScape and its components.
1.3
How to Use This Guide
Chapter 2, Overview, provides a high-level overview of OpenScape and its components.

Chapter 3, Pre-Installation Checklist, describes the pre-installation requirements of the server
components associated with the OpenScape installation.
Chapter 4, Installing Live Communications Server, provides information about installing the
Live Communications Server (LCS).
Chapter 5, Active Directory Reference, describes the Active Directory changes needed by
OpenScape in a production mode.
Chapter 6, Setting up OpenScape in Early Deployment Mode (EDM), describes the steps to
prepare the ADAM infrastructure to host servers running OpenScape Server in EDM mode.
Chapter 7, Setting Up a Forest in Production Mode, describes the steps necessary to prepare
the forest in production mode.
Chapter 8, Preparing the OpenScape Environment, provides information about setting up the
domain and system environments for OpenScape.
Chapter 9, Installing OpenScape, provides information about installing the OpenScape acpplication.
Chapter 10, Installing OMC, describes the procedures for installing the OpenScape Management Controller (OMC).
Chapter 11, Security Settings, provides information about securing the communication between servers.
A31003-S5020-S100-1-7620, July 2004

1-1
5454noti.fm
About This Guide

How to Use This Guide
Chapter 12, Installing OpenScape MCU, describes the procedures for installing OpenScape
MCU.
Chapter 13, Installing the OpenScape Media Server, describes the procedures for installing
OpenScape Media Server.
Chapter 14, Service Packs and Miscellaneous, describes how to install the service packs and
miscellaneous features.
Chapter 15, Installing the OpenScape Client, describes the procedures for installing the
OpenScape Client.
Chapter 16, Installing SIP Phones, provides information for installing the SIP phones.
Chapter 17, Final Checklist lists the tasks necessary to complete the installation.
Appendix A, References, provides instructions used for reference.
Appendix B, Preparing Exchange 2000/2003 for OpenScape, provides instructions for preparing Exchange 2000/2003 for OpenScape by the network administrator.
Appendix C, Creating OpenScape Users for Media Server Routing provides instructions for
creating OpenScape users by the network administrator.
Appendix D, Settings Changed by the Environment Preparation Tool provides details on what
accounts, groups and permissions are set by the Environment Preparation Tool.
Appendix E, IPSec Security Settings, provides instructions on how to secure communications
between servers with Windows IPSec configured on the servers.
Appendix F, OpenScape Installation - Tools, Utilities and Hints provides tools, utilities and
hints for installing OpenScape.
Appendix G, Required Licenses and Software Prerequisites describes the required licenses
and software pre-requisites. This section will go into the Planning Guide when it is available.
Appendix H, Upgrade - Production Mode with Upgrade of Media Server Software describes
the procedure for upgrading from V1 SPCR to V2 in a Production Mode with Upgrade of Media
Server Software.
Appendix I, Upgrade - Production Mode with Re-Install of Media Server PC describes the procedure for upgrading from V1 SPCR to V2 in a Production Mode with re-installation of the Media Server PC.
Appendix J, Upgrade - Early Deployment Mode with Upgrade of Media Server Software describes the procedure for upgrading from V1 SPCR to V2 in an Early Deployment Mode with
Upgrade of Media Server Software.
Appendix K, Upgrade - Early Deployment Mode with Re-Install of Media Server PC describes
the procedure for upgrading from V1 SPCR to V2 in an Early Deployment Mode with re-installation of the Media Server PC.
1-2
A31003-S5020-S100-1-7620, July 2004

5454noti.fm
About This Guide

Related Information
This guide also includes Abbreviations and Index.
1.4
Related Information
The following information sources are available for HiPath OpenScape V2.0:
Online help provides explanations covering all areas of the user interface.
HiPath OpenScape V2.0 Administration Guide, A31003-S5020-A900, provides the user

with detailed information on how to administer OpenScape.
HiPath OpenScape User Guide, A31003-S5020-A100
HiPath OpenScape Project Planning Guide, A31003-S5020-A300
HiPath OpenScape Media Server V2.0 Installation Guide, A31003-S5020-S200
HiPath OpenScape V2.0 System Description, A31003-S5020-A400, provides the user with
a system description of OpenScape.
1.5
Documentation Feedback
To report a problem with this document, call your next level of support:
When you call, be sure to include the following information. This will help identify which document you are having problems with.
Title: HiPath OpenScape V2.0, Installation Guide
Order Number: A31003-S5020-S100-1-7620
A31003-S5020-S100-1-7620, July 2004

1-3
5454noti.fm
About This Guide

Documentation Feedback
1-4
A31003-S5020-S100-1-7620, July 2004

5454ovw.fm
Overview
Upgrades from V1 SPCR to V2
Overview
This section provides an overview of the installation of an OpenScape system as well as upgrades. It covers the components and applications that comprise the OpenScape system and
information regarding system wide configurations.
2.1
Upgrades from V1 SPCR to V2
There are 4 different scenarios depending on Production Mode vs. Early Deployment Mode
(see Section 2.2.1.8) and whether the Media Server will be re-installed or just upgraded. Reinstallation is required if the current operating system for the Media Server is a non-US
English version of Win 2K Advanced.
2.1.1
Production Mode with Upgrade of Media Server Software
Refer to Appendix H, Upgrade - Production Mode with Upgrade of Media Server Software.
2.1.2
Production Mode with Re-installation of Media Server PC
Refer to Appendix I, Upgrade - Production Mode with Re-Install of Media Server PC.
2.1.3
Early Deployment Mode with Upgrade of Media Server Software
Refer to Appendix J, Upgrade - Early Deployment Mode with Upgrade of Media Server Software.
2.1.4
Early Deployment Mode with Re-installation of Media Server PC
Refer to Appendix K, Upgrade - Early Deployment Mode with Re-Install of Media Server PC.
2.2
System Components
2.2.1
OpenScape Components
2.2.1.1
OpenScape Application Server
The OpenScape Application Server consists of the OpenScape Base components and Applications. The SDK feature can be installed on this Server.
A31003-S5020-S100-1-7620, July 2004

2-1
5454ovw.fm
Overview
System Components
2.2.1.2
OpenScape Routing Dispatcher
This Dispatcher is an extension that must be installed on the LC Server. In V1.0, this was part
of the OpenScape Application Server installation.
2.2.1.3
OpenScape Management Console (OMC)
This is the management interface for the OpenScape system.

2.2.1.4
OpenScape MCU (Multipoint Control Unit)
This is a Siemens product that is a component of OpenScape. The MCU is composed of one
Multipoint Controller (MC) and up to 4 Media Processors (MPs).
2.2.1.5
OpenScape Media Server
This is a Siemens product that although integrated with OpenScape, may be sold separately.
2.2.1.6
OpenScape Client
This is the end-user interface to OpenScape.

2.2.1.7
OpenScape Trace File Accumulator (TFA)
This installation package is new in V2.0 and provides the capability to retrieve trace files from
computers with OpenScape components.
2.2.1.8
OpenScape Early Deployment Mode (EDM)
This installation package is used only for Early Deployment Mode. This is used if the customer
does not extend the Active Directory Enterprise Schema with the Siemens attributes (this is
done in the Production Mode).
2.2.1.9
OpenScape Environment Preparation Tool
This tool prepares the environment for OpenScape components to be installed. Note some
steps are different if the customer is in Early Deployment Mode (i.e. /EDM switch)
2.2.1.10
OpenScape Forest Preparation Tool
This tool prepares the forest for OpenScape components to be installed in a production mode.
In V2.0, the Forest, besides the Domains and all Systems, needs to be prepared prior to the
OpenScape installation.
2-2
A31003-S5020-S100-1-7620, July 2004

5454ovw.fm
2.2.1.11
Overview
System Components
SIP Phones
This is a Siemens product that although integrated with OpenScape, may be sold separately
2.2.2
Non-Siemens Prerequisite Components
2.2.2.1
Active Directory
OpenScape will use the customers existing Active Directory for identifying OpenScape users.
2.2.2.2
Windows Server 2003 Active Directory Application Mode (ADAM)
ADAM is a Lightweight Directory Access Protocol (LDAP) directory service that runs as a user
server, rather than as a system service. It is used before OpenScape is deployed into production mode. With ADAM, the AD schema does not need to be extended.
2.2.2.3
Microsoft SQL Server
OpenScape requires a separate instance of MS SQL Server 2000. The installation of this instance is the responsibility of the customer. This instance name has to be provided as input
during OpenScape installation.
2.2.2.4
Microsoft Office LC Server
OpenScape will use the customers existing LC (Live Communications) Server. Installation of
the first instance of LC Server (LCS) will extend the AD schema.
2.2.2.5
Microsoft Exchange 2000/2003
OpenScape will use the customers existing MS Exchange.

2.2.2.6
Microsoft Windows Server 2003
OpenScape requires MS Windows Server 2003 for functionality. This is a prerequisite for the
OpenScape Application server.
2.2.2.7
Microsoft .NET Framework V1.1
OpenScape applications require the .NET Framework for functionality. MS .NET Framework 1.1
is a prerequisite for the OpenScape Application server, Media Server, TFA, RD, MCU and
OMC. It is also required on the machine where the Environment Preparation or Forest Preparation will be performed.
A31003-S5020-S100-1-7620, July 2004

2-3
5454ovw.fm
Overview
OpenScape Configurations
2.2.2.8
Microsoft Web Service Enhancements (WSE) 2.0
WSE 2.0 is a Microsoft .NET product that is required. Microsoft WSE 2.0 can be installed from
http://msdn.microsoft.com/webservices/building/wse/default.aspx. During installation, select
the option to install the Administrator setup type.
2.3
Version 2 of HiPath OpenScape supports a broad variety of deployment options, which are dependent on customer environments and functional requirements.
An OpenScape Application deployment requires various components:
Infrastructure components in the IT environment, which are software and network

components
OpenScape Application components, which are software components installed on

Windows servers
Additional devices or clients, which are used by the user or the system to connect to
the current communication infrastructure and to the OpenScape application
Multiple OpenScape systems can be deployed in the network as well. However, the features
are not completely transparent in such an environment. Mainly, the users of a other OpenScape
are handled like external users and information (like presence information) is not shared between different OpenScape systems.
2.3.1
Infrastructure Components
OpenScape is an application based on the Live Communication Service (LCS) product of Microsoft and requires
An TCP/IP network installation with Active Directory on Windows 2000 or 2003
One or many LCS installations (on Windows 2003)
One or many Microsoft Front End server (FES) (optional installation)
One or many Microsoft Exchange 2000 or 2003
Microsoft SQL Server 2000 (MS-SQL)
OpenScape installation requires Active Directory schema extensions. If the customer does not
allow Active Directory changes the system needs to be deployed in Early Deployment Mode,
which does require additional software components, but does not require a schema change in
Active Directory.
LCS deployments require Active Directory schema changes as well and are still required.
2-4
A31003-S5020-S100-1-7620, July 2004

5454ovw.fm
2.3.1.1
Overview
Production Mode vs. Early Deployment Mode
Production Mode: This is the recommended mode. OpenScape schema extensions to the Active Directory are configured.
Early Deployment Mode: This mode can be used as alternative when the customer does not
allow the Active Directory to be extended for HiPath OpenScape. Note that LCS schema extensions are still required.
There can only be one mode for the whole Active Directory forest at a given time. It is possible
to migrate from EDM to Production Mode once the Active Directory schema can be extended.
The advantage of running HiPath OpenScape in Production Mode is better performance especially in a larger deployment in terms of number of users and multiple locations.
Using the Early Deployment Mode requires the following additional components
Microsoft Active Directory for Early Deployment (ADAM) on Windows 2003
OpenScape Early Deployment Active Directory Connector (EDM) on Windows 2003
2.3.2
OpenScape Application Components
The following components comprise the OpenScape Application
Management Console (OMC) on Windows 2000 or 2003 or XP Pro
OpenScape Application (OS-Core) on Windows 2003
Routing Dispatcher (RD) on Windows 2003
Multi Conferencing Unit - Controller (MC) on Windows 2003
Multi Conferencing Unit Processor (MP) on Windows 2003
Media Server Application (MS) on Windows 2000 Advanced
Trace File Accumulator on Windows 2003 or XP pro
The distribution of the various components is completely flexible, but is dependent on
operating system requirements
performance of the hardware
required performance of the application (number of users and traffic model)
2.3.3
Additional Devices and Components
In addition the following components can be deployed
SIP Gateways
A31003-S5020-S100-1-7620, July 2004

2-5
5454ovw.fm
Overview
SIP phones
Windows Messenger 5.0
OpenScape Client
The portal interface does not require any client installation. However, for Outlook or
Messenger integration OpenScape client installation is necessary.
2.3.4
Deployment Rules
There is a set of rules which need to be adhered to for the system to work successful. The next
section depicts then more concrete implementation scenarios.
1.
All components need to be installed in the same (Active Directory) forest.
That includes the server components
LCS,FES, OS-Core, MS-SQL, MS, MCU (MC, MP)
And users (with clients or SIP phones), OMC, Gateways
2.
All server components of one OpenScape system need to be installed in the same domain
with the exception of RD (see rules 5 and 6 below).
3.
An OpenScape installation requires one or more LCS installation in the same forest
The Microsoft deployment guide for LCS / FES applies
4.
Multiple OpenScape systems can be deployed in the same or different domains.
5.
The Routing Dispatcher (RD) needs to be installed on each LCS in the forest.
An RD installation is not required if
all users of this particular LCS are not users of OpenScape;
these users are not involved in calls with OpenScape users.
For that reason it is recommended to install RD on all LCS of this forest.

6.
The RD should be installed on an FES.
7.
The LCS can be installed in a different domain (implies also to RD in rule 5.).
8.
Users on multiple LCS in different domains can be supported with one OpenScape installation and as well with multiple OpenScape installations.
9.
OMC can be installed in different domains (there is always an OMC installed on the OSCore system) of the same forest.
10. All Windows 2003 components can be installed on the same server or separate servers.
This includes:
2-6
A31003-S5020-S100-1-7620, July 2004

5454ovw.fm
LCS with RD
MS-SQL
OS-Core
MCU-MC
MCU-MP
TFA
EDM
OMC
Overview
11. An existing MS-SQL 2000 installation can be extended to be used for an OpenScape installation.
12. An MCU-MC does not require a separate server and should reside with one MCU-MP.
13. MCU-MP residing on a separate machine guarantees voice quality in a higher traffic model
scenario. Up to 4 MPs can be deployed, but a single MP is only bound by the CPU performance and will not limit itself to 72 channels. E.g. a dual processor machine can support
144 channels.
14. There is only one MS per OpenScape system installation.
15. MS requires Windows 2000 Advanced. It is not recommended to install additional software
components on this server.
16. Multiple Exchange servers are supported, but
All need to have the same version (2000 or 2003)
Each Exchange server can be configured with a different language
2.3.5
Deployment Models
The deployment rules allow a wide variety of configurations.

The figure shows complete configurations with minimum and maximum number of servers.
A31003-S5020-S100-1-7620, July 2004

2-7
5454ovw.fm
Overview
Figure 2-1
2-8
Minimum Complete Server Configuration
A31003-S5020-S100-1-7620, July 2004

5454ovw.fm
Figure 2-2
Overview
Maximum Complete Server Configuration
A31003-S5020-S100-1-7620, July 2004

2-9
5454ovw.fm
Overview
2.3.6
Typical Configurations
The following table allows to identify typical configurations based on the number of users and
the traffic model. The normal traffic model assumes a call volume of 3 calls per user per hour
and the high traffic model assumes a call volume of 6 calls per user per hour.
Traffic Scenario
100/250 Users
Normal
High
Table 2-1
>
Machine 1
OS-Core
LCS + RD
MS-SQL
MCU (MC+MP)
TFA
EDM (optional)
Machine 2
Media Server
Machine 1
OS-Core
LCS + RD
MS-SQL
Machine 2
Media Server
Machine 3
MCU (MC+MP)
500/750 Users
Machine 1
OS-Core
LCS + RD
MS-SQL
Machine 2
Media Server
Machine 3
MCU (MC+MP)
Machines 4, 5, 6 (if required)
for additional MPs
Machine 1
LCS + RD
Machine 2
OS-Core
MS-SQL
Machine 3
Media Server
Machine 4
MCU (MC+MP)
Machines 5, 6, 7(if required)
for additional MPs
Typical Configurations
Note: The administrative components (i.e. TFA, OMC) can be installed on a separate machine or on a machine with other OpenScape components.
Also, the Routing Dispatcher (RD) must be installed separately on the LC Server.
The OMC, TFA snap-in and RD snap-in can be installed anywhere in the same AD
forest as the OpenScape server, on any Windows XP or Server 2003 machine.
2-10
A31003-S5020-S100-1-7620, July 2004

5454ovw.fm
2.4
Overview
Installation Overview
Since this document is not intended to supersede the Microsoft documentation and recommendations for system configuration, the Microsoft documentation should be used as a primary
guide for setting up a system infrastructure. The relevant documentation includes:
Active Directory Deployment:
http://www.microsoft.com/serviceproviders/deployment/ad.asp
Exchange 2000 Deployment:
http://www.microsoft.com/serviceproviders/deployment/
exchange_2000_ASP_deploykitP58584.asp
LC Server Deployment:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/office/livecomm2003/default.asp
>
Note: Due to the .NET version dependencies of the system the MCU and OpenScape must be at the same version level at the time of installation
This means that it is imperative to install the MCU after OpenScape has been
installed, but before any service packs are applied to the OpenScape System.
OpenScape installation software is supplied on multiple CDs as follows:
OpenScape Installation Programs CD contains:
OpenScape
OpenScape Client
OpenScape EDM
OpenScape Environment Preparation Tool
OpenScape Forest Preparation Tool
OpenScape MC
OpenScape MCU
OpenScape Media Server
OpenScape RD
OpenScape TFA
Third Party Software CD contains 3rd Party Software required for the OpenScape applications (there are different versions of this CD for the various languages supported including
US English, UK English and German);
A31003-S5020-S100-1-7620, July 2004

2-11
5454ovw.fm
Overview
OpenScape XX 3rd Party Software CD contains 3rd party software to be installed on German and UK English Media Server systems;
Service Pack CD contains OpenScape Service Packs and documentation.
>
Note: For the period of installation, the OpenScape system will be non-operational.
OpenScape installation however does not require the shutdown (restart) of the customers Infrastructure (Domain Controller, Active Directory, Exchange), or LC Server
components.
If applicable, perform an upgrade from V1 SPCR to V2 depending on the scenario:
Production Mode
With Upgrade of Media Server Software
With Re-installation of Media Server PC
Early Deployment Mode
With Upgrade of Media Server Software
With Re-installation of Media Server PC
Perform a new installation in the following steps:
Pre-Installation Checklist
Verify components
Verify infrastructure servers (versions, topologies and configurations)
Install the Live Communications (LC) Server if not already existing
Install MS SQL Server Instance if not already existing
Obtain SIP phone data if applicable
Prepare the OpenScape environment using the Environment Preparation Tool
Prepare the Forest by running the ForestSetup executable file
Enter all the necessary and required data into the config.xml file for environment preparation
Prepare all Domains and Systems hosting OpenScape applications by running the EnvironmentSetup executable file; be sure to copy the updated config.xml file to all systems where the preparation is to be performed.
Install OpenScape Server
Install OpenScape Routing Dispatcher
Configure ports and routes from LC Server
2-12
A31003-S5020-S100-1-7620, July 2004

5454ovw.fm
Overview
OpenScape Licenses
Install OpenScape Management Console (OMC)
Configure certificates
Perform Security Settings
Install MCU
Install Media Server
Install service packs and other items
Install OpenScape Client
Install SIP Phones
Verify OpenScape interoperability
Troubleshooting
2.5
OpenScape Licenses
The OpenScape systems are delivered with temporary licenses (licenses.txt). A grace period
of 7 days is given with these temporary licenses. A permanent or evaluation license must be
used within 7 days. Customer have the option of purchasing full licenses listed in these tables.
2.5.1
Existing Licenses from V1.0
Feature
License Names License

Type
Communication
Broker Users
Table 2-2
Communication_ Count
Broker
System
Maximum
Count
2000
Consequences when count is

exceeded (n+1), or when License is off
The VA will not instantiate the
n+1 user, meaning calls to that
user will not follow their rules.
Log-in to a portal would still be
possible. Note: to avoid this situation, OMC will: (a) not allow configuration of the n+1 user (b) not
allow installation of a license file
with less Com Broker licenses
than users configured in the system.
OpenScape License Options - Existing Licenses from V1
A31003-S5020-S100-1-7620, July 2004

2-13
5454ovw.fm
Overview
OpenScape Licenses
Feature
License Names
License
Type
System
Maximum
Count

Voice Conference Voice_Conf_Ses Count

Ports
sions
288
The MCU will reject the n+1 call.

Note: The MCU checks out all the
installed licenses at once at startup and manages them on its own.
Media Server
Ports (VOS01010501-x.x.x)
SIP_Interaction_ Count
Sessions
250
Either the call is not answered or

the caller will hear a message the
system is busy
TTS Ports
Text_To_Speech Count
250

system is busy
ASR Ports
Auto_Speech_R
ecognition
Count
250

system is busy
Media Server
VoiceAndSelfServePortals
On/Off
N/A

system is busy
Auto-Answer for
Media Server
Auto_Answering
On/Off
N/A

system is busy
Voice Conferenc- Voice_Conferenc On/Off

ing
ing
N/A
The MCU will not accept any calls
Service License
N/A
N/A
Table 2-2
2-14
N/A
On/Off
OpenScape License Options - Existing Licenses from V1
A31003-S5020-S100-1-7620, July 2004

5454ovw.fm
Overview
OpenScape Licenses
2.5.2
New Licenses in V2.0
Feature

Type
System
Maximum
Count

Media Server
TDM_Interaction Count
TDM Ports
_Sessions
(VOS-01010301X.X.X)
288

system is busy
Media Server In- VoicePortal_w_S On/Off

teraction Center peech
with Speech Enabled
N/A

system is busy
Media Server
VXML Platform
Browser (VOS01040001-x.x.x)
VXML_Sessions Count
250

system is busy
Media Server
SALT Platform
Browser (VOS01040002-x.x.x)
SALT_Sessions
Count
250

system is busy
SDK Runtime
Package
SDK_Runtime
On/Off
N/A
No requested web service will

come up (initialization of web services will fail). Entry in error log,
exception returned to client.
CSTA III SDK
CSTA_III_SDK_
Runtime
On/Off
N/A
CSTA web service will not come

up (initialization of web service
will fail). Entry in error log, exception returned to client.
XA SDK
XA_SDK_Runtim On/Off
e
N/A
XA web service will not come up

(initialization of web service will
fail). Entry in error log, exception
returned to client.
User Notification UNS_SDK_Runti On/Off

Service SDK
me
N/A
User Notification web service will

not come up (initialization of web
service will fail). Entry in error log,
exception returned to client.
A31003-S5020-S100-1-7620, July 2004

2-15
5454ovw.fm
Overview
OpenScape Licenses
Feature
License Names
License
Type
System
Maximum
Count

Web Conferencing SPI
Web_Conf_SPI_ On/Off
Runtime
N/A
Web Conferencing web service

will not come up (initialization of
web service will fail). Entry in error
log, exception returned to client.
Vocalocity Management Server

License (VOS02010001-x.x.x)
VC_MgmtServer Count

system is busy
Vocalocity Client VC_MgmtGUICli Count

GUI License
ent
(VOS-02010001x.x.x)

system is busy
Vocalocity Report VC_ReportServe Count

Server License
r
(VOS-02010001x.x.x)

system is busy
Vocalocity Report VC_ReportClient Count

Client License
(VOS-02010001x.x.x)

system is busy
Speech Works
SW_TTSSession Count
Sessions for TTS s
(VOS-02010001x.x.x)
250

system is busy
Speech Works
SW_ASRSessio
Sessions for ASR ns
(VOS-02010001x.x.x)
250

system is busy
2000
This license type is not used by

any software components in the
V2.0 timeframe but is introduced
only for packaging and pricing
purposes.
Count
Collaboration Us- Collaboration_Us Count

ers
er
2-16
A31003-S5020-S100-1-7620, July 2004

5454ovw.fm
Overview
OpenScape Licenses
Feature

Type
System
Maximum
Count

Direct Voice Access Users
DirectVoiceAccessUser
Count
2000

purposes.
Guest Access
Enabling User
GuestAccessEn- Count
ablingUser
2000

purposes.
Nuance Java
Nuance_ASRSe Count
Recognition Ex- ssions
tension Point
(VOS-02010001x.x.x)
250
To be determined at such time this

license is actually used.
Nuance TTS Ex- Nuance_TTSSes Count

tension Point
sions
(VOS-02010001x.x.x)
250

Control Center
VC_CCServer
Server (Distributed) (VOS02010001-x.x.x)
Count

Control Center
VC_CCClient
GUI Client (Full)
(VOS-02010001x.x.x)
Count

Info Center Serv- VC_InfoCenterS

er (Distributed)
erver
(VOS-02010001x.x.x)
Count

Info Center GUI VC_InfoCenterCli Count

Client (Full)
ent
(VOS-02010001x.x.x)

A31003-S5020-S100-1-7620, July 2004

2-17
5454ovw.fm
Overview
Non-OpenScape Licenses
Feature
License Names
License
Type
System
Maximum
Count

App Center Serv- VC_AppCenterS Count

er (VOServer
02010001-x.x.x)

App Center Client VC_AppCenterCl Count

(VOS-02010001- ient
x.x.x)

Figure 2-3
2.6
New Licenses in V2.0
Non-OpenScape Licenses
The following license can be acquired separately from OpenScape:
MS SQL server
Windows Server 2003
LC Server
SIP gateway components. Any relevant licensing costs are included the hardware price.
2-18
A31003-S5020-S100-1-7620, July 2004

5454pre.fm
Recommended Hardware Requirements
This section describes the pre-installation checklist that must be performed before starting the
installation.
3.1
Recommended Hardware Requirements
Follow Microsoft hardware recommendations based on O/S. Ensure that the recommended requirements are followed as opposed to the minimum requirements.
3.2
Infrastructure Requirements
>
It is the customers responsibility to install, in accordance with Microsofts operating

system software program guidelines, Microsoft service packages and hot fixes, on
their network servers and technology-related assets including Siemens products.
>
Check the latest OpenScape Release Note for information on the current software versions and service packs used for OpenScape as well as for Microsoft
and third party software. This Note is located on the KMOSS website, https://
kmoss.icn.siemens.de.
3.2.1
Required Infrastructure
Component/Environment
MS .NET Framework
MS Exchange Server 2000/2003
MS Office Live Communications Server
MS Windows Server 2003 or MS Windows 2000 Server - Standard or Enterprise Edition
Table 3-1
3.2.2

HiPath OpenScape Base Server

HiPath OpenScape Management Console
Table 3-2
OpenScape Application Server Requirements
A31003-S5020-S100-1-7620, July 2004

3-1
5454pre.fm
MS Windows Server 2003 - Standard or Enterprise Edition
MS .NET Framework
Sun Java 2 Runtime Environment
MS SQL Server 2000 and SP3 - Standard or Enterprise Edition
MS Message Queue Service (MSMQ)
Microsoft ASP.NET
Microsoft IIS
Microsoft Management and Monitoring Tools
Table 3-2
3.2.2.1
OpenScape Application Server Requirements

MS SQL Server
OpenScape requires a separate instance of MS SQL Server 2000. Installation of this instance
is the responsibility of the customer. This instance name has to be provided as input during
OpenScape installation. This instance should not be installed with the Local System account
but with a domain user account with local administrative privileges on the SQL Server.
If MS SQL Server is on a separate server (i.e. remote) from OpenScape, the following additional steps need to be done:
The domain user account that the SQL Server instance is running as should be added to
the local Administrators group of the OpenScape Server.
Microsoft SQL Server Data Engine (MSDE) should be installed by the network administrator on the OpenScape server.
>
3.2.2.2
If the OpenScape system is to be installed in a German environment, ensure that

the SQL server installation is Unicode compliant in order to preserve German characters correctly.
SSL Encryption for MS SQL Server 2000
SSL client side encryption is used to access the MS SQL Server. The MS SQL Server must
have the server certificate which is exported and imported to the client machine. To allow encryption, refer to the following MS links:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;316898
http://support.microsoft.com/default.aspx?scid=kb;EN-US;276553
3-2
A31003-S5020-S100-1-7620, July 2004

5454pre.fm
>
3.2.2.3
After installing the certificate, MS SQL Server needs to be restarted. This restart
must be done regardless of whether SQL Server is co-located on the OpenScape
Main server or on a remote server.
JAVA Runtime Environment
The CAP License Server (CLT) requires the Java 2 Runtime Environment SE. This package is
available from the third party software CD.
3.2.2.4
WSE2.0 for SDK
If you are installing OpenScape and want to use the SDK feature, Microsofts WSE2.0 must be
installed prior to the OpenScape installation. Microsoft WSE 2.0 can be installed from http://
msdn.microsoft.com/webservices/building/wse/default.aspx. During installation, select the option to install the Administrator setup type.
3.2.3
OpenScape Routing Dispatcher on LC Server

HiPath OpenScape RD
MS Windows Server 2003 - Standard or Enterprise Edition
MSMQ
Table 3-3
3.2.4
RD Requirements
OpenScape Administrator on Client Machine

HiPath OpenScape Management Console

MS .NET Framework
MS Windows 2000 or MS Windows XP Professional or Windows Server 2003
MSMQ
Table 3-4
OpenScape Administrator on Client Machine Requirements
A31003-S5020-S100-1-7620, July 2004

3-3
5454pre.fm
3.2.5
MCU
MS .NET Framework
MS Windows Server 2003 Standard or Enterprise Edition
HiPath OpenScape MCU
Table 3-5
3.2.6
MCU Requirements
Media Server
HiPath OpenScape Media Server

Siemens HiPath CAP Fault Management
Microsoft IE Web Controls
Sun Java 2 Runtime Environment
Microsoft MDAC
MS .NET Framework including Rollup Hotfix KB821156
MS Windows Server 2000 Advanced, SP4 or higher
MSDE 2000
ScanSoft OSR including language dependent part
VocalOS
ScanSoft Speechify core
ScanSoft Mara (US-English)
ScanSoft Tessa (DE-German)
ScanSoft Helen (GB-English)
Table 3-6
3.2.7
Media Server Requirements
OpenScape Trace File Accumulator

MS .NET Framework
MS Windows Server 2003 or Windows XP Professional
HiPath OpenScape TFA
3-4
A31003-S5020-S100-1-7620, July 2004

5454pre.fm
Table 3-7
TFA Requirements
3.2.8
OpenScape Early Deployment Mode

MS .NET Framework
MS Windows Server 2003 or Windows XP Professional
HiPath OpenScape EDM
Windows Server 2003 Active Directory Application Mode
Table 3-8
EDM Requirements
3.2.9
End Points
Endpoints
OptiPoint 400 - Siemens SIP Phone

Windows Messenger
MS Windows 2000 or
MS Windows XP Professional
Table 3-9
Endpoints
3.2.10
Recommendations Based on Number of OpenScape Users
3.2.10.1
Normal Traffic Call Model
Assumption: (3 events per user per hour) where events include phone calls, portal calls, instant messages and status changes)
Server
100/250 Users
Processor/Memory/HD
500/750 Users
Processor/Memory/HD
OpenScape Server
P4/2 GB/
P4 Xeon/2 GB
MCU server
P4/1 GB/>10GB HD
P4/1 GB (1 - 2 servers*)
Media server
P4/2GB/>18 GB HD
two P4 Xeon/2 GB
LC Server/MS SQL (optional Yes on Xeon

on OS server)
Table 3-10
Yes, if dual processor
Recommended hardware requirements - Normal Traffic Call Model
A31003-S5020-S100-1-7620, July 2004

3-5
5454pre.fm
Infrastructure Server Verification
Note: * The number of MP servers is dependent on the amount of conference resources used
(also multiprocessors units can be used).
Minimal configuration: The OpenScape, MCU, LCS and MS SQL can be installed on the
same server (P4 Xeon/2 GB). The Media Server needs to be on a separate 2nd server (P4/2
GB).
3.2.10.2
High Traffic Call Model
Assumption: (6 events per user per hour) where events include phone calls, portal calls, instant messages and status changes)
Server
100/250 Users
Processor/Memory/HD
500/750 Users
Processor/Memory/HD
OpenScape Server
P4/2 GB/
two P4 Xeon/2 GB
MCU server
P4/1 GB/>10GB HD
P4/1 GB (1 - 2 servers*)
Media server
P4/2GB/>18 GB HD
four P4 Xeon/2 GB
LC Server/MS SQL (optional Yes on Xeon

on OS server)
Table 3-11
Yes, if dual processor
Recommended hardware requirements - High Traffic Call Model
Note: * The number of MP servers is dependent on the amount of conference resources used
(also multiprocessors units can be used).
3.2.11
Database Size
To determine the size of the OpenScape database needed during OpenScape installation
(Section 9.5, Installing OpenScape, on page 9-9), ask the Network Administrator to provide
1.
the number of OpenScape users that are planned for the system - ___________
2.
the number of months of call records that will be kept - _____________
The minimum size = (number of users/2) + ((number of users * number of months)/20).

For example, for 250 users and 3 months of call records, the minimum size = 250/2 + ((250 *
3)/20) MB = 163 MB.
3.3
The first step in preparation for installation of the system is to determine whether the infrastructure and configuration meets the OpenScape requirements.
3-6
A31003-S5020-S100-1-7620, July 2004

5454pre.fm
1.
Confirm configuration of the system (Section 2.3.6, Typical Configurations, on page 2-10)
- THIS SHOULD BE TOLD BY PROJECT MANAGER.
2.
Verify the Infrastructure components (Exchange, AD) are appropriate versions.
3.
Confirm that users exist in AD and map, based on topology, to the planned OpenScape users.
>
Note1: There currently exists a restriction with the VegaStream gateway (pre R5.1
T017) that the fully qualified domain name of the LCS/OpenScape server may only
be a maximum of 31 characters. If this gateway is to be used with OpenScape, this
length restriction must be applied.
>
Note2: The IP address for the LCS/OpenScape server should be static.
3.3.1
Domain Mode
OpenScape requires installation in a domain that is at native functionality mode or higher.

By default, when a Windows 2000 Server or Windows Server 2003 DC is installed, it is created
in mixed-mode. OpenScape has a requirement for the domain in which it is to be installed to be
in native-mode or higher. This elevation of domain mode provides additional security features.
The particular feature that OpenScape requires is the enhanced scope of the Domain Local Security Group. This feature exists in native mode and above (i.e. 2003).
Raising the domain functionality is a manual step that must be performed with an account that
possesses Domain Administrator privilege. This is a non-reversible change. To raise the domain functionality, select the target domain in Active Directory Domains and Trusts console.
Right click and select Raise Domain Functional Level.
If for whatever reason it is not possible to raise functionality of a production domain, the
workaround is to create a new resource domain for OpenScape. This resource domain is a new
child domain in the forest, which has been elevated to native-mode and contains the OpenScape Servers (Application, Conferencing and Media) as well as LCS. This resource domain
need not have any OpenScape users in it.
A31003-S5020-S100-1-7620, July 2004

3-7
5454pre.fm
Server Information
3.4
Server Information
Have the customers network administrator fill out the following tables.
System Name
(SystemID*)
Domain
Name
Fully Qualified Domain

Name (FQDN)
IP Address
Voice Portal
Extension
OpenScape
LC Server
N/A
Exchange
2000/2003
N/A
MS SQL
Server
N/A
MCU
N/A
MC (if separate from MP)
N/A
MP
N/A
MP(optional)
N/A
MP(optional)
N/A
MP(optional)
N/A
OMC
N/A
Gateway
N/A
Root Domain
Table 3-12
N/A
N/A
N/A
N/A
Server Information
*NOTE: The systemID is a maximum 11 alphanumeric characters in length.
3-8
A31003-S5020-S100-1-7620, July 2004

5454pre.fm
Account/Group/Permissions Configuration
Application
(Server Machine)
Description
LC server machine
Trusted port number on LCS
B2BUA (OpenScape)
Port number configured on B2BUA for SIP messages from LCS (default is 21020)
License Server (OpenScape)
Port number configured for License Server (default is 50000)
Media Server
Port Number configured on Media Server to receive SIP messages from LCS (default is 5060)
MCU (MCU)
Port number configured on MCU to receive SIP

messages from MC (default is 5060)
Table 3-13
3.5
Port Number
Port Number information for Block Rule
OpenScape requires the creation of users and groups as well as permissions configuration prior to installation of the system.
The Environment Preparation Tool is used for this and will be performed in Chapter 8 after installing the LC Server; however, some accounts still need to be created manually.
OpenScape is supported only in native mode or higher domains because there are two groups
that require support of users in multiple domains. In native mode or higher, the Domain Local
Group has scope over multiple domains.
>
To comply with Windows 2000, the user and group names should be no longer than
20 characters.
Some tasks are done by the customers network administrator and some are done by the installer. Also, some tasks like Forest Prep, root domain prep/add are done by the enterprise administrator using the Environment Preparation Tool.
3.5.1
By Network/Domain Administrator
3.5.1.1
Accounts
Some accounts are identified as assigned during Chapter 8. Refer to Appendix D, Settings
Changed by the Environment Preparation Tool for a description of the accounts created as well
as groups such as OpenScape Service, OpenScape User and OpenScape Admin.
A31003-S5020-S100-1-7620, July 2004

3-9
5454pre.fm
The network administrator must also work with the site telecom administrator to obtain extension numbers for the specified accounts in the table.
Account Name
OSsvc*
(Core Account or Service
Account)
Password
Extn.
no.
_________ N/A
Group
Membership
See Appendix D
Description
OSWeb*
_________ N/A
See Appendix D
<systemID>OSRTP*
_________ N/A
See Appendix D
Used for services

Used by UNS as
LCS user; LCS User* configuration
required - see below
Portals also use
this account
Used to get RTP
data from LCS
LCS User*
<systemID>UNS*
________
N/A
See Appendix D
LCSInstaller
________
N/A
- Domain admin
privileges
- Active Directory
schema modification privileges
Used only for LCS

installation (and
un-installation)
<osinstaller> (Should be ________

created by network administrator. Assigned in Chapter 8)
N/A
See Appendix D
Used for installation of OpenScape,

OMC, MCU & Media Server
<systemID>SiemensIC*
_______ See Appendix Dr

_
Media Server
See Appendix B
_______ See Appendix D

_

_

_
________
<systemID>SiemensCR* ________
<systemID>CRDirect*
________
<systemID>CRForward* ________
Media Server
See Appendix B
Media Server
See Appendix C
Media Server
See Appendix C
* - These accounts are created by the Environment Preparation Tool - see Chapter 8
Table 3-14
3-10
Accounts Created by Network Administrator
A31003-S5020-S100-1-7620, July 2004

5454pre.fm
>
>
3.5.1.2
NOTE: All accounts should be password-enabled. Non-expiring passwords are recommended; however, please follow company policy. If the passwords for the OpenScape services need to be changed, please refer to the Help for OpenScape Management Console for information on how to change these passwords.
The extension numbers should be unique numbers in the dialing plan (like any other
OpenScape user). For example, you can access CRDirect by name (from WM or
portal) or by number (from WM, portal, or phone).
Warning
If any password expires and if for any reason any service is stopped, it cannot be
restarted rendering the system non-functional. The password needs to be reset in
the Active Directory and the Service Control Manager. Then start the services again.
Each OpenScape installation requires two distinct accounts (<systemID>OSUNS
and <systemID>OSRTP). The same two accounts cannot be used by other OpenScape Installations. New accounts with different names must be created by the Environment Preparation Tool.
Imported AD Users
There may be cases where users for a system are being imported from another pre-Windows
2000 system (i.e. Windows NT). The migration of users into active directory (AD) is the responsibility of the customer and the process is not discussed here. For any imported user, you must
verify that the user account has a User Logon Name and not a User Logon Name [pre-Windows 2000]. See Figure 3-1.
A31003-S5020-S100-1-7620, July 2004

3-11
5454pre.fm
Figure 3-1
User Properties Screen
3.5.2
By Installer/Local Administrator
3.5.2.1
Account Requirements for OpenScape Management
Normally, all the WMI providers are hosted by the companys RTCB Managed Provider Windows service. This service, as like the other OpenScape Windows services, runs under an account that is a member of the OpenScape Service group and needs access to the WMI
namespace, the privileges to administer both the OpenScape Admin and OpenScape User
groups and any other privileges used by OpenScape Windows services e.g., access to SQL
etc.
The account mydomain\OSAdmin needs to have access to the OpenScape servers, for example, \root\Siemens\RTCB WMI namespace to reach the WMI providers after that, the privileges of the account that the Siemens RTCB Managed Provider Windows service is running under
are used.
3-12
A31003-S5020-S100-1-7620, July 2004

5454pre.fm
3.5.2.2
Namespace Permissions
OpenScape uses a namespace in the CIM. The namespace \root\Siemens\RTCB is created on

installation of the OpenScape application. For security purposes these permissions must be
verified/adjusted on the OpenScape server.
Access to the namespace security is through the Windows Management Instrumentation
(WMI) console (wmimgmt.msc). In order to access the security settings, you must be at least a
local administrator on the OpenScape server.
The following URL is a link to an MSDN article that discusses how to set the WMI namespace
privileges in Windows Server 2003.
http://support.microsoft.com/default.aspx?scid=kb;en-us;325353
Summary of user privileges for root\Siemens\RTCB namespace:
Administrators: should have all privileges including Remote Enabled
OpenScape Admin group: If not already in the administrators group, should have all privileges including Remote Enabled.
OpenScape Service group: same as above.
Everyone: should modify to deny all inherited rights
CIM Namespace Security

1.
On the OpenScape server, logon as <osinstaller>, go to Computer Management>Services and Applications->WMI Control.
2.
Right-click Properties.
3.
Click the Security tab.
4.
Select the Root\Siemens\RTCB namespace.
5.
Click Security.
6.
Select Everyone from Group or user names.
7.
Under Permissions for Everyone, click Deny for the following permissions:
8.
Execute Methods
Provider Write
Enable Account
Click Apply, OK, and then OK to close the Computer Management window.
LOCAL/NETWORK: since winmgmt uses these accounts and communicates with our
OpenScape providers the default privileges are acceptable i.e., no change.
A31003-S5020-S100-1-7620, July 2004

3-13
5454pre.fm
Summary of user privileges for root\CIMV2 namespace:
OpenScape Admin group: should have all privileges including Remote Enabled.
Summary of user privileges for root\MicrosoftIISv2 namespace:
OpenScape Admin group: should have all privileges including Remote Enabled.
The account of anyone that may need to access the WMI providers on the OpenScape server
will need at least default permissions (Execute Methods, Provider Write and Enable Account) as well as Remote Enable. This would be anyone accessing these providers via OMC
or scripting.
The WMI providers are hosted by the companys RTCB Managed Provider Windows service.
Once access is made to the OpenScape WMI namespace (\root\Siemens\RTCB) the privileges
of the account that the RTCB Managed Provider Windows service is running under are used.
As like the other OpenScape Windows services, the account used is a member of the OpenScape Service group and needs the privileges to administer both the OpenScape Admin and
OpenScape User groups and any other privileges used by OpenScape Windows services e.g.,
access to SQL etc. Also, this service account (or the OpenScape Service group it belongs to)
must have local administrative privileges on the OpenScape server.
Any user wishing to access the OpenScape WMI namespace for management purposes must
have local administrative privileges on the OpenScape server. This applies whether the user is
accessing the namespace remotely or locally.
3-14
A31003-S5020-S100-1-7620, July 2004

5454pre.fm
SIP Phone Data
3.6
SIP Phone Data
If the customer uses SIP phones, then obtain the following data for each SIP phone user that
will be needed in Section 16.5.1, Configuring Profiles for SIP Phones, on page 16-5.
Setting
Description
Value
Phone Network (if not using DHCP)

Terminal IP address range
IP address ranges to be assigned to the phones
Terminal Mask
Subnet mask that the phone resides on
Primary DNS IP Address
Primary DNS server to be used

by the phone
Secondary DNS IP Address IP address of additional DNS

(optional)
server
Default Routes
IP address of gateway on network
Domain Names
List all domains that phones

belong to (need to associate
with each phone)
Time and Date (if not using

DHCP)
SNTP server address
IP address of the time synchronization server on the network
Time zone offset
Offset that must be applied to

the time give by the SNTP
server to get current time
KDC
KDC Server Address
Host name of the KDC server

to be used. This is normally the
child domain name or IP address of the child domain controller where the user is located.
SNTP
SNMP Trap address
Quality of Service (QoS)
Tabelle 3-15
SIP Phone Data for Each User
A31003-S5020-S100-1-7620, July 2004

3-15
5454pre.fm
SIP Phone Data
Setting
Description
Value
vLAN discovery
Manual VLAN identifier
Qos Mode
Layer 3 voice
Layer 3 signaling
Tabelle 3-15
3-16
SIP Phone Data for Each User
A31003-S5020-S100-1-7620, July 2004

5454ilcs.fm
Installing Live Communications Server
Installing the LC Server
This section provides information about installing the LC Server (LCS).
>
Use Microsoft documentation as a primary guide for setting up a system infrastructure.
>
Before installing the LC Server, make sure you do not have WM installed on that machine; otherwise, WM uses the default port 5060 (to communicate with the LC Server) depending on who starts up first - WM Client or LCS Service. Usually WM Client
controls the 5060 port and, thus, the LC Server is not able to receive any messages
from any WM Clients at all. One way to avoid this would be to add another port to
the LC Server and use that port number in the server location section on the WM
Client configuration screen
Select defaults while installing the LC Server. Only in the User Info screen where it asks for a
user id and password, then enter the user id with administrator privileges only along with its
password. The installation guide that comes with the LC Server leads you to set up an
LCSService type user and, by default, that is the one that is displayed in this screen as default.
Either you can use it or enter in your own id. This will be the account under which the LCS Services will run.
4.1
Installing the LC Server
To install the LC Server (refer to the Microsoft LC Server deployment guide at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/office/livecomm2003/default.asp):
1.
Ensure that you do not have WM installed on the LC Server.
2.
Install the LC server according to the Microsoft documentation and follow the instructions.
3.
Select the defaults except on the User Info screen.
4.
In the User Info screen, type the user ID with administrator privileges and password then
click Enter. Should assistance be needed to set up an RTCService, refer to the LC Server
Installation Guide. The RTCService user ID is the default. You can either use it or type in
your own ID.
>
If the expiration date for the password is not explicitly set, then the password expires
in 42 days and the system ceases to function.
A31003-S5020-S100-1-7620, July 2004

4-1
5454ilcs.fm

Local Machine Groups
>
5.
4.2
Note: The usage of RTC is interchangeable with LCS. Microsoft changed the
name of RTC to LCS.
After LC Server is installed, then install TLS by first installing certificates. Then assign
those certificates with the TLS Mutual setup.
Local Machine Groups
On the OpenScape/LC Server, after LCS installation, there are four new Machine Local Groups
created:
RTC Local Administrators
RTC Local User Administrators
RTC Server Applications
RTC Server Local Group
In Chapter 8, Preparing the OpenScape Environment, the OpenScape Service account (see
Table 3-14 on page 3-10) is added during installation and becomes a member of these local
machine groups.
Refer to Chapter 8 and Appendix D for more details.
4.3
Installing and Setting Up the Windows Messenger (WM) Client
To install or un-install the WM client, you must be logged into the PC as a local administrator
only. If you already have a WM version installed, you must first un-install it before installing a
newer version.
To un-install WM:
1.
At the clients desktop, click Start > Run.
2.
Type C:\Documents and Settings\All Users\Application Data and click OK.
3.
Double-click Microsoft directory.
4.
Right-click Messenger.msi and select uninstall.
To install WM version 5.0.381, you must first be logged on as a local Administrator. Whenever
you log-in to the PC as a domain user for the first time, usually WM client automatically starts
your sign-in process using the user id and password as you entered while logging into your PC.
If this does not automatically start, click Start > All Programs > Windows Messenger. This
starts the WM instance installation. This process takes just less than a minute, and then configure your WM client for usage as follows.
4-2
A31003-S5020-S100-1-7620, July 2004

5454ilcs.fm

Installing and Setting Up the Windows Messenger (WM) Client
From the menu bar:

1.
Click on Tools > Options
2.
Select the Accounts tab.
3.
In the Communications Service Account section, select the My contacts include users of
a communications service check box.
4.
Type the SIP URI in the Sign-in name: field; for example, userid@domain.name (this is
the LCS users SIP URI as configured in the Active Directory)
5.
Click the Advanced button located right next to this field.
6.
Select Configure settings radio button.
7.
Type the rtc-server-host-name.domain.name in the Server name or IP address field. This

server name is the name of the server on which you have installed or the LC Server is installed.
8.
Select the TLS option at the Connection using options field.
9.
Click OK.
10. Click OK.

11. Sign in.
4.3.1
Testing with Windows Messenger
Once your LC Server is configured and before installing OpenScape, make a test call between
two WM clients. Attempt a voice call between two clients using both TCP and TLS. This ensures
that you have connectivity and the appropriate certificates.
4.3.2
Uninstalling Windows Messenger
To install or un-install the WM client, you must be logged into the PC as a local administrator
only. If you already have a VM version installed (pre-version 5.0.292), you must un-install it first
before installing the new version.
To un-install Windows Messenger:
1.
Click Start->Run.
2.
Enter c:\Documents and Settings\All Users\Application Data, then click OK.
3.
Double-click on the Microsoft directory.
4.
Double-click the Windows Messenger directory and right click on the Messenger.msi file.
5.
Select uninstall.
A31003-S5020-S100-1-7620, July 2004

4-3
5454ilcs.fm

Configuring the RTCService Account
4.3.3
Installing Windows Messenger
To install Windows Messenger version 5.0.381, log on first as a local administrator.

Whenever you logon to the PC as a domain user for the first time, the WM client usually automatically starts your sign-in process using the user id and password you entered while logging
onto your PC.
If this sign-in process does not automatically start, click Start->Programs->Windows Messenger to start the Windows Messenger copy installation.
4.3.4
Configuring the WM Client
To configure your WM client for usage from the WM menu bar:

1.
Click Tools->Options....
2.
Select the Accounts tab.
3.
In the Communications Service Account section, select the check box My contacts include users of a communications service.
4.
Type the SIP URI in the Sign-in name: field.

For example, userid@domain.name (this is the LCS users SIP URI as
configured in the Active Directory).
5.
Click the Advanced... button.
6.
Click Configure settings.
7.
Enter LCS-server-host-name.domain.name in the Server name or IP address: field.

This server name is the name of the server on which the LC Server is installed.
8.
Select TLS from the Connection using: options field.
9.
Click OK.
10. Click OK.

11. Sign in.
4.4
The following must be done after the LCS domain prep and before anyone needs to use a
phone in a Windows 2000 domain.
On the RtcService Properties dialog box, select the Account tab. Check the Use DES encryption types for this account box, then click OK.
4-4
A31003-S5020-S100-1-7620, July 2004

5454ilcs.fm
A31003-S5020-S100-1-7620, July 2004


4-5
5454ilcs.fm

LCS Setup Checklist and Troubleshooting
4.5
General
Checklist
On
Windows
Messenger
(WM) Clients
Installation Tasks
DNS Configurations
Table 4-1
Done
()
Check if version is 5.0.0381.

Transport channel should be set to TLS.
User SIP URI configured should be correct (check spelling and format).
All users should point to the LCS Home Server on which they are
homed.
To un-install WM on your system, log on as an Administrator and go
to the \Documents and Settings\All Users\Application Data\Microsoft directory and double click on WM directory and locate the
.msi file. Right click on .msi file and select uninstall.
Check if your system is configured to point to the correct DNS Server.
System should have the correct domain name entries in its search
list.
You should be able to ping all Clients & Gateways in your domain.
You can view LCS settings like Ports, Static Routes, making them Trusted or unTrusted, and
displaying only the required settings on the LC Server.
4-6
A31003-S5020-S100-1-7620, July 2004

5454ActiveD.fm
Active Directory Reference
Environment Recommendations
OpenScape V2 requires extending the Active Directory schema with OpenScape specific
classes and attributes similar to what Microsoft requires for LCS. Chapter 7, Setting Up a Forest in Production Mode describes the steps to extend of the schema.
As alternative to extending the enterprise Active Directory schema OpenScape can be deployed in Early Deployment Mode (EDM). EDM uses ADAM (Active Directory Application
Mode) which is extended with the Siemens schema enhancements instead. EDM installation
is described in Chapter 6, Setting up OpenScape in Early Deployment Mode (EDM). EDM/
ADAM does not provide the same versatility as running OpenScape in production mode. It is
recommended to install OpenScape in Production mode.
5.1
Environment Recommendations
The following list summarizes the recommendations for placement of Active Directory domain
controllers and global catalog servers to support HiPath OpenScape.
At least one global catalog server must be installed in each domain that contains HiPath OpenScape components such as OpenScape or Routing Dispatcher.
Ensure that the server assigned the infrastructure master role is not a global catalog
server (unless the domain only contains one DC).
Ensure that DNS is correctly configured at the hub site and all branches. Ensure that
name resolution and DNS functionality are both operating correctly.
5.2
Attributes and Objects
Forest preparation will extend the Active Directory schema and will add additional attributes
and objects in the schema. The changes made include:
The User object being extended to add attributes for each user that are mostly static,
such as Secondary SIP addresses and OpenScape Home Server. The same extension is made on the contact object for cross-forest scenarios.
A new Siemens container being created under the system object, if it doesnt already
exist.
A new Siemens OpenScape container being created under the computer object.
Note: The schema extensions to a customer Active Directory Enterprise Schema cannot be removed once applied to it! This is a permanent change to AD.
A31003-S5020-S100-1-7620, July 2004

5-1
5454ActiveD.fm

5.2.1
Attributes and Objects Hierarchy
The following structure shows the hierarchy of the new classes and the new attributes:
System (container)
Siemens (container)
Siemens Openscape (siemensOSGlobalContainer)
siemensOSExtension:: attribute
<domain> (siemensOSDomain)
siemensOSDomainName:: attribute
<guid> (siemensOSTrustedService)
siemensOSIsMaster :: attribute
siemensOSTrustedServiceFQDN:: attribute
Note: The above class objects will be added to the root domain
Computers (container)
<Machine-Name>
Siemens Openscape (serviceConnectionPoint)
OS Core Services (siemensOSServices)
siemensOSServiceInfo:: attribute
SB Registration Service (siemensOSServiceConnectionPoint)
5-2
A31003-S5020-S100-1-7620, July 2004

5454ActiveD.fm

Users (container)
User (extensions)
siemensOSSecondaryAOR:: attribute
siemensOSEnabled:: attribute
siemensOSHomeServer:: attribute
siemensOSRequiredData:: attribute
siemensOSDevices:: attribute
siemensOSUserData1:: attribute
Contacts (container)
Contact (extensions)
siemensOSSecondaryAOR:: attribute
siemensOSEnabled:: attribute
siemensOSHomeServer:: attribute
siemensOSRequiredData:: attribute
siemensOSDevices:: attribute
A31003-S5020-S100-1-7620, July 2004

5-3
5454ActiveD.fm

Attribute Definitions
5.3
Attribute Definitions
The following tables shows the new attributes defined in the schema file (ldf) that extends objects for Siemens OpenScape Server.
Attribute
Syntax
siemensOSServiceInfo
MultiValue
Directory True
String
Object
siemensOSServices
Description
Contains information specific to this Service (e.g.

for Core Services DB
connectivity)
siemensOSExten- Directory True

sion
String
siemensOSServices, si- OpenScape extensions

emensOSServiceConnectionPointclass,
siemensOSGlobalContainer, siemensOSDomain, siemensOSTrustedService, User,
Contact
siemensOSSecondaryAOR
user
Secondary AORs
siemensOSHome- Directory False

Server
String
user
OpenScape HomeServer
siemensOSEnabled
Boolean
user
Indicates whether user is

enabled for OpenScape
siemensOSRequiredData
Directory True
String
user
OpenScape user required

information. For OpenScape backup/restore
purposes.
siemensOSDevices
Directory True
String
user
Device(s) assigned to
OpenScape user
siemensOSUserD Directory False

ata1
String
user
Not currently used

ata2
String
user
Not currently used

ata3
String
user
Not currently used

ata4
String
user
Not currently used
Table 5-1
5-4
Directory True
String
False
Siemens Attribute Extensions

A31003-S5020-S100-1-7620, July 2004
5454ActiveD.fm

Class Definitions
Attribute
Syntax
siemensOSDomainName
Directory False
String
siemensOSTrustedServiceFQDN
5.4
Object
Description
siemensOSDomain
A domain configured for

OpenScape
False
siemensOSTrustedService
This attribute determines

whether the user is a
master representation or
a replicated copy.
Directory False
String
Trusted Server FQDN
siemensOSIsMas- Boolean
ter
Table 5-1
MultiValue
Siemens Attribute Extensions
Class Definitions
The new Active Directory classes are as follows:
siemensOSServices
siemensOSServiceConnectionPoint
siemensOSGlobalContainer
siemensOSDomain
Table 5-2 through Table 5-6 describe the new attributes associated with each of these classes.
5.4.1
siemensOSServices
This class stores the Siemens OpenScape Service information and is inherited from the serviceConnectionPoint class. The following table shows the new Active Directory class and its
OpenScape attributes.
The only possible superior class os siemensOSServices is the serviceConnectionPoint class.
Attribute
Syntax
Multi-Value
Description
siemensOSServiceInfo
Directory String
True
Contains information specific to this Service (e.g. for

Core Services DB connectivity)
siemensOSExtension
Directory String
True
OpenScape extensions
Table 5-2
Siemens OS Services Class Attributes
A31003-S5020-S100-1-7620, July 2004

5-5
5454ActiveD.fm

Class Definitions
5.4.2
siemensOSServiceConnectionPoint
The siemensOSServiceConnectionPoint class inherits from the serviceConnectionPoint class

and can have only siemensOSServices class objects as it possible superior.
Attribute
siemensOSExtension
Table 5-3
5.4.3
Syntax
Directory String
Multi-Value
True
Description
Siemens OS Service Connection Point Class Attribute
siemensOSGlobalContainer
The siemensOSGlobalContainer class is a container class for Siemens OpenScape global information. This class inherits from the container class and can have other container class objects as it possible superior.
Attribute
siemensOSExtension
Table 5-4
5.4.4
Syntax
Directory String
Multi-Value
True
Description
Siemens OS Global Container Class Attribute
siemensOSDomain
The siemensOSDomain class is used to store all the domains configured for Siemens OpenScape and is a container class for Siemens OpenScape global information. This class inherits
from the container class and can have only siemensOSGlobalContainerclass objects as it possible superior.
Attribute
Syntax
Multi-Value
Description
siemensOSDomainName Directory String
False
A domain configured for

OpenScape
siemensOSExtension
True
Table 5-5
5.4.5
Directory String
Siemens OS Domain Class Attribute
The siemensOSDomain class is used to store all the domains configured for Siemens OpenScape and is a container class for Siemens OpenScape global information. This class inherits
from the container class and can have only siemensOSGlobalContainerclass objects as it possible superior.
5-6
A31003-S5020-S100-1-7620, July 2004

5454ActiveD.fm

Early Deployment Mode or Production Mode
Attribute
Syntax
Multi-Value
Description
siemensOSIsMaster
Boolean
False
This attribute determines

whether the user is a master
representation or a replicated copy.
siemensOSTrustedServiceFQDN
Directory String
False
Trusted Server FQDN
siemensOSExtension
Directory String
True
Table 5-6
5.5
Siemens OS Trusted Service Class Attribute
If the customer wants to do an OpenScape evaluation without making any changes to the Active Directory, then proceed to Chapter 6, Setting up OpenScape in Early Deployment Mode
(EDM); otherwise, proceed to Chapter 7, Setting Up a Forest in Production Mode which will
makes changes to AD.
A31003-S5020-S100-1-7620, July 2004

5-7
5454ActiveD.fm

5-8
A31003-S5020-S100-1-7620, July 2004

5454EDM.fm
Setting up OpenScape in Early Deployment Mode (EDM)
Setting up OpenScape in Early Deployment Mode

(EDM)
This chapter details the steps necessary to prepare the ADAM infrastructure to host servers
running OpenScape Server in EDM mode and later migrate to a production mode environment.
Go to Chapter 7, Setting Up a Forest in Production Mode for a production mode environment.
>
Note: Running OpenScape in EDM mode does not require the enterprise Active Directory schema to be extended. Instead ADAM is used beside the existing Active Directory to store the new Siemens OpenScape classes and attributes.
Installation comparison between Production Mode and Early Deployment Mode:

Task
Forest Preparation (ForestPrep.exe)
Extending Schema
Creating Enterprise Global objects
Not Required
Production
Mode
Required
Domain Preparation (EnvironmentSetup.exe) Required (see Section 6.2) Required
Extending Schema
Creating Enterprise Global objects

EDM System Preparation (EnvironmentSetup.exe)
Required (see Section 6.2) Not Required
Install ADAM
ADAM is available from MS for Windows

2003 Server
OpenScape EDM installation (OpenScapeEDM.exe)
Migration to Production Mode (Migrate.exe)
Optional (see Section 6.5) Not Required
Installation of OpenScape packages (such

as OpenScape, Routing Dispatcher, etc.)
Required (see general

OpenScape installation
Table 6-1
>
Required
Installation Comparison
Note: Running OpenScape in EDM mode: If a new user is created, the user cannot
be converted until Active Directory replicates that user to all domain controllers and
the ADAM synchronizer (EDMADC service) replicates that user into ADAM. This
may take several minutes depending on the customers replication topology. Usually,
this will be less than 5 minutes.
A31003-S5020-S100-1-7620, July 2004

6-1
5454EDM.fm

Installation Requirements for EDM
6.1
Installation Requirements for EDM
The following files are used to set up a forest in early deployment mode. They can be found in
the OpenScape EDM and OpenScape EPT folder (except ADAM).
EnvironmentSetup.exe: Used for Domain and System Preparation steps
OpenScapeEDM.exe: EDM installation package
Migrate.exe: Used when migrating to Production Mode
ConvertAdmins.exe: Used to migrate users that are members of administrative groups
ADAM: ADAM is an integrated directory service available with Windows Server 2003 and
must be downloaded from Microsoft at http://www.microsoft.com/windowsserver2003/
adam/default.mspx
6.2
Domain and System Preparation
Before installing ADAM and EDM the Root and Child domains need to be prepared. These are
the same steps as for production mode. The only difference is the use of the EDM parameter
when using EnvironementSetup.exe.
In preparation for EDM installation the EDM System Preparation needs to be run. See Section
8.18 on page 8-38 on how to prepare the domains and the EDM system.
6.3
ADAM Installation
Once the environment is prepared with root domain prep, child domain prep and EDM system
prep, the ADAM and EDM installation can proceed.
ADAM is an integrated directory service available with Windows Server 2003 and must be
downloaded from Microsoft at: http://www.microsoft.com/windowsserver2003/adam/default.mspx.
ADAM must be installed on a Windows 2003 Server. For larger deployments it is recommended
to install ADAM/EDM on its own server (not on an OpenScape Home Server).
ADAM installation should be run with the <osinstaller> account or an account which has given
permission to write its own Service Connection Point, or as domain admin.
6-2
A31003-S5020-S100-1-7620, July 2004

5454EDM.fm

EDM Installation
Command
Where to run
as who
What it does
Download ADAM (ADAMretailX86.exe) from:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9688F8B9-1034-4EF6-A3E52A2A57B5C8E4&displaylang=en
ADAM/EDM
Unzip and Install ADAM (adamsetup.exe):
server, run as
Select: ADAM and ADAM administration tool

installer
Select A unique instance
Enter Instance name: SiemensOpenScapeEdmV2
Accept default ports
Select: No, do not create an application directory

partition
Accept Data files
Install ADAM as the OpenScape Service account,

select This account and browse to the OSsvc account in the current domain and enter the password.
On the popup indicating that the account does not

have permissions to run as a service, click Yes.
Accept Currently logged on user: <domain\installer>
Accept: Do not import LDIF files
Finish installation.
Table 6-2
ADAM/EDM server,
run as InstallerInstalls ADAM using
predefined instance
name
SiemensOpenScap
eEdmV2 and runs
service as OpenScape Service account.
ADAM Installation Steps
Note: ADAM backup and restore is described at: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adam/adam/backing_up_and_restoring.asp
6.4
EDM Installation
Once ADAM is successfully installed the EDM installation can proceed.

EDM must be installed on a Windows 2003 server preferably on the server where ADAM with
instance SiemensOpenScapeEdmV2 has been installed.
A31003-S5020-S100-1-7620, July 2004

6-3
5454EDM.fm

MIgrating from EDM to Production Mode
Command
Where to run as who
Run OpenScape EDM In- ADAM/EDM server, run

stallation Package (Open- as installer
ScapeEDM.exe)
Table 6-3
6.4.1
What it does
Creates the ADAM schema for LC and

OpenScape.
Creates the default application partition
mirroring the real Active Directory domain names and sets the defaultNamingContext.
EDM Installation Steps
Verifying the ADAM Schema Changes
1.
Logon to the server where the ADAM instance is installed with the <osinstaller> account.
2.
Click Start > All Programs > ADAM > ADAM ASDI Edit. This will open the ADAM ADSI
Edit program.
3.
On the left pane right-click ADAM ADSI Edit, then click Connect to. This opens the
Connection Settings window.
4.
Under Well-known naming context, select Schema, then click OK.
5.
Expand My Connection, then click Schema.
6.
In the right pane, search for CN=siemens-OSServiceInfo. If present, the schema was
successfully propagated. If no such entry exists, then the schema was not modified.
>
6.5
Note: ADAM ADSI Edit is a ADAM administrative tool that may be installed as part
of the ADAM installation. The usage of ADAM ADSI Edit is very similar to ADSI Edit
for Active Directory.
There is no expiry in running HiPath OpenScape in EDM mode. There are only a few limitations
by running in EDM which mainly is performance impact with a large deployment. Once the permission to extend the enterprise is granted, it is recommended to migrate to production mode
which replaces the use of ADAM with the extended Active Directory.
Migration involves the following tasks:
Extend the enterprise Active Directory schema with the Siemens OpenScape extensions.
Migrate the user data and SCPs from ADAM to Active Directory.
Disable ADAM and remove the ADAM instance entry published in the Active Directory.
6-4
A31003-S5020-S100-1-7620, July 2004

5454EDM.fm

Extending the enterprise schema is done by the forest preparation tool, ForestSetup.exe, described in 5b. The other two tasks will be done by Migrate.exe tool.
6.5.1
Installation Requirements for Migration
For Forest Preparation, copy the OpenScape EPT folder locally to the root domain controller chosen installation directory.
For Migration and EDM System Prep un-installation, copy the OpenScape EPT folder locally to the EDM/ADAM server.
6.5.2
Migrating from ADAM to Active Directory
Migration from EDM to Production mode is done in following steps:

1.
Prepare the forest by following the instructions in Chapter 7, Setting Up a Forest in Production Mode.
2.
Run the root and child domain preparations for Production Mode as described in Chapter
8, Preparing the OpenScape Environment.
3.
Check for OpenScape users that are members of administrative groups in all OpenScape
Servers in the forest and either delete them as OpenScape users or add the privileges for
the OpenScape Service group. See Section 6.5.2.1.
4.
Logon to the EDM/ADAM server as Installer account which was used to install ADAM and
EDM. Perform the Migration by typing the following command in a command prompt: Migrate.exe /i /l prep.log.
5.
Remove OpenScape EDM using Add/Remove Programs.
6.
Optionally remove the ADAM instance using Add/Remove Programs.
7.
Logon as domain administrator to this server or any other server connected to the current
domain.
8.
Uninstall EDM System Prep using EnvironmentSetup.exe with x switch. See Section 8.18,
EDM System Preparation and Verification.
9.
Rerun the system preps again for installations remaining on this host. For example, if
OpenScape is installed on this host and will be kept, then the OpenScape system prep
must be rerun.
10. Restart all servers containing HiPath OpenScape installations (e.g. OpenScape, Routing
Dispatcher, MCU, Media Server) in the forest.
A31003-S5020-S100-1-7620, July 2004

6-5
5454EDM.fm

6.5.2.1
Checking for OpenScape Users that are members of Administrative Groups
In EDM mode members of administrative groups are allowed to be OpenScape users. These
accounts are protected for security reasons, and do not inherit the access rights.
For each OpenScape Server one of the following options option must be executed to successfully migrate these users from EDM to production mode.
Remove the users that are members of any administrative group from OpenScape. This
option requires OpenScape Admin privileges.
Provide additional permissions to the OpenScape Admin group to be able to set OpenScape specific attributes of these users. In particular: Read access rights to: Public Info,
RTCPropertySet, RTCUserSearchPropertySet, SiemensOSPropertySet and write access
rights to the SiemensOSPropertySet. This option requires Domain Admin privileges.
To delete Admin Users from OpenScape, follow the instructions below:

1.
Log on to any server in the domain being prepared with the <osinstaller> account or as a
member of the OpenScape Admin group.
2.
Copy the executable ConvertAdmins.exe and Interop.ActiveDS.dll from the OpenScape

EPT folder on the CD to the OpenScape Server.
3.
For help on the usage type ConvertAdmins /?.
4.
On the command line, type ConvertAdmins /m DELETE /SQLSERVER <sqlserver> /L

<logfile>.
5.
All the OpenScape Users with AdminCount as 1 will be deleted from OpenScape.
6.
Proceed to upgrade the system.
To grant permissions to the OpenScape Admin group and retains these users in OpenScape,
follow the instructions below:
1.
Log on to any server in domain being prepared as the Domain Administrator.
2.

3.
4.
On the command line, type ConvertAdmins /m ADDACE /SQLSERVER <sqlserver> /L

<logfile> /TRUSTEE <Domain>\OpenScape Admin, where <sqlserver> is the SQL
Servers hostname is the default instance is used, or <hostname\instance name> when a
named SQL instance is used for HiPath OpenScape.This will give the appropriate permissions to the OpenScape Admin group to all OpenScape user which are members of any
administrative group (adminCount attribute set to 1).
5.
Proceed to migration.
6-6
A31003-S5020-S100-1-7620, July 2004

5454EDM.fm
6.5.3

Verifying the Migration from ADAM to Active Directory
To verify the schema extensions, see Section 7.3, Verifying the Enterprise Schema Changes.
To verify the migration of OpenScape data from ADAM to Active Directory:
Using LDP or ADSI Edit navigate to an OpenScape user and verify that this user contains
a SiemensOSEnabled attribute set to TRUE.
A31003-S5020-S100-1-7620, July 2004

6-7
5454EDM.fm

6-8
A31003-S5020-S100-1-7620, July 2004

5454Pmode.fm
Setting Up a Forest in Production Mode
Requirements
This section details the steps necessary to prepare the forest in production mode. Forest preparation is required to run OpenScape in Production Mode and must be done before domain and
system preparation.
>
7.1
Note: If ADAM is already installed in the forest with SiemensOpenScapeEdmV2

name, then ADAM always gets the preference even after AD schema is extended
and all OpenScape Systems are running in EDM mode.
Requirements
The following files are used to set up a forest in production mode. They can be found in the
OpenScape EPT folder.
.Net Framework 1.1
Forest functional level must be Windows 2000 native or Windows Server 2003. If the
domain is in mixed mode, you need to raise its functional level to Windows 2000 native
mode.
ForestSetup.exe: Forest Preparation executable calling the forestprep.wsf script. This creates a property set and Siemens enterprise global objects.
Forestprep.wsf: Script used to import the schema definitions of the ldf file. The same script
is also used for EDM mode.
si_schema.ldf; Siemens Active Directory schema definitions. A detailed description of the

new classes/attributes can be found in the Active Directory Reference in Chapter 5, Active
Directory Reference.
7.2
Modifying the Enterprise Schema
1.
Log on to the root domain controller as a user with schema administrator credentials.
2.
Copy the si_chema.ldf, forestprep.wsf, ForestSetup.exe, and Siemens.EN.RTCB.Adcim.ADLib.dll files from the OpenScape EPT folder on the OpenScape CD.
3.
Click Start->Run, then enter cmd.
4.
Go to (cd) the directory location where the schema file (si_schema.ldf) is located.
5.
Enter ForestSetup.exe /i /L prep.log.
6.
Upon completion, close the prompt window.
You can verify whether the schema changes are applied to the all the child domains by following
the instructions specified in the next section.
A31003-S5020-S100-1-7620, July 2004
7-1
5454Pmode.fm

Verifying the Enterprise Schema Changes
7.3
Verifying the Enterprise Schema Changes
To view the user attributes in Active Directory, the ADSI Edit snap-in needs to be installed on
your computer. It is part of the SUPTOOLS.MSI, which is located under \ENGLISH\WIN2003\ENT\SUPPORT\TOOLS on the Windows 2003 Server disk.
Add the ADSI Edit snap-in into MMC, or just run adsiedit.msc.
Connect to the Schema Naming Context.
Expand the Schema container and in the right pane look for the entries beginning with siemens-OS. If these entries are not there, then the schema has not been extended.
7-2
A31003-S5020-S100-1-7620, July 2004

5454ept.fm
Preparing the OpenScape Environment
Prerequisites
The network administrator must set up the Domain and System environments for OpenScape.
Domain Preparation is required only once for every domain where OpenScape will be installed. It can also be run to repair the domain.
System Preparation is required once before every fresh installation of OpenScape. It can also
be run again to repair the system, or to change some configuration options, such as changing
the Logon user, installing LC Server on a different system etc.
Preparation can either be done manually or by using the Environment Preparation Tool. You
must use only one method and cannot interchange once started.
8.1
Prerequisites
Environment Preparation Tool only
.NET Framework 1.1 should be installed on the PC where the Tool is run.
Domain Administrator privileges are to required to run this Tool.
The domain (root & resource) should be in native mode. If it is in mixed mode, you need to
raise its functional level to native mode (using AD Domains and Trusts snap-in).
Prior to Root Domain preparation, the forest preparation has to be completed. This is only
true if the customer is installing in a production mode.
Prior to Domain preparation, LC Server should already have been installed at least once
in the domain.
Prior to System preparation, LC Server should have already been installed for the particular OpenScape system being prepared.
For System Preparation, the OpenScape Logon User (the current user logged on when
OpenScape is being installed), should be an existing Domain user.
8.2
Hints
The default OpenScape Service account is set to OSsvc.
The default OpenScape RTP account is set to <SystemID>OSRTP.
The default OpenScape UNS account is set to <SystemID>OSUNS.
The default OpenScape Web account is set to OSWeb.
Environment Preparation Tool only:
A31003-S5020-S100-1-7620, July 2004

8-1
5454ept.fm

Overview
The /PWD switch is mandatory for /D, /S and /MSS switches. The password provided for this switch is applied to all accounts created during the Preparation step. If
those accounts already exist, their password will be updated with the password provided.
If you cut and paste the command line input in the following pages to the CLI, there is
a chance that the quotation marks, , will not copy exactly which will cause the command line to fail.
During a V1 t oV2 upgrade, if there is more than one OpenScape System in the same domain, the old OpenScape Service group has to remain as it is for V1 OpenScape system
to co-exist with V2 OpenScape system. Therefore, the domain prep will automatically rename the old group to OpenScape Service V1 and copy all its members to the new group.
After upgrading all OpenScape Systems in this domain to V2 the following groups and accounts are no longer needed:
OpenScape Service V1 group
Account <SystemID>OSsrv
Delete this group and account using the AD Users and Computers Snap-in.
8.3
Overview
This section lists the environment preparation steps to be followed in these scenarios:
Installing the first OpenScape System into a Prepared Forest
Installing the second OpenScape System into a Prepared Forest Upgrade
Complex Setup
8.3.1
Installing the First OpenScape System into a Prepared Forest
This scenario corresponds to the Root Domain and Child Domain D1 of Figure 8-1.
Steps to follow:
8-2
Forest Prep (Production Mode Only - refer to Chapter 7, Setting Up a Forest in Production Mode)
Root Domain Prep (refer to Section 8.7 on page 8-9)
Domain Prep OS system (refer to Section 8.8, OpenScape System Domain Preparation and Verification)
Add Domain to Root Domain (refer to Section 8.10 on page 8-19)
System Prep OpenScape Server (refer to Section 8.13 on page 8-22)

A31003-S5020-S100-1-7620, July 2004
5454ept.fm

Overview
System Prep RD (LCS Server) (refer to Section 8.14 on page 8-28)
System Prep Media Server (refer to Section 8.15 on page 8-30)
System Prep MCU (If located on separate system) (refer to Section 8.16 on page
8-33)
System Prep TFA (If located on separate system) (refer to Section 8.17 on page
8-35)
System Prep EDM (refer to Section 8.18 on page 8-38)
8.3.2
Installing the Second OpenScape System into a Prepared Forest

Upgrade
This scenario corresponds to the Root Domain and Child Domain D1 of Figure 8-1.
Steps to follow:
8-33)
8-35)
A31003-S5020-S100-1-7620, July 2004

8-3
5454ept.fm

Overview
8.3.3
Complex Setup
This OpenScape setup consists of 2 OpenScape systems in 2 domains. All users reside in a
3rd domain. See Figure 8-1.
Figure 8-1
Complex Setup - Domain Diagram
Steps to follow:
8-4
Forest Prep (Production Mode Only - refer to Chapter 7, Setting Up a Forest in Production Mode)
Root Domain Prep (refer to Section 8.7 on page 8-9)
Domain Prep of D1 OS system (refer to Section 8.8, OpenScape System Domain

Preparation and Verification, on page 8-12)
Add Domain D1 to Root Domain (refer to Section 8.10 on page 8-19)
A31003-S5020-S100-1-7620, July 2004

5454ept.fm

Overview
8-33)
8-35)
Domain Prep of D2 OS system (refer to Section 8.8, OpenScape System Domain

Preparation and Verification, on page 8-12)
Add Domain D2 to D1 (refer to Section 8.11 on page 8-20)
8-33)
8-35)
Domain Prep of D3 user only (refer to Section 8.9, User Only Domain Preparation
and Verification)
A31003-S5020-S100-1-7620, July 2004

8-5
5454ept.fm

Overview
8.3.4
Brief Description of Steps

Step
Where to run
command
Condition
Cmd
Mode*
Forest Prep (refer to Refer to the schema Once for every forest
Chapter 7, Setting deployment guide
Up a Forest in Production Mode)
Root Domain Prep
Root Domain
Once for every forest
Domain Prep Child domain con- Once for every domain

OpenScape system taining OpenScape containing an Opensystems
Scape system
Privileges
Refer to the
schema deployment guide
RD
D
Root Domain
Administrator
Domain Administrator of the
child domain
Add domain to Root Root Domain

Domain
Once for every child

domain that hosts
OpenScape servers
RDM
Root Domain
Administrator
Cross Domain
Memberships
Child Domain

domain that hosts
OpenScape servers
DM
Child Domain
Administrator
Domain Prep - User Child Domain

Only Domain

domain that hosts
OpenScape servers
DU
Child Domain
Administrator
System Prep Child Domain con- Once before a fresh inOpenScape Server taining OpenScape stallation of each
systems
OpenScape system in
the domain

child domain
System Prep - RD
(LCS Server)
Child Domain con- Once before a fresh intaining RD systems stallation of each
OpenScape system in
the domain
RDS

child domain
System Prep - Media Server
Child Domain con- Once before a fresh intaining OpenScape stallation of each MS
systems
system in the domain
MSS

child domain
System Prep - MCU Child Domain con- Once before a fresh in- MCUS Domain Admin(if located on sepa- taining OpenScape stallation of each MCU
istrator of the
rate systems)
systems
child domain
Table 8-1
Step Description
* - Applicable only if using the Environment Preparation Tool
8-6
A31003-S5020-S100-1-7620, July 2004

5454ept.fm
Step
Where to run
command

Important
Condition
System Prep - TFA Child Domain con- Once before a fresh in(if located on sepa- taining OpenScape stallation of each TFA
rate systems)
systems
Cmd
Mode*
Privileges
TFAS

child domain
System Prep - EDM Child Domain con- Once before a fresh in- EDMS Domain Admin(if located on sepa- taining OpenScape stallation of each EDM
istrator of the
rate systems)
systems
child domain
Table 8-1
Step Description
* - Applicable only if using the Environment Preparation Tool

For a description of the Active Directory groups and accounts created during preparation, refer to Appendix D, Settings Changed by the Environment Preparation Tool.
8.4
Important
Proper sequencing should be followed for Root Domain, Domain and System Preparation.
The Root Domain Preparation step should be done before the Domain Preparation
step.
The Domain Preparation including all add member steps should be done before the
System Preparation step.
The System Remove step should be done before the Domain Remove step
DO NOT change the memberships/ rights of the accounts manually. In some cases,
such changes are not easy to be reversed and might cause some component to stop
functioning. Please use the EPT to change memberships/ permissions.
Wait at least 5 minutes between successive Prep commands to allow the changes to be
replicated.
The validation step should always be executed prior to the preparation step. If the validation
step indicates, that prep was already executed successfully, then the prep step should not
be executed again.
If multiple OS systems are deployed, removing of any root domain or domain prep will have
the result that all systems must be re-installed again. Systems installed prior to this change
will no longer function
If multiple OpenScape components are installed on the same system, and un-prep is run
for any of these components, preps for all other installed components should be re-run.
E.g. if OpenScape Core and Routing Dispatcher are installed on the same server and the
un-prep (using the /x option) for RD is run, then the System Prep step for OpenScape core
should be re-run.
A31003-S5020-S100-1-7620, July 2004

8-7
5454ept.fm

Using the Environment Preparation Tool
8.5
The SystemID entered in the XML file should be limited to 11 characters.
This is a command line tool

1.
Insert the OpenScape Installation Programs CD into the CD drive of where the OpenScape
main will be installed.
2.
Open the EPT folder, copy the following files to a folder: EnvironmentSetup.exe, Config.xml, and InteropActiveDS.dll.
3.
From the command line, change the location to the folder containing the above files, then
type EnvironmentSetup /?.
4.
The following command line options are displayed.
8.6
XML File for Environment Preparation
The XML file has sections for each step of the Environment Preparation:
- <EnvironmentPrep>
+ <ADConfig>
+ <RootDomainPrep>
+ <RootDomainAdd>
8-8
A31003-S5020-S100-1-7620, July 2004

5454ept.fm

Root Domain Preparation and Verification
+ <DomainPrep>
+ <DomainAdd>
+ <UserDomainPrep>
+ <SystemPrep>
+ <Trustees>
+ <RDSystemPrep>
+ <MSSystemPrep>
+ <MCUSystemPrep>
+ <TFASystemPrep>
+ <EDMSystemPrep>
</EnvironmentPrep>
The file is required for all steps, but only the system preparation steps require an update of the
file in their specific section. To prepare or validate any Server in the OpenScape System, first
Config.xml file needs to be edited with appropriate system information.
8.7
8.7.1
Preparation
8.7.1.1
Permissions required:
The /i and /x options require Root Domain Admin Rights
The /v option is available for all Domain users
Log on as the Domain Administrator of the Root Domain

Before doing Root Domain Preparation, please check the current status of the domain. For this
type EnvironmentSetup /v /m RD /r config.xml /l prep.log.
>
Note: If in EDM Mode, type EnvironmentSetup /v /m RD /r config.xml /l

prep.log /EDM.
The output on the command line will display the current status of the root domain.
The complete results are stored in the log file (prep.log as in this case).
A31003-S5020-S100-1-7620, July 2004
8-9
5454ept.fm

Option 1:
If the root domain is correct and complete, the output will indicate Validation Result: Exists & Complete.
In this case, the root domain does not need to be prepared again, and you can proceed to
Domain Preparation.
Option 2:
If the root domain is incorrect/ incomplete, the output will indicate Validation Result: Exists but Incomplete.
In this case, the root domain needs to be prepared again.
Prepare the root domain.
Option 3:
If the root domain is not prepared yet, the output will indicate Validation Result: Does not
exist.
In this case, the root domain needs to be prepared. Type the following to prepare the root
domain:
EnvironmentSetup /i /m RD /r config.xml /l prep.log
>
8.7.1.2
Note: If in EDM Mode, type EnvironmentSetup /i /m RD /r config.xml /l prep.log

/EDM.
Manually
1.
Open the Active Directory Users and Computers mmc snap-in.
2.
Click View, then click Advanced Features.
3.
Click View Users, then click Groups and Computers as Containers.
4.
In the navigation pane, expand the icon representing the root domain and click Users.
Create a Domain Local group with name OpenScape Service.
5.
In the navigation pane, right click the icon representing the root domain, click Properties,
click Security and click Advanced.
a) Click Add.
b) Type OpenScape Service as the object name and click OK.
c)
Click Properties, change Apply onto to User Objects.
d) In the Properties dialog box, check Read Public Information, then click OK.
8-10
A31003-S5020-S100-1-7620, July 2004

5454ept.fm

e) Repeat steps ato d for the following additional Properties:

Read RTCPropertySet
Read RTCUserSearchPropertySet
Read & Write SiemensOSPropertySet (Skip this for EDM Mode)
Click OK twice.
6.
then click Security.
Click Add, then type OpenScape Service. In the permissions for OpenScape Service
frame, select Replicate Directory changes. Click OK.
7.
In the navigation pane, expand System, Microsoft, RTC Service.

Right-click Global Settings, then click Properties and Security.
Click Add, then enter OpenScape Service.
In the permissions for OpenScape Service frame, select Read, then click OK.
8.
In the navigation pane, expand System, Siemens. (Skip this step for EDM Mode)
Right-click OpenScape Global Settings, click Properties then Security and Advanced.
a) Click Add, type OpenScape Service, then click OK.
b) In the Apply onto tab, select This object and all child objects.
c)
In the permissions frame, check the following permissions:
Read All Properties
Write All Properties
Create all child objects
Delete all child objects
d) Click OK.
8.7.2
Verification
1.
2.
Click View, then click Advanced Features.
3.
4.
A31003-S5020-S100-1-7620, July 2004

8-11
5454ept.fm

OpenScape System Domain Preparation and Verification
Verify that the following group is created - OpenScape Service.

5.
click Security and click Advanced.
Verify that the OpenScape Service group has the following permissions:
Read Public Information for user objects
Read RTCPropertySet
Read, Write & Delete SiemensOSPropertySet (Skip this verification for EDM Mode)
Replicate Directory Changes
Click OK twice.
6.
then click Security.
Click Add, then type OpenScape Service. In the permissions for OpenScape Service
7.
In the navigation pane, expand System, Microsoft, RTC Service.

Right-click Global Settings, then click Properties and Security.
Verify that the OpenScape Service group has Read permissions.
8.
In the navigation pane, expand System, Siemens. (Skip this step for EDM Mode)
Right-click OpenScape Global Settings, click Properties then Security and Advanced.
Read All Properties
Write All Properties
Create all child objects
Delete all child objects
8.8
8.8.1
Domain Preparation
8.8.1.1
Log on to the child domain being prepared.

8-12
A31003-S5020-S100-1-7620, July 2004

5454ept.fm

The /i and /x option require Domain Admin Rights for this domain.
The /v option is available for all Domain users.
Before doing Domain Preparation, please check the current status of the domain. For this type
EnvironmentSetup /v /m D /r config.xml /l prep.log.
>
Note: If in EDM Mode, type EnvironmentSetup /v /m D /r config.xml /l prep.log

/EDM.
The output on the command line will display the current status of the domain.
Option 1:
If the domain is correct and complete, the output will indicate Validation Result: Exists
& Complete.
In this case, the domain does not need to be prepared again, and you can proceed to Root
Domain Membership Preparation.
Option 2:
If the domain is incorrect/ incomplete, the output will indicate Validation Result: Exists
but Incomplete.
In this case, the domain needs t o be prepared again. In this case the existing group will
be renamed. If there is more than one OpenScape System in the same domain, the old
OpenScape Service group has to remain as it is. Therefore, the domain prep will automatically rename the old group to OpenScape Service V1 and copy all its members to the
new group. The group should be deleted after all OpenScape systems in the domain are
upgraded to V2.
Prepare the domain.
Option 3:
If the domain is not prepared yet, the output will indicate Validation Result: Does not Exist.
In this case, the domain needs to be prepared. Type the following to prepare the domain
EnvironmentSetup /i /m D /r config.xml /l prep.log /pwd <password>.
>
Note: If in EDM Mode, type EnvironmentSetup /i /m D /r config.xml /l prep.log

/pwd <password> /EDM.
A31003-S5020-S100-1-7620, July 2004

8-13
5454ept.fm

8.8.1.2
Manually
1.
2.
Click View->Advanced Features.
3.
4.
In the navigation pane, expand the icon representing the resource domain and click Users.
a) Create a Domain Local group with the name OpenScape User.
b) Create a Domain Local group with the name OpenScape Admin. Make this group a
member of OpenScape User.
c)
Create a Domain Local group with the name OpenScape Service. Make this group a
member of OpenScape User and OpenScape Admin.
d) Create a user with the name OSsvc. Check the option password never expires.
Make this user a member of OpenScape Service, OpenScape User, and RTCDomainUserAdmins.
e) Create a user with the name OSWeb. Check the option password never expires.
Make this user a member of OpenScape Service and OpenScape User.
f)
Right-click OpenScape User, click Properties, then click Security. Click Add and
type OpenScape Admin. Check Full Control, then click OK.
g) Right-click OpenScape User, click Properties, then click Security. Click Add and
type OpenScape Service. Check Full Control, then click OK.
h) Right-click OpenScape Admin, click Properties, then click Security. Click Add and
type OpenScape Service. Check Full Control, click OK.
i)
5.
Right-click OSsvc, click Properties, then click Security. Click Advanced. Click Add,
type OSsvc, then click OK. Check Read All Properties & Write All Properties.Set
Apply Onto this object only. Click OK three times.
In the navigation pane, right click the icon representing the resource domain, click Security, then click Advanced.
a) Click Add.
c)
e) Repeat steps a to d for the following additional Properties:
8-14
Read RTCPropertySet
A31003-S5020-S100-1-7620, July 2004

5454ept.fm
f)

Click Add.
g) Type OpenScape Admin as the object name and click OK.

h) Click Properties, change Apply onto to User Objects.
i)
In the Properties dialog box, check Read Public Information, then click OK.
j)
Repeat steps f to i for the following additional Properties:
Read RTCPropertySet
Read SiemensOSPropertySet (Skip this for EDM Mode)
k)
Click OK twice.
l)
In the navigation pane, right click the icon representing the resource domain, click
Properties, then click security.
m) Click Add, then type OpenScape Service. In the permissions for OpenScape Service
8.8.2
Verification
1.
2.
3.
Verify that the following groups are created:
OpenScape Admin Member of OpenScape User
OpenScape Service Member of OpenScape User, OpenScape Admin
OpenScape User
Verify that the following accounts are created:
OSsvc Member of OpenScape Service, OpenScape User, RTCDomainUserAdmins
OSWeb OpenScape Service, OpenScape User
Right-click OpenScape User, click Properties, then click Security. Verify that OpenScape
Admin and OpenScape Service have full control.
A31003-S5020-S100-1-7620, July 2004

8-15
5454ept.fm

User Only Domain Preparation and Verification
Right-click OpenScape Admin, click Properties, then click Security. Verify that OpenScape Service has full control.
Right-click OSsvc, click Properties, then click Security. Click Advanced. Verify that OSsvc has Read/ Write access to all its properties.
4.
In the navigation pane, right click the icon representing the resource domain, click Security, then click Advanced.
Read RTCPropertySet
Read, Write SiemensOSPropertySet (Skip this verification for EDM Mode)
Verify that the OpenScape Admin group has the following permissions:
Read RTCPropertySet
Read SiemensOSPropertySet (Skip this verification for EDM Mode)
8.9
8.9.1
Domain Preparation
8.9.1.1
A USER ONLY domain is a domain without any OpenScape system which contains only LC
users.
Log on to the child domain being prepared.
The /i and /x option require Domain Admin Rights for this domain.
EnvironmentSetup /v /m DU /r config.xml /l prep.log.
8-16
A31003-S5020-S100-1-7620, July 2004

5454ept.fm
>

Note: If in EDM Mode, type EnvironmentSetup /v /m DU /r config.xml /l

prep.log /EDM.
Option 1:
& Complete.
In this case, the domain does not need to be prepared again, and you can proceed to Root
Domain Membership Preparation.
Option 2:
but Incomplete.
In this case, the domain needs t o be prepared again.
Type EnvironmentSetup /x /m DU /r config.xml /l prep.log.
>
Note: If in EDM Mode, type EnvironmentSetup /x /m DU /r config.xml /l

prep.log /EDM.
Prepare the domain.

Option 3:
If the domain is not prepared yet, the output will indicate Validation Result: Does not Exist.
In this case, the domain needs to be prepared. Type the following to prepare the domain
EnvironmentSetup /i /m DU /r config.xml /l prep.log.
>
8.9.1.2
Note: If in EDM Mode, type EnvironmentSetup /i /m DU /r config.xml /l prep.log

/EDM.
Manually
1.
2.
3.
A31003-S5020-S100-1-7620, July 2004

8-17
5454ept.fm

4.
Create a Domain Local group with the name OpenScape Service.
5.
In the navigation pane, right click the icon representing the user domain, click Security,
then click Advanced.
a) Click Add.
c)
e) Repeat steps a to d for the following additional Properties:
f)
Read RTCPropertySet
Click OK twice.
g) In the navigation pane, right click the icon representing the resource domain, click
Properties, click then security.
h) Click Add, type OpenScape Service. In the permissions for OpenScape Service
frame, select Replicate Directory changes. Then click OK.
8.9.2
Verification
1.
2.
3.
4.
Verify that the following groups are created:
5.
OpenScape Service
In the navigation pane, right click the icon representing the user domain, click Security,
then click Advanced.
Read RTCPropertySet
8-18
A31003-S5020-S100-1-7620, July 2004

5454ept.fm

Root Domain Membership and Verification
Read, Write & Delete SiemensOSPropertySet (Skip this verification for EDM Mode)
8.10
Root Domain Membership and Verification
Log on to the Root domain.
8.10.1
Membership
8.10.1.1
The /i and /x option require Root Domain Admin Rights.
EnvironmentSetup /v /m RDM /r config.xml /l prep.log /DOMAIN <domain-name>.
The format of the domain-name should be in NetBios format (e.g. PLUS).
Option 1:
& Complete.
In this case, the domain does not need to be added again, and you can proceed to Domain
Membership Preparation (if necessary) or System Preparation.
Option 2:
but Incomplete.
In this case, the domain needs to be prepared again.
Option 3:
If the domain is not added yet, the output will indicate Validation Result: Does not Exist.
In this case, the domain needs to be added. Type the following to add the domain
EnvironmentSetup /i /m RDM /r config.xml /l prep.log /DOMAIN <domain-name>.
A31003-S5020-S100-1-7620, July 2004

8-19
5454ept.fm

Domain Membership and Verification
8.10.1.2
Manually
1.
2.
3.
4.
Add the OSsvc account from the child domain to the OpenScape Service group of the root
domain.
8.10.2
Verification
1.
2.
3.
4.
Verify that the OpenScape Service group has the following member:
8.11
<Child Domain-name>\OSsvc
Log on to the Child domain that provides membership.
8.11.1
Domain Membership
8.11.1.1
The /i and /x option require Domain Admin Rights for the domain the member is added to.
EnvironmentSetup /v /m DM /r config.xml /l prep.log /DOMAIN <domain-name>.
Option 1:
8-20
A31003-S5020-S100-1-7620, July 2004

5454ept.fm

& Complete.
In this case, the domain does not need to be added again, and you can proceed to System
Preparation.
Option 2:
but Incomplete.
In this case, the domain needs to be prepared again. Type the following to remove the incorrect configuration:
EnvironmentSetup /x /m DM /r config.xml /l prep.log /DOMAIN <domain-name>
Add the domain again.
Option 3:
If the domain is not added yet, the output will indicate Validation Result: Does not Exist.
In this case, the domain needs to be added. Type the following to add the domain
EnvironmentSetup /i /m DM /r config.xml /l prep.log /DOMAIN <domain-name>.
8.11.1.2
Manually
1.
2.
3.
Click View->Users, Groups and Computers as Containers.
4.
Add the OSsvc account from the other domain to the OpenScape Service group of this domain.
8.11.2
Verification
1.
2.
3.
Click View->Users, Groups and Computers as Containers.
4.
Verify that the OpenScape Service group has the following member:
<Other Domain-name>\OSsvc
A31003-S5020-S100-1-7620, July 2004

8-21
5454ept.fm

XML File for System Preparation
8.12
XML File for System Preparation
The XML file section Trustees requires entries for each type of system prep.
The account name used to install any part of the OpenScape System needs to be entered into
the Trustee section with the <Type>Installer. In this case the OpenScape Installer account is
OSInstaller. Do not change entries for other types of Trustees.
<Trustee>

<Name>OSInstaller</Name>
<Type>Installer</Type>
</Trustee>
XML Notepad or any Xml editor can be used to edit the file. Save the file.
8.13
OpenScape System Preparation and Verification
Log on to any PC in the Child domain where the OpenScape system will be installed.
8.13.1
System Preparation
8.13.1.1
The /i and /x option require Domain Admin Rights for this domain and local admin rights on
the OpenScape servers.
To prepare/validate the OpenScape System, edit the Config.xml file as follows:

+ <Trustees> (see Section 8.12)
+ <SystemPrep>
To update the SystemPrep section, find the OpenScapeCore sub-section and enter the host
names for the OpenScape Server, the SQL Server and the LC Server host name (one of the
existing LCS used with this OpenScape). In this example, it is BYRD as well:
<OpenScapeCore>

<HostName domain=''>BYRD</HostName>
8-22
A31003-S5020-S100-1-7620, July 2004

5454ept.fm



<SQLHost domain=''>BYRD</SQLHost>

<LCServer domain=''>BYRD</LCServer>
<- provide the SystemID -->
<SystemID>BYRD</SystemID>
<OpenScapeCore>
Before doing System Preparation, please check the current status of the system. For this type
EnvironmentSetup /v /m s /r config.xml /l prep.log.
Option 1:
If the system is correct and complete, the output will indicate Validation Result: Exists &
Complete.
In this case, the system does not need to be prepared again, and the environment is set to
install OpenScape.
Option 2:
If the system is incorrect/incomplete, the output will indicate Validation Result: Exists
but Incomplete.
In this case, the system needs to be prepared again.
Option 3:
If the system has not been prepared yet, the output will indicate Validation Result: Does
not Exist.
Type the following to prepare the OpenScape system:
EnvironmentSetup /i /m s /r config.xml /l prep.log /pwd <password>.
NOTE: The /pwd switch is mandatory for OpenScape System preparation; please enter
this password in Table 3-14 on page 3-10.
A31003-S5020-S100-1-7620, July 2004

8-23
5454ept.fm

8.13.1.2
Manually
1.
2.
3.
Click View->Users->Groups and Computers as containers.
4.
a) Create a user with the name <systemID>OSUNS.
Check the option Password never expires. Make this user a member of OpenScape
Service and OpenScape User.
In the Properties window of this user, click the Live Communications tab. Check Enable Live Communications for this user and provide a Home Server and SIP URI.
b) Create a user with the name <systemID>OSRTP.
Check the option Password never expires. Make this user a member of OpenScape
User.
c)
5.
Make the <installer> account a member of OpenScape Admin, OpenScape Service

and RTCDomainUserAdmins.
Open the ADSIEdit mmc and connect to the resource domain.

In the navigation pane, expand the icon representing the domain and click Computers.
a) Right click the OpenScape Server, click New, then click Object. Select class serviceConnectionPoint, type Siemens OpenScape as the name and click Finish.
b) Right click Siemens OpenScape, click Properties, then Security.
c)
Select Authenticated users, check Read and click Apply.
d) Click Add, type OpenScape Service, click OK, check Full Control and click Apply.
e) Click Add, type the <installer> account name, click OK, check Full Control and click
OK.
6.
In the AD Users & Computers mmc, right click OpenScape Server, click Manage, then
Local Users and Groups, and groups.
a) Right click Administrators. Click Add to group.
b) Add the following members:
8-24
OpenScape Admin
A31003-S5020-S100-1-7620, July 2004

5454ept.fm
c)
OSsvc
Installer account
<SystemID>OSUNS

Right click IIS_WPG. Click Add to group.
d) Add the following members:
7.
OSsvc
OSWeb
On the Computer Management window, click Services and Applications, right click
WMI control, click Properties and then Security.
To create the Root\Siemens\RTCB namespace:

a) Start wbemtest.exe.
b) Click Connect, enter root in Namespace and click Connect.
c)
Click Enum Instances..., enter __NAMESPACE and click OK.
d) In Query Result Window click Add, scroll down and double-click the Name entry
in the list view.
e) In Property Editor select Not NULL and enter value Siemens, click Save Property.
f)
In Object Editor window click Save Object.
g) Close Query Result window.

h) Click Connect, enter root\Siemens in Namespace and click Connect.
i)
Click Enum Instances..., enter __NAMESPACE and click OK.
j)
In Query Result Window click Add, scroll down and double-click the Name entry
in the list view.
k)
In Property Editor select Not NULL and enter value RTCB, click Save Property.
l)
In Object Editor window click Save Object.
m) Close Query Result window.
To set permissions on root\Siemens\RTCB namespace:

a) On the Computer Management window, click Services and Applications, right
click WMI control, click Properties and then Security.
b) Expand folder view and select Root->Siemens->RTCB.
A31003-S5020-S100-1-7620, July 2004

8-25
5454ept.fm

c)
Click Security.
d) In Security dialog window Click Add... and enter OpenScape Service, then click
OK.
e) Select OpenScape Service and check all possible Allow checkboxes, then click
Apply.
f)
In Security dialog window Click Add... and enter OpenScape Admin, then click
OK.
g) Select OpenScape Admin and check all possible Allow checkboxes, click Apply.
h) Select Everyone and check the Deny checkboxes which have the grayed out Allow checkbox checked (these should be Execute Methods, Provider Write and
Remote Enable).
i)
Click OK.
To set permissions on root\CIMV2 namespace:

a) On the Computer Management window, click Services and Applications, right
click WMI control, click Properties and then Security.
b) Expand folder view and select Root->CIMV2.
c)
Click Security.
d) In Security dialog window, click Add... and enter OpenScape Service, then click
OK.
e) Select OpenScape Service and check all possible Allow checkboxes, click Apply
f)
In Security dialog window, click Add... and enter 'OpenScape Admin, then click
OK.
g) Select OpenScape Admin and check all possible Allow checkboxes.

h) Click OK.
8.
In the navigation pane, click Computers. Right click the SQL Server, then click Manage.
In the Computer Management window click Local Users and Groups, click groups.
8-26
Installer account
A31003-S5020-S100-1-7620, July 2004

5454ept.fm
8.13.2

Verification
1.
2.
3.
4.
Verify that the following SIP-enabled accounts have been created:
<systemID>OSUNS: Member of OpenScape Service, OpenScape User
<systemID>OSRTP: Member of OpenScape User
Verify that the <installer> account is a member of the OpenScape Admin, OpenScape Service and RTCDomainUserAdmins groups.
5.
In the navigation pane, click Computers, then click the OpenScape Server.
Verify that the Siemens OpenScape container has been created. Right click Siemens
OpenScape, click Properties, then Security and Advanced.
Verify that Authenticated Users have Read permissions on this object and all child objects.
Verify that the OpenScape Service and the Installer account have full control.
6.
In the AD Users & Computers mmc, right click OpenScape Server, click Manage, then
Local Users and Groups, and groups.
Verify that the following are members of the local Administrators group:
OpenScape Admin
OSsvc
Installer account
<SystemID>OSUNS
Verify that the following are members of the local IIS_WPG group:
7.
OSsvc
OSWeb
Verify that the OpenScape Service group and OpenScape Admin group have full control
over the Root\cimv2 namespace and Root\Siemens\RTCB namespace.
Verify that Everyone is denied Inherited rights over the Root\Siemens\RTCB namespace.
A31003-S5020-S100-1-7620, July 2004

8-27
5454ept.fm

Routing Dispatcher/LCS System Preparation and Verification
8.
In the navigation pane, click Computers. Right click the SQL Server, then click Manage.
In the Computer Management window click Local Users and Groups, click groups.
Verify that the installer account is a member of the local Administrators group on the SQL
server.
8.14
Log on to any PC in the Child domain where the Routing Dispatcher will be installed.
8.14.1
System Preparation
8.14.1.1

+ <RDSystemPrep>
To update the RDSystemPrep section, find the RDServer sub-section and enter the host
names for the LC Server. In this example, BYRD is the LCS hostname:

<RDServer>
<RDServerName>>BYRD<RDServerName>
</RDServer>
EnvironmentSetup /v /m RDS /r config.xml /l prep.log.
Option 1:
8-28
A31003-S5020-S100-1-7620, July 2004

5454ept.fm

Complete.
In this case, the system does not need to be prepared again, and the environment is set to
install OpenScape.
Option 2:
but Incomplete.
Option 3:
not Exist.
EnvironmentSetup /i /m RDS /r config.xml /l prep.log.
8.14.1.2
Manually
1.
2.
3.
4.
In the navigation pane, click Computers, then click the RD/LC Server (only if the RD is
not on the OpenScape server).
Repeat step 5 on page 8-24 for the RD server.
5.
Right click RD/LC Server, click Manage, then Local Users and Groups, then groups.
c)
OpenScape Admin
OSsvc
Installer account
Right click RTC Server Applications. Click Add to group.
d) Add the following members:
OSsvc
A31003-S5020-S100-1-7620, July 2004

8-29
5454ept.fm

Media Server System Preparation and Verification
6.
WMI control, click Properties and then Security. (only if the RD is not on the OpenScape server)
Repeat step 7 on page 8-25.
8.14.2
Verification
1.
2.
3.
4.
In the navigation pane, click Computers, then click the RD/LC Server.
Verify that the Siemens OpenScape container has been created.
Right click Siemens OpenScape, click Properties, then Security and Advanced.
5.
Right click RD/LC Server, click Manage, then Local Users and Groups, then groups.
OpenScape Admin
OSsvc
Installer account
Verify that the following are members of the RTC Server Applications group:
6.
OSsvc
8.15
Log on to any PC in the Child domain containing the Media Server.
8-30
A31003-S5020-S100-1-7620, July 2004

5454ept.fm

8.15.1
System Preparation
8.15.1.1

+ <MSSystemPrep>
To update the MSSystemPrep section, find the MSServer sub-section and enter the host
names for the Media Server. In this example, HELIX is the Media Server hostname:

<MSServer>
<MSServerName>>HELIX<MSServerName>
</MSServer>
EnvironmentSetup /v /m MSS /r config.xml /l prep.log.
Option 1:
Complete.
In this case, the MS system does not need to be prepared again, and the environment is
set to install OpenScape.
Option 2:
but Incomplete.
Option 3:
A31003-S5020-S100-1-7620, July 2004

8-31
5454ept.fm

not Exist.
EnvironmentSetup /i /m MSS /r config.xml /l prep.log /pwd <password>
8.15.1.2
Manually
1.
2.
3.
4.
a) Create Xa user with the name <systemID>SiemensCR.
b) Check the option Password never expires. Make this user a member of OpenScape
User.
c)
d) Repeat steps a to c for the other three accounts:
5.
<systemID>SiemensIC
<systemID>CRDirect
<systemID>CRForward
In the navigation pane, click Computers, then right click the MS Server. Click Manage. On
the Computer Management window, click Local Users and Groups, then groups.
6.
OSsvc
Installer account
8-32
A31003-S5020-S100-1-7620, July 2004

5454ept.fm
8.15.2

MCU System Preparation and Verification
Verification
1.
2.
3.
4.
Verify that the following SIP-enabled accounts have been created:
5.
<systemID>SiemensCR: Member of OpenScape User
<systemID>SiemensIC: Member of OpenScape User
<systemID>CRDirect: Member of OpenScape User
<systemID>CRForward: Member of OpenScape User
In the navigation pane, click Computers, then right click the MS Server. Click Manage. On
the Computer Management window, click Local Users and Groups, then groups.
6.
OSsvc
Installer account
8.16
Log on to any PC in the Child domain containing the MCU server.
8.16.1
System Preparation
8.16.1.1
A31003-S5020-S100-1-7620, July 2004

8-33
5454ept.fm


+ <MCUSystemPrep>
To update the MCUSystemPrep section, find the MCUServer sub-section and enter the host
names for the MCU. In this example, BYRD is the MCU hostname:

<MCUServer>
<MCUServerName>>BYRD<MCUServerName>
</MCUServer>
EnvironmentSetup /v /m MCUS /r config.xml /l prep.log.
Option 1:
Complete.
In this case, the MCU system does not need to be prepared again, and the environment is
set to install MCU.
Option 2:
but Incomplete.
Option 3:
not Exist.
EnvironmentSetup /i /m MCUS /r config.xml /l prep.log
8-34
A31003-S5020-S100-1-7620, July 2004

5454ept.fm
8.16.1.2

TFA System Preparation and Verification
Manually
1.
2.
3.
4.
In the navigation pane, click Computers, then right click the MCU Server. Click Manage.
On the Computer Management window, click Local Users and Groups, then groups.
5.
OSsvc
Installer account
8.16.2
Verification
1.
2.
3.
4.
In the navigation pane, click Computers, then right click the MCU Server. Click Manage.
5.
OSsvc
Installer account
8.17
Log on to any PC in the Child domain containing the TFA server.

A31003-S5020-S100-1-7620, July 2004
8-35
5454ept.fm

8.17.1
System Preparation
8.17.1.1

+ <TFASystemPrep>
To update the TFASystemPrep section, find the TFAServer sub-section and enter the host
names for the TFA. In this example, BYRD is the TFA hostname:

<TFAServer>
<TFAServerName>>BYRD<TFAServerName>
</TFAServer>
EnvironmentSetup /v /m TFAS /r config.xml /l prep.log.
Option 1:
Complete.
In this case, the TFA system does not need to be prepared again, and the environment is
set to install OpenScape TFA.
Option 2:
but Incomplete.
Option 3:
8-36
A31003-S5020-S100-1-7620, July 2004

5454ept.fm

not Exist.
EnvironmentSetup /i /m TFAS /r config.xml /l prep.log
8.17.1.2
Manually
1.
2.
3.
4.
In the navigation pane, expand the icon representing the resource domain. Click Computers, then click the TFA Server. (only if TFA is not on the OpenScape Server)
Repeat step 5 on page 8-24 for the TFA server.
5.
In the navigation pane, click Computers. Right click the TFA Server, then click Manage.
6.
OSsvc
Installer account
8.17.2
Verification
1.
2.
3.
4.
In the navigation pane, expand the icon representing the resource domain. Click Computers, then click the TFA Server.
A31003-S5020-S100-1-7620, July 2004

8-37
5454ept.fm

EDM System Preparation and Verification
5.
In the navigation pane, click Computers. Right click the TFA Server, then click Manage.
6.
OpenScape Admin
Installer account
8.18
Perform this only if the customer is using the EDM mode.

Log on to any PC in the Child domain containing the TFA server.
8.18.1
System Preparation
8.18.1.1

+ <EDMSystemPrep>
To update the EDMSystemPrep section, find the EDMServer sub-section and enter the host
names for the EDM. In this example, BYRD is the EDM hostname:

<EDMServer>
8-38
A31003-S5020-S100-1-7620, July 2004

5454ept.fm

<EDMServerName>>BYRD<EDMServerName>
</EDMServer>
EnvironmentSetup /v /m EDMS /r config.xml /l prep.log.
Option 1:
Complete.
In this case, the EDM system does not need to be prepared again, and the environment is
set to install OpenScape EDM.
Option 2:
but Incomplete.
In this case, the EDM system needs to be prepared again.
Option 3:
not Exist.
EnvironmentSetup /i /m EDMS /r config.xml /l prep.log
8.18.1.2
Manually
1.
2.
3.
4.
In the navigation pane, expand the icon representing the resource domain. Click Computers, then click the EDM Server.
a) Open the ADSIEdit mmc and connect to the resource domain.
b) In the navigation pane, expand the icon representing the domain and click Computers.
A31003-S5020-S100-1-7620, July 2004

8-39
5454ept.fm

c)
Right click the EDM Server, click New, then click Object. Select class serviceConnectionPoint, type Siemens OpenScape as the name and click Finish.
d) Right click the EDM Server, click Properties, then Security.

e) Select Authenticated users, check Read and click Apply.
f)
Click Add, type OpenScape Service, click OK, check Full Control and click Apply.
Click Add, type the <installer> account name, click OK, check Full Control and click OK.
5.
In the navigation pane, click Computers. Right click the EDM Server, then click Manage.
6.
OSsvc
OpenScape Admin
Installer account
8.18.2
Verification
1.
2.
3.
4.
In the navigation pane, expand the icon representing the resource domain. Click Computers, then click the EDM Server.
Right click the EDM Server. Click Properties, then Security, then Advanced.
5.
In the navigation pane, click Computers. Right click the EDM Server, then click Manage.
8-40
A31003-S5020-S100-1-7620, July 2004

5454ept.fm

6.
OSsvc
OpenScape Admin
Installer account
A31003-S5020-S100-1-7620, July 2004

8-41
5454ept.fm

8-42
A31003-S5020-S100-1-7620, July 2004

5454ioas.fm
Installing OpenScape
Pre-Installation Check
This chapter describes the procedures for installing OpenScape.

You cannot operate the OpenScape system during installation.
> OpenScape installation, does not require shutting down (restarting) the customers
infrastructure (such as Domain Controller, Active Directory and Exchange) or LC
Server components.
9.1
9.1.1
Raising the Domain Functionality
OpenScape requires installation in a domain that is at native functionality mode or higher.

By default, when a Windows 2000 Server or Windows Server 2003 DC is installed, it is created
in mixed-mode. OpenScape requires an installation in a domain that is at native-mode or higher. This requirement provides additional security features such as the enhanced scope of the
Domain Local Security Group.
Raising the domain functionality is a manual step that must be performed with an account that
possesses Domain Administrator privilege. To raise the domain functionality:
Warning
This step cannot be reversed!
1.
Select the target domain in Active Directory Domains and Trusts console.
2.
Right-click and select Raise Domain Functional Level.
>
9.1.2
If it is not possible to raise the functionality of a production domain, create a new resource domain for OpenScape. This resource domain is a new child domain in the
forest, which has been elevated to native-mode and contains the OpenScape Servers (Application. Conferencing, Media, and LCS). This resource domain need not
have any OpenScape users in it.
Synchronizing the Time
The system time of all servers that OpenScape is a part of must be synchronized for security
mechanisms to work and have the ability to correlate maintenance information such as error
logs, call records, and trace information.
A31003-S5020-S100-1-7620, July 2004
9-1
5454ioas.fm
>
For a server running Windows 2003, time synchronization is automatic and thus no
need to do steps below.
Ensure that the LC Server also has synchronized time since it is based on the same authentication protocol,
To synchronize the time:
1.
Go to the Microsoft website for the procedures to synchronize the time.
2.
Ensure that the maximum time difference should be sub-second and must be below five
seconds.
9.1.3
Windows Server 2003 Terminal Services
The Windows Server 2003 Terminal Services is a standard feature of Windows Server 2003. It
is installed by default. It has two modes: Remote Administration Mode and Application Server
Mode. Both modes are supported by the Terminal Services service in the Services console.
Regardless whether you are running the Terminal Services in the Remote Administration mode
or the Application Server mode, the Terminal Service service is always running. This service
does not impact OpenScape installation.
Customers and VARs/SIs/companies responsible for installing OpenScape must evaluate the
need to install and running OpenScape on a Terminal Server. If the requirements are to install
and maintain OpenScape remotely, the tasks can be accomplished through the Terminal Services in Remote Administration mode. If you are running the Terminal Services in the Application Server mode simply because you would like to install and maintain OpenScape remotely,
you would need to convert the system back to a standard server by removing the Terminal
Server component in the Add/Remove Programs wizard, setup Terminal Services in Remote
Administration Mode, and install OpenScape.
Reference Material: Mastering Windows Server 2003, Mark Minasi
http://www.microsoft.com/windowsserver2003/techinfo/overview/termserv.mspx
9.1.3.1
Remote Administration Mode
The Remote Administration Mode is first introduced in Windows XP Professional. It allows the
system to be login remotely using the Remote Desktop Connection (RDC) program. To accept
an incoming connection, you must enable the Remote Desktop feature by going to Control Panel, System, Remote tab, and enable the Allow users to connect remotely to this computer
checkbox.
The Remote Administration is what we use to connect to our office PC remotely from home and
other office locations.
9-2
A31003-S5020-S100-1-7620, July 2004

5454ioas.fm
OpenScape installation through Remote Administration is supported. OpenScape is able to be

installed on a standard server remotely through RDC.
9.1.3.2
Application Server Mode
The other function of the Terminal Services is to convert a standard server into a Terminal Server (Application Server.) To do that, the Windows component, Terminal Server, must be added
in the Add/Remove Program Wizard. After the Terminal Server is added and the system is
rebooted, all logins (locally and remotely) are running in Terminal Server sections. Remote users are able to share use programs installed on the Terminal Server.
The Terminal Server is configured and used in places where data processing is preferred on
the server. Normally, programs installed on the Terminal Server are used by users every day.
Some examples are AutoCAD, PhotoShop, etc.
7
9.1.3.3
Warning
OpenScape installation in a Terminal Server is NOT supported. Installation scripts

running in the Terminal Server section fail due to security access reasons.
Terminal Services service
Regardless whether you are running the Terminal Services in the Remote Administration mode
or the Application Server mode, the Terminal Service service is always running. This service
does not impact OpenScape installation.
9.1.4
Setting Up User and Administrator Cross-Functionality
Cross-functionality is the ability of administrative accounts in one domain to administer other

domains. User and Administrator cross-functionality may be enabled in multi-domain environments. This recommendation is primarily for ease of administration and portability of users
within the domains but may conflict with the customers security polity and is not necessary for
OpenScape functionality.
Cross-user rights is the ability of an ordinary user account in one domain to have user rights in
other domains.
To provide for cross-administration, add the Domain Admins global group from each domain
into the Administrators local group in each other domain.
To provide for cross-user rights, add the Domain Users global group from each domain into
the Users local group in each other domain.
A31003-S5020-S100-1-7620, July 2004

9-3
5454ioas.fm
9.1.5
Firewall Requirements
The firewall must be configured to publish the web site to direct web requests to the OpenScape
server. Also, for access from the outside, the proper ports for http and https must be opened
(80 and 443, respectively).
9.1.5.1
Portal Access
In a customer environment, there may be a need for a user to access their portal through the
internet. This requires going through a firewall.
To enable this capability, the firewall needs to be able to configure server certificates. A certificate is required for a proxy, that is, if the HTTPS is bridged ending up with one HTTPS connection from the browser to the proxy and one HTTPS connection from the proxy to the portals Web
application.
If there is no proxy, HTTPS is tunneled directly from the browser to the portals Web application.
This is not secure and is not recommended.
9.1.5.2
OpenScape Management Console
HiPath OpenScape is managed through WMI which uses RPC (Remote Procedure Calls) to
access the OpenScape Server. Therefore, OpenScape could be managed through a firewall by
configuring RPC Dynamic Port Allocation. Refer to Microsoft Knowledge Base Article 154596
for more information. It is recommended to use an application like Remote Desktop to connect
to a server within the firewall instead of allowing RPC calls through the firewall for security reasons.
9.1.6
>
Virus Detection
In a customer environment, it is important that virus detection software is installed
on the servers. It is the customers responsibility to select, install, and configure virus
detection software.
Virus scans consume the central processing unit (CPU). McAfee VirusScan Enterprise Version
7.0.0 can be configured to scan all files with 50% CPU utilization and to prompt for action when
a virus is found.
9.1.7
Account Check
Logon with the <osinstaller> account before starting installation. This account is a domain user
account which must be pre-assigned by your domain administrator as the account to install
OpenScape on the designated OpenScape computer. If you are not sure that this has been
done, contact the domain administrator.
9-4
A31003-S5020-S100-1-7620, July 2004

5454ioas.fm
Verifying the Server Infrastructure
Refer to Appendix F for tools, utilities and hints for installing OpenScape.
9.2
Verifying the Server Infrastructure
This is the first step in preparing for the installation of the OpenScape system to ensure that it
meets the OpenScape requirements.
To verify the server infrastructure:
1.
Confirm the topology of the OpenScape system. Refer to the OpenScape Project Planning
Guide).
>
2.
The network topology at the customer site is the responsibility of the customers
IT organization.
Verify that the infrastructure components (Exchange, AD) are the appropriate versions. Refer to Section 3.2, Infrastructure Requirements, on page 3-1.
>
There currently exists a restriction with the Vegastream Gateway (pre R5.1
T017) that the fully qualified domain name of the LCS/OpenScape server may
only be a maximum of 31 characters.
The IP address for the LCS/OpenScape server should be static.
Refer to the OpenScape Project Planning Guide for information about topology.
3.
Confirm that the users exist in AD and map, based on topology, to the planned OpenScape
users.
4.
Verify that the LC Server has been prepared with the Environment Preparation Tool by the
domain administrator. As part of this preparation, the <osinstaller> account is assigned to
the LC Server computer as a local administrator. If you are not sure this was done or what
account to use, contact the domain administrator.
5.
If MSSQL is located on a separate server than OpenScape, then nothing needs to be done;
otherwise, the OpenScape server needs to have MSDE installed from the 3rd party CD (refer to Section 3.2.2.1 on page 3-2).
9.3
>
Installing the OpenScape Routing Dispatcher

Before you install the OpenScape Routing Dispatcher: Open a Live Communications Server Management Console and make sure that port 50000 is removed from
YOUR LC Server. If not, remove it.
The RD must be installed on all LC Servers that service OpenScape.

A31003-S5020-S100-1-7620, July 2004
9-5
5454ioas.fm
Verifying and Configuring Ports and Routes
Logon with the <osinstaller> account.

1.
Insert the OpenScape Installation Programs CD into the CD drive of the LC Server.
2.
Open the OpenScape RD folder, then double-click OpenScapeRoutingDispatcher.exe.
3.
On the HiPath OpenScape Setup dialog box, select HiPath OpenScape Routing Dispatcher and select the language for this installation from the drop-down menu, then click
Install.
4.
On the Welcome to Siemens HiPath OpenScape screen, verify that this is the version
you wish to install. If yes, then click Next.
5.
On the Customer Information dialog box, enter the customers user name and organization, then click Next.
6.
The next screen, Custom Setup, shows the location of the files that are going to be installed and the capacity required on the hard disk.
7.
On the HiPath OpenScape Routing Dispatcher Account Information screen, enter the
password for the OpenScape Service Account, then click Next.
8.
On the HiPath OpenScape Routing Dispatcher LCS Information screen, enter the LCS
IPSec Port number, then click Next.
9.
On the Ready to Install the Program screen, click Install.
10. When completed, click Finish and proceed to next section.
9.4
1.
Run OpenScapeRTCtools.exe located in the Tools folder of the Service Pack CD. For
more information on this tool, refer to Appendix F.3, OpenScape RTC Tool.
2.
Click Display Current LCS Configuration to verify all OpenScape related LCS settings
are correct. Then click Close.
9-6
A31003-S5020-S100-1-7620, July 2004

5454ioas.fm
3.
If ok, then continue to Section 9.5 on page 9-9; otherwise, click Configure All OpenScape
Related RTC Settings and enter information as follows (refer to Table 3-12 on page 3-8):
A31003-S5020-S100-1-7620, July 2004

9-7
5454ioas.fm
MCU Server: FQDN of MCU server

Media Server: FQDN of Media Server
Gateway: FQDN of gateway (click + if more than one gateway)
OpenScape Acct: OpenScape Core Account name
Global RTC Domains: FQDN of LCS
Click Perform RTC Configuration
>
9-8
The OpenScapeRTCtool is used only for checking or configuring any missing configuration settings on the LC server. It is not supposed to be run as a mandatory step
before installing OpenScape.
A31003-S5020-S100-1-7620, July 2004

5454ioas.fm
9.5
1.
Verify that the OpenScape Server environment has been prepared (see Chapter 8, Preparing the OpenScape Environment).
2.
Insert the OpenScape Installation Programs CD into the CD drive.
3.
Open the OpenScape folder, then double-click OpenScape.exe.
4.
On the Choose Setup Language dialog box, select the language for this installation from
the drop-down menu, then click OK.
5.
you wish to install. If yes, then click Next
6.
7.
The next screen, Customer Setup, shows the components and location of the files that
are going to be installed and the capacity required on the hard disk.
NOTE: By default, the HiPath OpenScape Web Services SDK is set to be installed. It requires Microsoft WSE 2.0.
Verify the location of the install, then click Next.
8.
On the HiPath OpenScape System Information screen, enter the OpenScape System
Name (default - your server name) which will be used by OpenScape applications to register with a particular system.
Enter the password for the OpenScape service account. The OpenScape System Name
has to match what was entered by the Environment Preparation Tool. Then click Next.
9.
On the HiPath OpenScape Server Information screen, enter required inputs as follows:
For the Database Server Name, enter the hostname for the OpenScape Main Server
For the Database Instance Name, enter the particular instance of MS SQL server that
will be used by OpenScape. If the default instance is used, enter MSSQLServer.
Enter the Default LCS Host Domain and Default LCS Host Name. This is the LC
Server where the static routes are configured.
10. This screen, HiPath OpenScape Database Configuration Information, collects info that
will be used to determine the size of the database and also the location where the OpenScape-specific database files will be stored.
Enter the Number of Users and Number of Months. Refer to Section 3.2.11, Database
Size, on page 3-6 for the number of OpenScape users that are planned for this system
and the number of months of call records that will be kept.
A31003-S5020-S100-1-7620, July 2004

9-9
5454ioas.fm
Verify the DB Data Path.The default location for the database files is in the OpenScape
home under OpenScapeDB folder. This location should be appropriate unless there is a
database preserved elsewhere from some previous installation or if the customer has a
specific need to store data files elsewhere. Click Next.
11. If you are installing the system for the first time, then you will be asked to confirm the creation of the database. In this case, click Yes to create the Database Client.
12. On the HiPath OpenScape Account Information screen, enter the passwords for UNS
and Web Service Account.
13. If HiPath OpenScape Web Services SDK was selected to be installed (default), then the
HiPath OpenScape Web Services SDK information screen appears. Change the ports if
necessary, then click Next.
14. On the Ready to Install the Program dialog box, click Install. This will take some time.
15. On the Info dialog box, click OK. (Note: You will be configuring a certificate as part of Chapter 10, Installing OMC).
16. Click Finish on the HiPath OpenScape Completed dialog box.
9-10
A31003-S5020-S100-1-7620, July 2004

10
5454iomc.fm
Installing OMC
Overview
Installing OMC
This chapter describes the procedures for installing the OpenScape Management Console
(OMC).
10.1
Overview
The OMC installation package deploys the OpenScape Base and OpenScape Management
Console. Installation of this package may be on a client machines or it may be directly on the
OpenScape server.
>
The account that will be used to access the OMC should have privilege to view/
change the OpenScape database. This account requires Admin privileges on the
OpenScape SQL DB and access to the WMI namespace at the OpenScape server.
If you install this package on a client machine in the network, the client machine must have:
O/S either Windows Server 2003 or Windows XP Professional
MS .NET Framework V1.1
>
If OMC is being installed remotely, there may be a need to configure the event viewer
to display events and descriptions correctly. For details please refer to MS article:
http://support.microsoft.com/?kbid=294893%22
The OpenScape MC installation package is available on the OpenScape Installation Programs

CD.
With OpenScape V2, the OMC provides multiple mmc snap-ins:
OpenScape [2.0]
OpenScape Routing Dispatcher [2.0]
OpenScape Trace File Accumulator [2.0]
The OMC provides English and German language interfaces. If it is desired to use a language
other than the primary language of the underlying Windows installation (Use English language
OMC on a German Windows installation, use German language OMC on a non-German Windows installation), the Language setting for the Administrator may be changed using the standard Windows Control Panel Regional and Language Settings dialog. Note that this mixed
language feature is only available on certain Windows versions / service packs, as follows:
Windows 2000 Multi-lingual version (original installation),
Windows XP with Multilingual User Interface Pack installed, or
Windows 2003 with Multilingual User Interface Pack installed.
A31003-S5020-S100-1-7620, July 2004

10-1
5454iomc.fm
Installing OMC
Installing Microsoft Hotfix
10.2
Installing Microsoft Hotfix
The Microsoft hotfix, KB821234, must be installed on the OpenScape server, in order for the
OMC to work correctly.
To install the Microsoft hotfix:
1.
Insert the OMC Installation Package CD into the CD drive.
2.
From the \OpenScape MC\MS Q821234 hotfix for OMC\ folder, unzip the desired file
(ENU for English or DEU for German) to your local machine.
3.
For English, double-click WindowsServer2003-KB821234-x86-ENU-Symbols.exe, then

WindowsServer2003-KB821234-x86-ENU.exe.
4.
For German, double-click the DEU files.
10.3
Installing the OMC Package
Logon with the <osinstaller> account before starting to install the OMC Package:
1.
Insert the OpenScape Installation Programs CD into the CD drive.
2.
Open the OpenScape MC folder, then double-click OpenScapeMC.exe.
3.
On the Choose Setup Language dialog box, select the language for this installation, then
click OK.
4.
On the Welcome dialog box, verify that this is the version you wish to install. If yes, then
click Next.
5.
On the Customer Information dialog box, enter the customers user name and organization,
then click Next.
6.
On the Customer Setup screen, you will see the components and location of the files that
are going to be installed and the capacity required on the hard disk. Verify the location of
the install, then click Next.
7.
On the Ready to Install the Program dialog box, click Install.
8.
Click Finish when installation is completed.
10.4
Configuring the OMC, TFA and RD Snap-ins
1.
From the OpenScape server, click Start->run.
2.
Enter mmc and click OK.
3.
Click File->Add/Remove Snap-in, then click Add.
4.
Select HiPath OpenScape, then click Add.
10-2
A31003-S5020-S100-1-7620, July 2004

5454iomc.fm
Installing OMC
Configuring the OpenScape Certificate
5.
Select HiPath OpenScape Trace File Accumulator, then click Add.
6.
Select HiPath OpenScape Routing Dispatcher, then click Add.
7.
Wait till the snap-ins appear in the Add/Remove window, then click Close.
8.
Click OK to close the Add/Remove window.
9.
Click File->Save as, then enter OMC to save as icon on desktop for later use such as
Chapter 16, Installing SIP Phones.
10.5
Configuring the OpenScape Certificate
This is required if you installed an OpenScape with a new database. To configure the OpenScape certificate (for more info on configuring certificates, refer to Section A.2):
1.
Open the Console Root folder.
2.
Expand OpenScape [2.0}, then your OpenScape server, then System Management.
3.
Double-click System Data. The System Data Configuration dialog is used to configure system-wide OpenScape data such as the Security Certificate.
4.
The Certificate Configuration tab page of the System Configuration Dialog appears. The
Administrator must set this value initially when the OpenScape server software is installed.
This list shows all currently installed certificates. If a certificate has already been selected
for OpenScape, it is shown in the Current Certificate text box.
If no server certificate is selected, click Change Certificate.
A31003-S5020-S100-1-7620, July 2004

10-3
5454iomc.fm
Installing OMC
Installing the OpenScape License
5.
Highlight a certificate from the certificates list and click OK. The newly selected certificate
is set in the database and its entry in the list is highlighted.
6.
THrough the service control manager, verify that Siemens RTCB Service Manager Windows Service is set to Automatic. Start this Service.
7.
If you installed OpenScape for the first time and created a new database, the services are
disabled. Therefore set the disabled OpenScape services to Automatic and restart the
server.
10.6
Installing the OpenScape License
1.
Open the Console Root folder.
2.
Expand OpenScape [2.0}, then your OpenScape server, then System Management.
3.
Right-click Licensing and select Configure.
4.
Select the Install from File tab, then click Browse.
5.
Locate the license file, then click Install License Key(s).
6.
Review the Licenses, then click Close.
7.
Reboot the OpenScape Server.
10-4
A31003-S5020-S100-1-7620, July 2004

5454iomc.fm
10.7
Installing OMC
Configuring the SMTP Server
Configuring the SMTP Server
To configure the SMTP server for OpenScape:

1.
Start OMC.
2.
Select the desired target system node from the system tree (WMI provider service must be
running on the target system).
3.
Select System Data.
4.
Right-click Configure.
5.
Select the System Parameters tab.
6.
Enter the SMTP server and click Save.
10.8
Testing the OMC
If you can do Section 10.7, Configuring the SMTP Server, then the OMC is working.
10.9
Symptoms and Troubleshooting
>
All components should have tracing enabled.
BASIC CHECK: Check if these Siemens RTCB Windows Services (Routing Dispatcher (RD),
B2BUA (B2B), and Assistant Engine (AE)) are up and running properly without throwing any
exceptions. If that is not the case, first check if the Siemens RTCB Context Agent Windows Service (XA) is up and running or not.
1.
Check component traces to see if the messages are received and what is happening while
processing those messages.
2.
Look out for any Exceptions being thrown or Errors being logged. In that case, track the
sequence of operations from the beginning till that Error condition is received in that particular component.
Example:In a Basic Call, if User-1 calls User-2 and the message is not received
by User-2 then the possible causes could be any of the following:
RD could be either down or not registered properly with the LC Server. In that case,
RD does not receive any messages from the LC Server and will eventually not pass it
on to B2B.
A31003-S5020-S100-1-7620, July 2004

10-5
5454iomc.fm
Installing OMC
Testing OpenScape
B2B could be either down or not able to receive messages from LCS due to a port
problem. Check for any Exceptions thrown in the trace file. AE is either down or has
not received any 200 OK for the default user registration from the LC Server. This can
be easily seen from the traces logged in the trace file. If AE is down then B2B will simply proxy the messages back to the LC Server for normal processing.
VA is down or is not responding to messages that have been passed to it by AE. Check
traces logged in the trace files. Look for any exceptions that could have been thrown.
If you are not able to understand what the problem could be then, switch on the SIP Logger.
This traces all messages that are being received and processed by the LCS.
10.10
Testing OpenScape
First, perform the following check from the OpenScape Server:

1.
Click Start->Administrative Tools->Live Communications Server.
2.
Under Servers, right-click the FQDN of the LC Server and select Properties.
3.
Under the Connections tab,

a) Verify that port 5060 is not listed; otherwise, remove it;
b) Verify that port 50000 is the only TCP port.
Now, perform the following tests:

1.
WM-WM instant message
2.
WM-WM voice call
3.
WM-OpenScape voice call and IM
4.
OpenScape-WM voice call and IM
5.
OpenScape-OpenScape voice call and IM
10-6
A31003-S5020-S100-1-7620, July 2004

11
Security Settings
11.1
OpenScape using IPSec Security
5454isec.fm
Security Settings
OpenScape using IPSec Security
IPSec should be configured in all OpenScape deployments. Security settings must be set
in place according to how servers communicate with one another.
To secure the communication between servers with Windows IPSec configured in the servers, go to Appendix E, IPSec Security Settings.
To secure the communication between servers with IPSec configured in the network cards/
switches, refer to the documentation provided by your network card/switch provider.
11.2
Special Steps for SDK Applications
If you are running SDK applications, the following configuration needs to be done manually to
the Request and Event Web Services, which runs on the OpenScape application server. This
gives permission to the <domain>\OSWeb account to access the certificates private keys file.
1.
Click Start->Programs->Microsoft WSE 2.0->X509 Certificate Tool.
2.
Change the Certificate Location to Local Computer and the store name to Personal.
3.
Click Select Certificate From Store.

In the list box that is displayed, choose the certificate that is configured for the SDKs and
click OK. You will notice that the fields in the main window are filled up with the particulars
of the chosen certificate. [By default, the same certificate that is configured for OpenScape
Core is configured for the SDKs]
4.
Click OpenPrivateKeyFileProperties.
5.
In the dialog that opens up, click the Security tab, then add the <domain>\OSWeb account
to the list of allowed users and give it FullControl.
6.
Apply the changes.
A31003-S5020-S100-1-7620, July 2004

11-1
5454isec.fm
Security Settings
Special Steps for SDK Applications
11-2
A31003-S5020-S100-1-7620, July 2004

12
5454imcu.fm
Installing OpenScape MCU
MCU Installation Procedure
This chapter describes the procedures for installing the OpenScape MCU.
12.1
MCU Installation Procedure
Before installing the MCU, the environment must be prepared using the Environment Preparation Tool. This must be done on the PC that hosts the MC component of the MCU. Verify that
Section 8.16, MCU System Preparation and Verification has been done.
The OpenScape MCU can be installed in one of three ways (be sure to logon with the <osinstaller> account before installing):
1.
Standalone MCU (MC and MP on the same box) - perform steps as follows
a) Section 12.2, Installing the Standalone MCU (MC and MP on same box)
b) Section 12.4, Configuring MCU SiP URI and Testing the MCU
2.
Standalone MCU (MC and MP on different boxes) - perform steps as follows

a) Section 12.3, Installing the Standalone MCU (MC and MP(s) on different boxes)
b) Section 12.4, Configuring MCU SiP URI and Testing the MCU
3.
One Box Solution (on the same server as the LCS and OpenScape), then:
a) Section 12.5, One Box Configuration
>
The OpenScape MCU can have up to 4 MPs.

The MP(s) may or may not be installed on the same machine as the MC. See Table
E-1 on page E-2 on supported installation scenarios.
>
Due to the .NET version dependencies of the system, the MCU and OpenScape
must be at the same version level at time of installation. This means that it is imperative to install the MCU after OpenScape has been installed, but before any
service packs are applied to OpenScape.
12.2
Installing the Standalone MCU (MC and MP on same box)
To install the MCU installation package:

1.
Insert the OpenScape Installation Programs CD into the client CD drive.
2.
Open the OpenScape MCU folder, then double-click OpenScapeMCU.exe.
3.
click OK.
A31003-S5020-S100-1-7620, July 2004

12-1
5454imcu.fm

Installing the Standalone MCU (MC and MP(s) on different boxes)
4.
On the Welcome screen, verify that this is the version you wish to install, then click Next.
5.
6.
The Customer Setup screen shows the components to be installed, the capacity required
on the hard disk, and the location of the installed files. Verify the location of the installation,
then click Next. (This step will differ for MC and MPs in a different box).
7.
Enter the OpenScape System Name, then click Next.
8.
Enter the password for the OpenScape service account, then click Next.
9.
On the Ready to Install the Program dialog box, click Install.
10. Click Finish when installation is completed.
12.3
12.3.1
Installing MC with MP on a different box
1.
Complete steps 1 to 5 from Section 12.2.
2.
To install only the MC, disable the MP. Click the pull-down menu next to MP and select X
This features would not be available from the list of three choices.
3.
Make sure screen looks like this, then click Next.
12-2
A31003-S5020-S100-1-7620, July 2004

5454imcu.fm
4.

Complete steps 7 through 10 from Section 12.2.
12.3.2
Installing MP with MC on a different box
1.
Complete steps 1 to 5 from Section 12.2.
2.
To install only the MP, disable the MC. Click the pull-down menu next to MC and select X
This features would not be available from the list of three choices.
3.
Make sure screen looks like this, then click Next.
A31003-S5020-S100-1-7620, July 2004

12-3
5454imcu.fm

Configuring MCU SiP URI and Testing the MCU
4.
Continue with steps 7 on page 12-2 through 10.
12.4
Configuring MCU SiP URI and Testing the MCU
NOTE: This section only applies to the standalone MCU configurations. For the One Box configuration, refer to Section 12.5.3.
1.
Click Start->Programs->Siemens OpenScape MCU->MC Configuration.
2.
Select the SIP tab.
3.
Enter the SIP information.
4.
In the URI field, enter the MCU FQDN. SIP.URI=<Host Name>,<Primary DNS Suffix> For
example, hypnos.app.devos.net where hypnos=MC machine name and app.devos.net=child domain).
5.
Then click Ok.
6.
Test the MCU by making a conference call to verify the configuration.
12-4
A31003-S5020-S100-1-7620, July 2004

5454imcu.fm
12.5

One Box Configuration
Here the MC shares a machine with the LCS and OpenScape (LCS, OpenScape, MC and optionally MP). The customer determines if the MC is on the same server as the LCS and OpenScape. The MP can either be separate from or on the same server as the MC. The criteria are
performance and number of conferencing channels.
12.5.1
Installing the MCU
1.
If the MC and MP are both to be located on the same server as LCS and OpenScape, follow the steps in Section 12.2, Installing the Standalone MCU (MC and MP on same box),
on page 12-1, then proceed with Section 12.5.2, Configuring the DNS Server.
2.
If only the MC is to be located on the same server as LCS and OpenScape (MP is on another server), follow the steps in Section 12.3.1, Installing MC with MP on a different box,
on page 12-2, then proceed with Section 12.5.2, Configuring the DNS Server.
12.5.2
Configuring the DNS Server
With the DNS server, create a new Alias (CNAME) for the OpenScape host that can be used
by the MCU. This alias points to the LCS/OpenScape server (for example, mcu.rtcdomain.com>openscapehost.rtcdomain.com).
To add the CNAME alias resource record to the MCU:
1.
Open DNS.
2.
In the console tree, right-click the applicable forward lookup zone, then click New Alias.
3.
In the Alias name field, enter the alias name (for example, openscapemcu).
4.
In the FQDN for target host field, enter the FQDN of the DNS host computer for which this
alias is to be used (for example, openscapehost.rtcdomain.com), or click Browse to
browse the DNS namespace for the host.
5.
Click OK to add the new record.
6.
Ping the alias to see if got added to the zone correctly. (Open a command window and ping
the real host name and the alias. The results must be that they both should ping with the
same IP (both names resolve to the same IP address.)
12.5.3
Configuring the MC SIP
NOTE: This section only applies to the One Box Configurations for MCU installations. Refer to
Section 12.4, Configuring MCU SiP URI and Testing the MCU for configuring the MC SIP in
a standalone configuration (MC is not on the same server as LCS and OpenScape).
A31003-S5020-S100-1-7620, July 2004

12-5
5454imcu.fm

From the MCU server,

1.
Click Start->Programs->Siemens HiPath OpenScape->HiPath OpenScape MCU->MC

Configuration.
2.
Click the SIP tab.
3.
In the URI field, enter the newly created alias from step 3 in Section 12.5.2. Verify the configured SIP port number. The default is 5062 for the One Box solution. This needs to be the
same as the port number of the LCS route for the MCU.
4.
Click OK.
5.
Restart the MC service.
12.5.4
Configuring the LCS Route and Testing the MCU
Add a route in the LC server to point to the correct alias:

1.
Open LC server (Logon as LCSInstaller).
2.
Find the MCU Server name under Servers.
3.
RIght-click the MCU Server name and select Properties.
4.
Click the Routing tab.
5.
Add a new static route:

user = *
domain = openscapemcu.rtcdomain.com where openscapemcu is the alias name created
in Section 12.5.2
fully qualified domain name = openscapehost.rtcdomain.com
Choose TCP for transport;
Enter the port number configured for the MCU SIP port from step 3 in Section 12.5.3;
Leave the rest unchanged.
6.
Click OK.
7.
Check if a new entry got added resembling the following:

SIP:*@mcu.rtcdomain.com->openscapehost.rtcdomain.com
8.
Configure this Static Route as TRUSTED. (Refer to Section 4.5 on page 4-6 and Appendix
F.3, OpenScape RTC Tool.).
9.
Test the MCU by making a conference call to verify the configuration.
12-6
A31003-S5020-S100-1-7620, July 2004

13
5454imed.fm
Installing the OpenScape Media Server
To install the Media Server application on the OpenScape Media Server, refer to the HiPath
OpenScape Media Server V2.0 Installation Guide.
You will need the information from Table 3-12 on page 3-8 and Table 3-14 on page 3-10 for installation.
A31003-S5020-S100-1-7620, July 2004

13-1
5454imed.fm
13-2
A31003-S5020-S100-1-7620, July 2004

14
5454secuB.fm
Service Packs and Miscellaneous
Service Packs for Server Machines
This section describes installing service packs and miscellaneous items.
14.1
Service Packs for Server Machines
Consult the latest OpenScape Release Note which contains information on the current OpenScape service packs. This Note is located on the KMOSS website, https://kmoss.icn.siemens.de.
Insert the Service Pack CD into the CD-ROM drive and open the appropriate service pack folder. Open the corresponding folder for the component being upgraded (i.e. core, MCU, OMC, or
Client). Run the executable .msp files in the appropriate server. Follow the on-screen directions
to install the service pack.
For the Media Server, follow the directions in the Media Server for OpenScape V2.0 Installation
Guide.
14.2
Document Storage
For this feature, the following must be configured on the OpenScape system (after the service
pack has been installed):
1.
Under IIS, click Web Service Extensions. On the right select WebDAV and click Allow to
change it from Prohibited to Allowed.
14.3
Security Troubleshooting
1.
Check if the OpenScape domain is in native mode or higher. OpenScape does not support
mixed mode.
2.
The OpenScape Service group should be a Domain Global group or higher. The OpenScape Admin and User groups should be Domain Local Groups. The OpenScape Admin
group should be a member of the OpenScape User group.
3.
Ensure that the OpenScape service account belongs to the OpenScape Service group.
4.
Ensure that the OpenScape Services, MCU services and the Media Server services that
talk to OpenScape are installed under the same OpenScape service account.
5.
Ensure that the Media Server and the OpenScape Server are configured with valid certificates. These certificates should be issued by a trusted root CA for this system.
6.
Open up the Certificates MMC on the OpenScape and Media Server machines and ensure
that the configured certificates are verifiable.
A31003-S5020-S100-1-7620, July 2004

14-1
5454secuB.fm

RSA SecurID
7.
The DNS should be correctly set up with FQDN for reverse lookup for all the OpenScape
servers.
8.
Check if Windows2000 server (Media Server machine) has the latest SP4 (hot fix) from Microsoft installed.
14.4
RSA SecurID
If RSA SecurID is enabled on the system, it must be configured so that the Siemens Clients
will work on the client machines.
On the OpenScape server:
1.
Open the IIS Manager (under Administrative Tools).
2.
Expand the Web Sites->Default Web Site->OpenScape folder.
3.
Under the Portals folder, locate the WMTab.xml file on the right side; right click this file
and select Properties.
4.
In the Properties dialog box, select the RSA SecurID tab.
5.
Uncheck the Protect This Resource With RSA SecurID box.
6.
Click OK to close the Properties dialog box.
14.5
Trace File Accumulator
14.5.1
Deployment
The Trace File Accumulator (TFA) copies trace files from an OpenScape (OS) or RoutingDispatcher (RD) to the system where the TFA is installed. TFA does not remove the files from the
OS or RD system. The intended usage of TFA is to archive large quantities of trace files for 1
to n systems.
Ideally TFA should not be installed on an OS or RD system as this could create storage and/or
disk fragmentation problems. Investigation has shown that up to ~1.5 GB of trace files can be
generated in a 24 hour period.
The Trace File Accumulator does not manage the accumulated files. An administrator should
periodically purge or compress the accumulated files.
14-2
A31003-S5020-S100-1-7620, July 2004

5454secuB.fm
14.5.2

Check
Make sure the server TFA to be installed on, was prepared with Environment Preparation Tool
by your domain administrator. As part of the preparation, the <osinstaller> account is assigned
to the computer as a local administrator. If you are not sure the preparation was done and what
account to use, contact the domain administrator.
14.5.3
Installation
Logon with the <osinstaller> account.

1.
Insert the OpenScape Installation Programs CD into the CD drive of the Server.
2.
Open the OpenScape TFA folder, then double-click OpenScapeTFA.exe.
3.
click OK.
4.
you wish to install. If yes, then click Next.
5.
6.
On the Custom Setup screen, click Next.
7.
On the HiPath OpenScape TraceFile Accumulator Account Information screen, enter

the password for the OpenScape Service Account, then click Next.
8.
9.
When completed, click Finish.
14.5.4
Symptoms and Troubleshooting
BASIC CHECK: Check if the Siemens Trace File Accumulator Windows Service is up and running properly without showing any exceptions.
A31003-S5020-S100-1-7620, July 2004

14-3
5454secuB.fm

The Trace File Accumulator will begin to accumulate files after configuration is completed using
the OpenScape Trace File Accumulator management console Snap-In (see 7-installOMC.doc).
Shortly after configuration of the TFA the trace files should start to be copied to either
C:\Program Files\Siemens\HiPath OpenScape TFA\OpenScape
or
C:\Program Files\Siemens\HiPath OpenScape TFA\RoutingDispatcher.
For example the following screenshot shows that the trace files are being accumulated for
14-4
A31003-S5020-S100-1-7620, July 2004

15
5454icli.fm
Installing the OpenScape Client
This chapter describes the procedures for installing the OpenScape Client.
>
15.1
Windows Messenger must be installed first before client installation.

If the Client is installed on Windows 2000, then the Siemens tab on WM is not supported.
The user must have local admin rights to install the Client.
15OpenScape Client
To use the OpenScape Client, the OpenScape Client installation package must be installed.
1.
Insert the OpenScape Installation Programs CD into the client CD drive.
2.
Open the OpenScape Client folder, then double-click OpenScapeClient.exe.
3.
click OK.
4.
On the Welcome screen, verify that this is the correct version. If yes, then click Next.
5.
On the Customer Information screen, enter the customer user name and user organization, then click Next.
6.
On the OpenScape System Information screen, enter the name of the OpenScape system to which this client is registered to, then click Next.
7.
On the next OpenScape System Information screen, for the OpenScape Server Name,
enter the FQDN of the OpenScape System. For the LC Server Name, enter the FQDN of
the LC Server, then click Next. This identifies the servers on where the OpenScape system
and LC Server are installed.
8.
9.
Click Finish when installation is completed.
>
The Registry Entries affected on the Client machines are identified in Section 15.2.
A31003-S5020-S100-1-7620, July 2004

15-1
5454icli.fm
OpenScape Client
OpenScape Client Registry Entries
15.2
OpenScape Client Registry Entries
The following registry entries are created during OpenScape Client installation:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService"OEMTabs"="https://[OpenScapeServerName]/OpenScape/Portals/WMTab.xml"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService\ServiceProviders\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}\Branding\[RTCServerName]
"RegServiceProvider"="SOFTWARE\Microsoft\MessengerService\ServiceProviders\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}\Branding\[RTCServerName]"
15-2
A31003-S5020-S100-1-7620, July 2004

16
5454SIP.fm
Installing SIP Phones
Configuring DNS SRV Records
Here are the steps:
Configure DNS SRV Records
Obtain a Certificate
Import the SIP Phone certificate to the OpenScape Server via OMC
Verify certificates exist on the OpenScape Server
Configure and install certificate for OpenScape phones
Assign OpenScape phones from Unassigned Phones
16.1
Configuring DNS SRV Records
Ask the network administrator to create an SRV record in DNS configuration so that the SIP
phones can be addressed by the LC Server via FQDN addressing. This is done by Domain
Prep before installing OpenScape. Refer to Section A.5 on page A-6.
16.2
Obtaining a Certificate
The network administrator should create, request, and export a certificate (to a file) for the SIP
phone. This can be done by:
Using a third party certificate vendor (e.g. Verisign) - wildcard certificates are supported for
a cost-effective solution.
Using a third party vendor software (e.g. Microsoft Certificate Services) - refer to Section
A.6 on page A-7 for an example.
Obtain and copy this file to a location on the OpenScape server where it will be imported (refer
to Section 16.3.1).
16.3
SIP Phone Certificate
16.3.1
Importing
The following steps are performed on the OpenScape Server where the OpenScape Management Console is installed.
1.
Click OMC shortcut on desktop.
2.
In the Add Standalone Snap-in window, select Certificates, then click Add.
A31003-S5020-S100-1-7620, July 2004

16-1
5454SIP.fm

LC Server Certificate
3.
In the Certificates snap-in window, select Computer account, then click Next.
4.
In the Select Computer window, select Local computer:..., then click Finish.
5.
After the snap-in is added, select and expand Certificates (Local Computer)->Personal>Certificates in the Console Root window.
6.
Right-click Certificates, then select All Tasks, then click Import....
7.
On the Certificate Import Wizard window, click Next.
8.
Then click Browse and locate the SIP Phone certificate file, then click Next.
9.
Enter the certificate password and check the box Mark this key as exportable..., then
click Next.
10. On the Certificate Store window, select Automatically select the certificate based on
the type of certificate, then click Next.
11. On the Completing the Certificate Import Wizard window, verify the settings, then click Finish.
16.3.2
Verifying
1.
Expand Console Root->Certificates(Local Computer)->Personal->Certificates.
2.
On the right hand panel, verify that you see the certificate installed from Section 16.3.1.
3.
Verify that you also see the corresponding Root CA Certificate under Trusted Root Certification Authority Certificates.
16.4
LC Server Certificate
16.4.1
Identifying
1.
Start the LC Server console.
2.
From the LC Server console, expand Live Communications Server->Servers.
3.
Right-click the LC Server, select Properties, then select the Connections tab.
4.
Select the TLS connection, then click Edit.
16-2
A31003-S5020-S100-1-7620, July 2004

5454SIP.fm

OpenScape Phones Certificate
5.
On the Edit Connection window, note the three fields: Issued to:, Issued by: and Valid
from that will be used to verify in Section 16.4.2. (Note: Do not make changes.)
6.
Click Cancel twice to exit.
16.4.2
Verifying
1.
Expand Console Root->Certificates(Local Computer)->Trusted Root Certification

Authorities->Certificates.
2.
On the right hand panel, verify that you see the trusted root certificate - reference step 5 in
Section 16.4.1.
3.
If you do not, then contact the network administrator.
16.5
1.
Click the OMC shortcut on the desktop.
2.
Expand OpenScape->your OpenScape server->Device Management->Phone Management.
3.
Right-click OpenScape Phones, then select Properties.
4.
Select the Security tab, then click Change certificate.
A31003-S5020-S100-1-7620, July 2004

16-3
5454SIP.fm

5.
Select the SIP Phone Certificate from Section 16.3.2, then click OK.
6.
Select the Phone Passwords tab.
7.
Enter the Default Administration Password - this is an important step to increase security.
The existing default administration password is 123456.
8.
Enter the Default User Password - this is an important step to increase security. The existing default user password is 147258.
9.
Select the LC Servers tab, select the LC server or servers (V2 supports multiple LCS),
click Edit, then click Change certificate.
10. Select the LC server certificated identified in Section 16.4.1 on page 16-2.
16-4
A31003-S5020-S100-1-7620, July 2004

5454SIP.fm
16.5.1

Configuring Profiles for SIP Phones
1.
From the OpenScape Phones Properties window, select the Profiles tab, then click Add
to create a new profile.
2.
Enter a profile name (i.e. subnet range of SIP phones), then click OK.
3.
In the Edit Profile window, select the Network tab.
4.
If DHCP is used for SIP phones, then select On (default) for DHCP and continue with next
step; otherwise, select Off and fill in the following fields (refer to Section 3.6, SIP Phone
Data, on page 3-15):
Domain name DNS primary server Default route Then click OK.
5.
Select the Authentication tab, and in the KDC server address field, enter the IP address
or FQDN of the KDC server (as defined by the Windows domain security policies; i.e. the
child domain controller) - refer to Section 3.6, SIP Phone Data.
6.
Select the Time & Date tab, and in the SNTP server address field, enter the IP address
or FQDN of the time server. Select the timezone offset and whether it is daylight saving
or not - refer to Section 3.6, SIP Phone Data.
7.
Select the Components tab, and enable the following settings:
Presence publishing
Presence watching
Contacts
Instant messages
8.
Select the SNMP tab, enter public in the Accepted community name field.
9.
If QoS is used, select the QoS tab and set the configuration to match the Ethernet Switch
QoS setting (refer to Section 3.6, SIP Phone Data).
10. Leave data in other tabs as is since they do not impact OpenScape.
11. Then click OK to complete the Profile configuration.
A31003-S5020-S100-1-7620, July 2004

16-5
5454SIP.fm

Assigning OpenScape Phones from Unassigned Phones
16.6
For this section, only the two test OpenScape users will be assigned SIP phones. For further
details on administering SIP phones, refer to the online Administrator Help.
1.
Click OMC icon on desktop.
2.
If some or all SIP phones are on a different subnet than the OpenScape server, then the
Phone Discovery IP range must be added. Expand OpenScape->your OpenScape server->Device Management->Phone Management. Then right-click Phone Management
and select Properties. Select the Phone Discovery tab, then click Add to add the subnet
range.
3.
Expand OpenScape->your OpenScape server->Device Management->Phone Management->Unassigned Phones.
4.
Right-click on an unassigned SIP phone, then select Assign.
5.
From the pull down menu, select a test OpenScape user, then enter a name associated
with this user. Then click Next.
6.
Set the Windows password for this user then click Next. If this password is not known, a
different process is required that is covered in the online Administrator Help.
7.
Click Download a new Certificate to the phone, then click Use Default Server Certificate.
8.
Verify the certificate is the same SIP Phone certificate imported back in Section 16.3.1. If
not, click Browse and select the right one. Then click Next.
9.
In the Configuration Profile field, use the drop down menu to select the profile configured
in Section 16.5.1 on page 16-5. Then click Finish.
10. The Assign Phone Wizard starts writing data to the phone while progress info is displayed.
>
Make sure the user does not touch the phone at this time because it will appear
busy; otherwise, this assignment will fail. Once the Wizard is successful, then it is ok.
11. The phone should be registered. Verify by noting that the IP Address field of the OpenScape phone no longer says No response (manual refresh may be required).
16-6
A31003-S5020-S100-1-7620, July 2004

5454SIP.fm

12. The assigned phone is ready for use.
16.6.1
Phone Discovery
Phone Discovery is usually performed with broadcast messages to the endpoints. If the endpoints are located behind routers on a different subnet from the OpenScape server, a broadcast
message is not possible and it is necessary for the administrator to configure a range of IP Addresses that OpenScape should scan in order to find the SIP Phones. Scanning the endpoints
may be perceived as a hacker attack by security tools designed to protect against such attacks.
Phone Discovery occurs at the following times:
1.
when the administrator refreshes the list of phones displayed on the OpenScape Management Console
2.
when the Scheduled Data Synchronization for the SIP Phones is performed
3.
when OpenScape software is attempting to locate a specific SIP Phone given a MAC
Address
To prevent false alarms from Intrusion Detection Systems (IDS), the network administrator
needs to configure the IDS to ignore UDP messages sent to port 5100. In other words, a filter
should be set up in the IDS so that Phone Discovery messages do not trigger a false security
alarm
A31003-S5020-S100-1-7620, July 2004
16-7
5454SIP.fm

16-8
A31003-S5020-S100-1-7620, July 2004

17
5454fchk.fm
Final Checklist
Final Checklist
After everything has been installed, perform the following checklist:

1.
Verify the LCS Service is up and running.
2.
Verify TCP port 50000 has been configured and set as Trusted.
3.
Verify MTLS (Mutual TLS) port 5061 is configured and set as un-Trusted.
4.
Verify OpenScape application URIs has been configured and at the top of the list. For example, here is the sequence in which they should appear, top to bottom, when you are
looking at the Application URIs configured on the LC Server via the Application node in
the LC Server Control Panel):
Application URI Name: Siemens Routing Dispatcher
Application URI:
http://www.siemens.com/en/rtcb/platform/routingdispatcher
Application URI Name: Age of Presence
Application URI:
http://www.siemens.com/OpenScape/bin/AOP
Application URI Name: Routing Application Setting - Default
Application URI:
http://www.microsoft.com/RTC/DefaultRouting
5.
Verify that if any Static Routes are configured, then they must be set to Trusted.
6.
Verify that the SIP URI is the same as each users email address (Microsofts recommendation and
Siemens requirement for V2). Check if the domain-name part (i.e. the one after the @ symbol)
specifies the root domain. If is recommended to create the users email account first on Exchange,
then when you create the users LCS attributes, the SIP URI will default to the users email address.
Format:
user-name@domain-name
Example: johnsmith@xpdev.net
7.
Verify that the LCS users point to the proper LCS Home Server.
8.
Verify that the OpenScape Service Account is a member of the RTC Server Applications
group.
9.
Verify that the SIP URI is enabled for the OpenScape Service Account. That is, make it an
LCS User homed on the same server on which the OpenScape Services are running.
10. Verify that the correct domain entries have been added to the User Services Global Settings. These entries should only be for domains (FQDNs) on which the users are created.
11. Perform the following tests:
a) WM-WM instant message
b) WM-WM voice call
A31003-S5020-S100-1-7620, July 2004
17-1
5454fchk.fm
Final Checklist
c)
WM-OpenScape voice call and IM
d) OpenScape-WM voice call and IM

e) OpenScape-OpenScape voice call and IM
f)
OpenScape-OpenScape conference call
g) On client portal, assign SIP phone as Preferred Device

h) SIP phone-SIP phone call
i)
OpenScape voice call via portal to SIP phone
j)
SIP phone - OpenScape user by Primary URI (name)
k)
SIP phone - OpenScape user by Secondary URI (number)
17-2
A31003-S5020-S100-1-7620, July 2004

References
A.1
Adding Users
5454appa.fm
References
Adding Users
To add users to the OpenScape system, users must first be created as LCS users. Users may
then be converted to OpenScape users via the OpenScape Management console. Also, users
may be also created via the OpenScape Scripting Framework using a user creation script. Email address is required in AD before collaboration groups work. If you create a user without
giving him an e-mail address he can not start any conferences.
>
A.1.1
In order to enable full feature functionality, all OpenScape users need an e-mail address.
User Creation via OMC
After the OMC has been installed, launch it as follows:

1.
Click Start -> Run.
2.
Enter MMC, then click OK.
3.
In the Console, click File -> Add/Remove Snap-in.
4.
Click Add.
5.
Add the HiPath OpenScape snap-in.
6.
Click Close and then OK.
7.
Save this setting.
8.
Expand the OpenScape server in the tree view.
9.
Click RTC Users. DIFFERENT FOR V2
10. To promote LCS users to OpenScape users, right click on a user and Convert User. DIFFERENT FOR V2
>
A.1.2
Note: The OpenScape Service user should NOT be converted to an OpenScape user. They should remain only LCS users.
User Creation via Script
A utility is available through OpenScape for to run vbscript scripts. This utility may be used to:
Create LCS users
A31003-S5020-S100-1-7620, July 2004

A-1
5454appa.fm
References
Configuring Certificates
Convert LCS users to OpenScape users
Refer to the OpenScape Scripting Framework in Section F.4 on page F-6.
A.2
If an application running in machine A wants to access a service from a server application running on machine B and use TLS encryption then the Certificate Authority (CA) that issued the
certificate to the server B has to be configured as a trusted certificate authority on the local
computer A.
Customers are required to use TLS for Windows Messenger.
Windows Messenger users have an additional GUI interface as part of OpenScape. It is implemented using TABS that are downloaded from a central server using HTTPS. This server functionality can be provided by the OpenScape server since it is running IIS and has a certificate
installed. Any other server with IIS configured for TLS can also work.
OpenScape Version 2 supports Internet access to portals using HTTPS (HTTP is not supported). This feature does not require a CA to be configured or installed on the client machine as
a trusted Root Certificate Authority (root CA) (assuming they are using IE to access the portals
instead of WM tabs).
Certificates can be issued by different CAs (both internal and external) as long as they are configured as trusted CAs on local machines for example, the LC Server certificate can be issued
by an internal CA and the SIP phone certificates can be issued by an external CA as long as
both these CAs are configured as trusted CAs on machines running the client applications that
is, LC Server machine, OpenScape machine and SQL server machine and so on.
Depending on how customers acquire their certificates, Table A-1 lists the certificates required
by customers who use one certificate vendor/PKI.
Machine
Certificate Root Certificate of the CA that should be configRequired ured as trusted
LC Server
CA that issued certificate used throughout OpenScape
OpenScape Server *
SQL Server*
Media Server
MC Server
MP Server(s)
SIP Phone
Table A-1
A-2
Customers that use 1 certificate vendor/PKI(Sheet 1 of 2)
A31003-S5020-S100-1-7620, July 2004

5454appa.fm
References
Machine
Client workstation in
Intranet
Client Workstation in
Internet
ISA Server
OMC node
Note: * Running on a separate physical node. You can reuse and share the same machine
certificate if installed on the same machine.
Table A-1
Customers that use 1 certificate vendor/PKI(Sheet 2 of 2)
Table A-2 lists the certificates required by customers who use more than one certificate vendor/
PKI.
Machine
LC Server
CA that issued OpenScape Server certificate

CA that issued LC Server certificate if two Home Servers are directly connected with Mutual TLS.
OpenScape Server *
CA that issued SQL Server certificate

CA that issued Media Server certificate
CA(s) that issued SIP Phone certificate
SQL Server*
Media Server

MC Server

MP Server(s)

SIP Phone
CA that issued LC Server certificate
Client workstation in
Intranet

CA that issued LC Server certificate
CA(s) that issued SIP Phone certificates (for CTI interface and Web Pages interface)
Client Workstation in
Internet
CA that issued ISA Server certificate
Table A-2
Customers that use certificates from more than 1 vendor/PKI(Sheet 1 of 2)
A31003-S5020-S100-1-7620, July 2004

A-3
5454appa.fm
References
Upgrading
Machine
ISA Server
OMC node
Note: * Running on a separate physical node. You can reuse and share the same machine
certificate if installed on the same machine.
Table A-2
Customers that use certificates from more than 1 vendor/PKI(Sheet 2 of 2)
When creating or purchasing certificates, the "common name" of the certificate should be the
Fully Qualified Host Name of the machine on which the certificate will be used (e.g. rocket.d1.research.com where rocket is the host name and d1.research.com is the Fully Qualified
Domain Name).
A.3
Upgrading
To upgrade the OpenScape system, you need to back up the data.

Before uninstalling OpenScape, user accounts and groups must be backed up also as these
are required when you reinstall OpenScape.
A.4
Uninstalling
A.4.1
Environment Preparation Tool Uninstall
System Preparation must be uninstalled before Domain Preparation.
The /x switch can be used to uninstall any prep step.

A.4.1.1
System Preparation
From the CLI command line, type EPTSetup /x /m s /r config.xml /l ept.log to remove system preparation.
A.4.1.2
Domain Preparation
From the CLI command line, type EPTSetup /x /m d /r config.xml /l ept.log to remove domain preparation.
A-4
A31003-S5020-S100-1-7620, July 2004

5454appa.fm
A.4.2
References
Uninstalling
OpenScape (Main Server) Uninstall
If necessary, uninstall OpenScape (Main Server):

1.
Ensure that you are logged on with the <osinstaller> account.
2.
Use Windows Add/Remove Programs utility from the Control Panel to uninstall the OMC.
3.
Use Windows Add/Remove Programs utility from the Control Panel to uninstall all OpenScape programs or run the OpenScape executable.
If you do not want to remove the database, click NO at Uninstall Database client.
A.4.3
Problems Uninstalling OpenScape
If you have problems uninstalling OpenScape:

1.
Make sure everything has been removed by following these steps:
All Siemens strong named assemblies, starting with Siemens.EN.RTCBin the

C:\WINDOWS\assembly directory.
If there are still some remaining, edit and perform the batch to remove these old assemblies.
All Siemens services are removed. If not:

a) Copy the UnInstall.bat file batch and directory onto your local hard disk. Edit and
then perform the batch.
b) If a service cannot be removed, make sure it is stopped.
c)
2.
If it still cannot be removed, restart your computer and try again.
Remove the OpenScape directory under Program Files\Siemens\.

Do not remove the OpenScapeDB directory.
> If you cannot remove the OpenScape home folder, stop the Windows Management Instrumentation service from Service Control Manager. This also stops the
LCS service.
3.
If you want to remove the database:

a) To make sure the database was been removed, open Programs -> Microsoft SQL
Server -> Enterprise Manager and expand until you are under database.
b) Verify that both containers starting with Xp are removed. If not just delete them from
here.
A31003-S5020-S100-1-7620, July 2004

A-5
5454appa.fm
References
Creating an SRV Record on DNS
>
If you cannot remove the database, restart the Windows Management Instrumentation and RTC service then try to delete the database.
If you still cant delete it, restart your computer.
4.
If the database is retained, verify that the DBInUse attribute in the SystemConfig table of
the XpSystem database is 0.
A.4.4
OpenScape Client Uninstall
Use Windows Add/Remove Programs utility to remove the package.
A.4.5
OpenScape MCU Uninstall
Use Windows Add/Remove Programs utility to remove the package.
A.4.6
Media Server Uninstall
Use Windows Add/Remove Programs utility to remove the package and third party software.
A.4.7
Service Pack Uninstall
Due to Windows Installer technical limitation, service packs cannot be uninstalled.
A.5
Creating an SRV Record on DNS
This is done by the network administrator so that SIP phones can be addressed by the LC Server via FQDN addressing.
Here is an example on how to create an SRV record on DNS (usually root domain controller).
1.
Click Start->Programs->Administrative Tools->DNS.
2.
Expand the forward lookup zone until you get to the child domain name.
3.
Right click on child domain.
4.
Select other new record.
5.
Select service location from resource record type.
6.
Select create record.
7.
Enter _sips for Service.
8.
Enter 5061 for port number.
A-6
A31003-S5020-S100-1-7620, July 2004

5454appa.fm
9.
References
Obtaining a SIP Phone Certificate
Enter the FQDN of one of your LC servers in the host offering service name field (i.e. LCserver.domainchild.domainroot.net).
The LC server could be a FES (Front End Server) if a FES is being used to reduce the load
on home servers by redirecting initial registration request from clients to its correct home
server.
If there is no FES being implemented, then use one of the LCS home servers. Only one
SIP SRV Record on DNS is allowed per child domain.
If the client is not homed on the target of the DNS SRV Record, this server will redirect the
registration request to its correct home server within the same domain. The current LC
server version will not redirect clients to LC servers across domains.
The current SIP phone firmware will not support registration to LC servers across domains.
10. Click OK to create the SRV.
A.6
Here is an example on how to obtain a certificate by using Microsoft Certificate Services. This
is done by the network administrator. Certificates may also be obtained from a third party certificate vendor such as Verisign. Wildcard certificates may be deployed to reduce the cost per
certificate.
A.6.1
Creating and Issuing
This task must be done from the server where CA (Certification Authority) is installed.
The CA server can be the root domain controller server or other server that was configured as
the CA server.
1.
Verify that the following components have been installed:

a) IIS
b) Certificate Services CA
c)
2.
Certificate Services Web enrollment support (this component must be installed after
IIS)
To request a certificate on:
Windows 2003, go to Section A.6.2.
Windows 2002, go to Section A.6.3.
A31003-S5020-S100-1-7620, July 2004

A-7
5454appa.fm
References
A.6.2
Requesting (Windows 2003 Only)
Enterprise admin privileges are required to create a certificate. The steps below first involve
removing the default certificate and then creating a new certificate.
1.
Click Start->Administrative Tools->IIS Manager.
2.
Expand Local Computer->Web Sites.
3.
Right-click Default Web Site and select Properties.
4.
Click the Directory Security tab, then click Server Certificate.
5.
On the Welcome to Web Server Certificate Wizard screen, click Next.
6.
Select Remove the server certificate, then click Next.
7.
On the Remove a Certificate screen, click Next.
8.
Click Finish.
9.
At the Default Web Site Properties screen, click Server Certificate.
10. On the Welcome to Web Server Certificate Wizard screen, click Next.
11. Select Create a new certificate, then click Next.
12. On the Delayed or Immediate Request screen, select Send the request immediately to
an online certification authority, then click Next.
13. Enter a name for the certificate, then click Next.
14. Enter the organization information, then click Next.
15. For the Common Name field, enter the FQDN of where the certificate will be installed
(usually the OpenScape server), then click Next.
16. Enter the geographical information, then click Next.
17. On the SSL Port screen, accept the default of 443 and click Next.
18. On the Choose a Certification Authority screen, accept the default of the Root Certificate
and click Next.
19. On the Certificate Request Submission screen, click Next.
20. Click Finish.
21. Go to Section A.6.4.
A-8
A31003-S5020-S100-1-7620, July 2004

5454appa.fm
A.6.3
References
Requesting (Windows 2000 Only)
This task is performed (recommended) on the OpenScape server. The request is done by
getting access to the certification service on the CA server.
1.
Invoke the IE browser, and enter http://<ca_host>/certsrv, where <ca_host> can be either the host name or IP address of the CA server.
2.
A Windows logon challenge is prompted. Enter the domain administrator user account and
password of the CA server. This will bring up the Microsoft Certificate Services Welcome
web page.
3.
Select Request a certificate under the Select a task category, then click Next. This brings
up the Choose Request Type page.
4.
Select Advanced request, then click Next. This brings up the Advanced Certificate Request page.
5.
Select Submit a certificate request to this CA using a form, then click Next. The Advanced Certificate Request page is displayed.
6.
Select Web Server template from the Certificate template pull down menu.
7.
Verify the Key Options on this page:
CSP: Microsoft RSA SChannel Cryptographic Provider
Key Usage: Exchange
Key size: 1024
Create new key set
Automatic key container name
Mark keys as exportable
Request Format: CMC
Hash Algorithm: SHA-1
8.
Scroll down the page and click Submit.
9.
A warning dialog of Potential Scripting Violation is shown. (No warning is displayed if an

IP address is entered in the Name field.) Select Yes to request the certificate. The certificate is now issued (and confirmed by the new web page).
10. Click the Install this certificate hyperlink. A warning dialog of Potential Scripting Violation is shown. Select Yes to complete. The certificate is now made available.
A31003-S5020-S100-1-7620, July 2004

A-9
5454appa.fm
References
A.6.4
Locating
Performing this task on the OpenScape server is recommended. Logon with the <osinstaller> account.
1.
Invoke mmc via the Run command. Add the following Snap-ins to the MMC console:
2.
Certificates Current User
Expand Certificates>Current User->Personal->Certificates. The certificate made

available in the previous step is listed on the right side.
NOTE: The following steps apply to Windows 2000 only and involves exporting the certificate.
3.
Right-click on that certificate; select All Tasks and then Export The Certificate Export
Wizard is displayed.
4.
Click Next. On the Export Private Key dialog, select Yes, export the private key and click
Next again.
5.
On the Export File Format dialog, verify that Personal Information Exchange PKCS
#12 (.PFX) is selected with the Enable strong protection (requires IE 5.0, NT 4.0 SP4
or above) option checked. Click Next.
6.
On the Password dialog, enter and re-type the password for this certificate. (This password
will be used during certificate installation.) Click Next.
7.
On the File to Export dialog, enter a file name for the exported certificate file and browse
to the path where the certificate file will be stored. Click Next.
8.
Click Finish to complete the wizard. The certificate file is now ready for import.
A-10
A31003-S5020-S100-1-7620, July 2004

5454AppB.fm
Preparing Exchange 2000/2003 for OpenScape
Enabling WebDAV on the Exchange 2003 Server
>
B.1
The steps described in this appendix are to be given to the customers network administration for reference in how to set up the Exchange 2000/2003
server for OpenScape. This person must also work with the site telecom administrator to obtain extension numbers when creating the accounts.
Enabling WebDAV on the Exchange 2003 Server
This is only required for the Exchange 2003 server.

Under IIS, click Web Service Extensions. On the right select WebDAV and click Allow to
change it from Prohibited to Allowed.
B.2
Configuring the Account Security Privileges in the Exchange

Server Stores
1.
From the Exchange 2000/2003 server computer, click Programs->Microsoft Exchange>System Manager.
2.
Drill down to the Server Storage Group. Repeat steps 3 to 6 for each applicable storage
group (Note that Public Folder Store is not required).
.
A31003-S5020-S100-1-7620, July 2004

B-1
5454AppB.fm

Configuring the Account Security Privileges in the Exchange Server Stores
3.
Right-click Mailbox Store->Properties.
4.
On the Mailbox Store (CR-E2K) Properties dialog box, click the Security tab, then click
Add.
5.
Locate and select the <systemID>SiemensIC account. Click Add and then OK.
6.
Click the boxes below for the mandatory permissions.
B-2
A31003-S5020-S100-1-7620, July 2004

5454AppB.fm

Configuring the Account Security Privileges in the Exchange Server Stores
7.
Click OK and continue to next section.
A31003-S5020-S100-1-7620, July 2004

B-3
5454AppB.fm

Converting the SiemensIC Account into an OpenScape User
B.3
Converting the SiemensIC Account into an OpenScape User
1.
From the Active Directory window, double-click <systemID>SiemensIC, then click the
Live Communications tab.
2.
Click Enable Live Communications for this use.
3.
For the SIP URI field, enter sip:<systemID>SiemensIC@domainname.
4.
For the Home Server field, select the FQDN of the LC Server, then click Apply and OK.
5.
Expand the OpenScape snap-in.
6.
Expand User Management.
7.
Right click on the User Management window, then click Add User.
8.
In the Add New User window, do the following:

a) In the LC Home Server drop-down menu, select the LC Server name.
b) In the Search String, enter <systemID>SiemensIC. Click Browse...
c)
Click <systemID>SiemensIC. Then click OK.
d) Click Next.
e) In the OpenScape System drop-down menu, select the OpenScape system name.
f)
In the drop-down menu for User Type, select HiPath OpenScape. Click Next.
g) (Optional) Enter the Public (DID) Number.

h) Enter an extension number (refer to Table 3-14 on page 3-10). Click Next.
9.
B.4
i)
Enter a unique User ID Number.
j)
Enter a password. Click Next.
k)
Click Finish.
Confirm that <systemID>SiemensIC is included in the list as an OpenScape user.
Converting the SiemensCR Account into an OpenScape User
1.
From the Active Directory window, double-click <systemID>SiemensCR, then click the
2.
3.
For the SIP URI field, enter sip:<systemID>SiemensCR@domainname.
4.
For the Home Server field, select the FQDN of the LC Server, then click Apply and OK.
B-4
A31003-S5020-S100-1-7620, July 2004

5454AppB.fm

Converting the SiemensCR Account into an OpenScape User
5.
6.
7.
Right click on the User Management window, then click Add User.
8.

b) In the Search String, enter <systemID>SiemensCR. Click Browse...
c)
Click <systemID>SiemensCR. Then click OK.
d) Click Next.
f)
In the drop-down menu for User Type, select HiPath OpenScape. Click Next.
g) (Optional) Enter the Public (DID) Number.

h) Enter an extension number (refer to Table 3-14 on page 3-10). Click Next.
9.
i)
j)
k)
Click Finish.
Confirm that <systemID>SiemensCR is included in the list as an OpenScape user.
A31003-S5020-S100-1-7620, July 2004

B-5
5454AppB.fm

Installing Schedule+FreeBusy Information
B.5
1.
Verify that it is available.
2.
Right-click Schedule+FreeBusy Information..., then click Properties.

.
B-6
A31003-S5020-S100-1-7620, July 2004

5454AppB.fm
3.

Click the Replication tab and verify that the Public Folder Store for the Exchange 2000/
2003 server appears in the list.
a) Multiple Exchange 2000/2003 Servers in the same domain

If there are multiple Exchange 2000/2003 servers servicing the same domain, you
must add each Exchange 2000/2003 Public Folder Store in the replication list.
A31003-S5020-S100-1-7620, July 2004

B-7
5454AppB.fm

Portals Installation
B.6
B.6.1
Enabling SSL in IIS on the OpenScape Server
The OpenScape Portals must use a secure connection between the Web Server (IIS) and the
Web Browser, so we need to enable Secure Sockets Layer in the IIS Manager.
1.
Open the Internet Services (IIS) Manager (under Administrative Tools).
2.
Expand the Web Sites folder, right-click the Default Web Site subfolder and select Properties.
3.
Select the Web Site tab and enter 443 in the SSL port field (NOTE: If this field is not accessible, then skip to next step since no certificate has been installed.)
4.
Select the Directory Security tab, then click Server Certificate. The Server Certificate
Wizard will open. If the View Certificate button is enabled, it means that you already
have a certificate installed and you do not have to proceed unless you want to change the
certificate.
B-8
A31003-S5020-S100-1-7620, July 2004

5454AppB.fm

5.
If you decide to continue, click Next on the Welcome to the Web Server Certificate Wizard screen.
6.
On the Server Certificate screen, select Assign an existing certificate, then select
Next.
7.
On the Available Certificates screen, select the certificate that you have available, then
click Next. You will use the same certificate that is used by the LC Server.
8.
On the SSL Port screen, enter 443 for the SSL port number, then click Next.
9.
Click Next on the Certificate Summary screen.
10. Then click Finish.
B.6.2
Enabling SSL for Outlook Web Access (OWA) on the Exchange

Server
To integrate with the OpenScape Portals, the OWA must have Secure Sockets Layer (SSL) enabled so it can be opened inside the Portals.
1.
To enable SSL, we need to install a certificate in the IIS on the Exchange Server machine.
Please follow the same instructions in Section B.6.1 on page B-8 (Enable SSL in IIS) and
execute them on the Exchange Server (not on the OpenScape Server!). For further details
on certificate configuration, refer to Microsoft Exchange documentation.
2.
This operation needs to be done only once and please recall that, since there is only one
Exchange Server per domain forest, enabling SSL for one Exchange Server will affect all
child domains.
A31003-S5020-S100-1-7620, July 2004

B-9
5454AppB.fm

3.
If SSL is not enabled for OWA, the following error page is shown instead of the Calendar
and Inbox information.
B.6.3
Opening and Verifying the Portals in Internet Explorer
With everything ready and properly setup, you can finally open the Personal Portal web page
in IE. The URL is http://<servername>/openscape/portals/default.aspx. The <servername> is
your OpenScape server name. Please enter it in its fully qualified format (i.e.: applebee.app.devos.net), otherwise you will get a security warning every time you open the Portals.
Verify that the Personal Portal web page can be opened in IE.
B-10
A31003-S5020-S100-1-7620, July 2004

5454AppC.fm
Creating OpenScape Users for Media Server Routing
CRDirect
Creating OpenScape Users for Media Server

Routing
>
The steps described in this appendix are to be given to the network administration for creating OpenScape users for Live Communications Routing. This
person must also work with the site telecom administrator to obtain extension
numbers when creating the accounts.
These users will be used in the Media Server Installation Guide.
C.1
CRDirect
1.
In the Active Directory Users List, double-click <systemID>CRDirect, then click the Live
Communications tab.
2.
3.
For the SIP URI field, enter sip:<systemID>CRDirect@domainname.
4.
For the Home Server field, select the FQDN of LC Server, then click Apply and OK.
5.
6.
7.
Right-click the User Management window, then click Add User.
8.

b) In the Search String, enter <systemID>CRDirect. Click Browse...
c)
Click <systemID>CRDirect. Then click OK.
d) Click Next.
f)
In the drop-down menu for User Type, select Media Server. Click Next.
g) For the Application Name, enter CRDirectApp.

h) For the Contact Address, enter sip:<extensionno>@FQDN of the Media Server
where extension number is the same as in step j. Click Next.
i)
Enter the Public (DID) Number.
j)
Enter an extension number (refer to Table 3-14 on page 3-10). Click Next.
A31003-S5020-S100-1-7620, July 2004

C-1
5454AppC.fm

CRForward
k)
l)
m) Click Finish.
9.
Confirm that <systemID>CRDirect is included in the list as an OpenScape user.
C.2
CRForward
1.
In the Active Directory Users List, double-click <systemID>CRForward, then click the
2.
3.
For the SIP URI field, enter sip:<systemID>CRForward@domainname.
4.
For the Home Server field, select the FQDN of LC Server, then click Apply and OK.
5.
6.
7.
Right-click the User Management window, then click Add User.
8.

b) In the Search String, enter <systemID>CRForward. Click Browse...
c)
Click <systemID>CRForward. Then click OK.
d) Click Next.
f)
In the drop-down menu for User Type, select Media Server. Click Next.
g) For the Application Name, enter CRForwardApp.

h) For the Contact Address, enter sip:<extensionno>@FQDN of the Media Server
where extension number is the same as in step j. Click Next.
i)
Enter the Public (DID) Number.
j)
Enter an extension number (refer to Table 3-14 on page 3-10). Click Next.
k)
l)
m) Click Finish.
C-2
A31003-S5020-S100-1-7620, July 2004

5454AppC.fm
9.
C.3

Creating Forwarding Rule Target
Confirm that <systemID>CRForward is included in the list as an OpenScape user.
1.
Expand the OpenScape snap-in and the server where CRForward is a member.
2.
Expand System Management.
3.
Click System Destination.
4.
Right-click on the System Destination Administration window, then select Add Destination.
5.
For the Destination Name field, enter VoiceMail.
6.
For the Contact Address field, enter sip:<systemID>CRForward@<domain_name>

where <domain_name> is your domain.
7.
For the Destination Type field, select Media Server from the dropdown menu.
8.
Click OK.
9.
Click Close on the System Destination Administration window.
A31003-S5020-S100-1-7620, July 2004

C-3
5454AppC.fm

C-4
A31003-S5020-S100-1-7620, July 2004

5454AppD.fm
Settings Changed by the Environment Preparation Tool
Root Domain
Settings Changed by the Environment Preparation

Tool
This tool
creates the following groups and accounts during OpenScape Environment Preparation in Chapter 8
sets permissions on Active Directory objects
sets CIM namespace permissions
D.1
Root Domain
D.1.1
Accounts and Groups
Object: CN=OpenScape Service

Object Default Name
OpenScape Service
D.1.2
Object Type
Group - Domain
Local
Members
Member of
Child Domain1\OSsvc
Child Domain2\OSsvc
Permissions
Object: CN=Global Settings, CN=RTC Service, CN=Microsoft, CN=System, DC=X

Permissions
Read Access
Trustee
OpenScape Service group of the root domain
Object: CN=OpenScape Global Settings, CN=Siemens, CN=System, DC=X (not set for
EDM Mode)
Permissions
Trustee
Read all properties, Write all properties

OpenScape Service group of the root doCreate all child objects, Delete all child objects main
A31003-S5020-S100-1-7620, July 2004

D-1
5454AppD.fm

Child Domain Hosting OpenScape Servers
D.1.3
Permissions on the Domain-DNS Object
OpenScape Service group is given the following access on the Domain-DNS object:
Read permission on RTCUserSearchPropertySet
Read permission on RTCPropertySet
Read Public information for User objects
Replicate Directory changes permission
Read/ Write/ Delete Permissions on SiemensOSPropertySet (not set for EDM Mode)
D.2
D.2.1
Accounts and Groups
Object: CN=OpenScape User

Object Default Name
OpenScape User
Object Type
Group - Domain
Local
Members
Member of
All OpenScape users

OSsvc
OSWeb
<systemID>OSUNS
<systemID>OSRTP
<systemID>SiemensCR
<systemID>SIemensIC
<systemID>CRDirect
<systemID>CRForward
OpenScape Admin
OpenScape Service
Object: CN=OpenScape Admin

Object Default Name
OpenScape Admin
D-2
Object Type
Group - Domain
Local
Members
OpenScape Service
<osinstaller>
Member of
OpenScape User
Administrator (Local on
OS, RD, TFA, EDM)
A31003-S5020-S100-1-7620, July 2004

5454AppD.fm


Object Default Name
OpenScape Service
Object Type
Group - Domain
Local
Members
Member of
OSsvc
OSweb
<systemID>OSUNS
<osinstaller>
Child Domain2\OSsvc
OpenScape User
OpenScape Admin
Object: CN=OSsvc
Object Default Name
OSsvc
Object Type
User
Not LC User
Member of
OpenScape Service
Child Domain2\OpenScape Service
User Domain1\OpenScape Service
OpenScape User
RTCDomainUserAdmins
Administrators (local on OS, MCU, MS, RD)
RTC Server Applications (local on RD server)
IIS_WPG (local on OS server)
Object: CN=OSWeb
Object Default Name
OSWeb
Object Type
User
Not LC User
Member of
OpenScape User
OpenScape Service
IIS_WPG (local on OS server
Object: CN=<systemID>OSRTP
Object Default Name
<systemID>OSRTP
Object Type
User
SIP-enabled LC
User
A31003-S5020-S100-1-7620, July 2004

Member of
OpenScape User
D-3
5454AppD.fm

Object: CN=<systemID>OSUNS
Object Default Name
<systemID>OSUNS
Object Type
User
SIP-enabled LC
User
Member of
OpenScape User
OpenScape Service
Administrators (local on OS server)
Object: CN=<osinstaller>
Object Default Name
Object Type
any but should be a pre- User

existing user
Member of
Domain Users
OpenScape Admin
OpenScape Service
RTCDomainUserAdmins
Administrators (local on OS, SQL, MCU, MS,
RD, TFA)
Object: CN=<systemID>SiemensCR
Object Default Name
Object Type
Member of
<systemID>SiemensCR User - SIP-enabled OpenScape User
Object: CN=<systemID>CRDirect
Object Default Name
<systemID>CRDirect
Object Type
Member of
User - SIP-enabled OpenScape User
Object: CN=<systemID>CRForward
Object Default Name
Object Type
Member of
<systemID>CRForward User - SIP-enabled OpenScape User
Object: CN=<systemID>SiemensIC
Object Default Name
<systemID>SiemensIC
D-4
Object Type
Member of
User - SIP-enabled OpenScape User

A31003-S5020-S100-1-7620, July 2004
5454AppD.fm
D.2.2

Permissions
Object: OpenScape User

Object type: Group
Permissions
Trustee
Full Control
OpenScape Service
Full Control
OpenScape Admin
Object: OpenScape Admin

Object type: Group
Permissions
Full Control
Trustee
OpenScape Service
Object: OSsvc
Object type: User
Permissions
Read/Write Access to all its properties
D.2.3
Trustee
OSsvc
OpenScape Admin group is given the following access on the Domain-DNS object:
A31003-S5020-S100-1-7620, July 2004

D-5
5454AppD.fm

Read Permissions on SiemensOSPropertySet (not set for EDM Mode)
D.2.4
Permissions on the Service Connection Point (Child of Computer

Object for Computers Hosting OpenScape Core, RD, TFA)
The following Service Connection Point is created: Siemens OpenScape

Object CN=Siemens OpenScape
Permissions
Trustee
Read Access, Read Access to all child objects Authenticated Users

Full Control
D.2.5
OpenScape Service group

<osinstaller> user
Permissions on the EDM Server
The following Service Connection Point is created: Siemens OpenScape

Object CN=Siemens OpenScape
Permissions
Trustee
Read Access, Read Access to all child objects Authenticated Users

Object CN=<EDM Server>
Permissions
Full Control
D.2.6
Trustee

<osinstaller> user
Access Rights to the OpenScape Database
The OpenScape service group and OpenScape Admin group are provided db owner privileges.
The OpenScape User group has read permissions on the OpenScape databases.
D.2.7
Access Rights on the WMI CIM Repository (for servers hosting

OpenScape Core, RD, TFA, EDM, MCU, MS)
Some OpenScape settings are stored in the Windows Management Instrumentation (WMI)
Common Information Model (CIM) repository, therefore:
The following namespace is created: Root\Siemens\RTCB
Namespace: Root\Siemens\RTCB
D-6
A31003-S5020-S100-1-7620, July 2004

5454AppD.fm

Child Domains Containing User Objects Only
Permissions
Trustee
Full Control

OpenScape Admin group
Deny inherited rights
Everyone
Namespace: Root\CimV2
Permissions
Trustee
Full Control

OpenScape Admin group
D.3
D.3.1
Accounts and Groups

Object Default Name
OpenScape Service
D.3.2
Object Type
Group - Domain
Local
Members
Member of
Child Domain1\OSsvc Domain Users

Child Domain2\OSsvc
A31003-S5020-S100-1-7620, July 2004

D-7
5454AppD.fm

D-8
A31003-S5020-S100-1-7620, July 2004

5454secu.fm
IPSec Security Settings
Overview
This appendix provides information and instructions about securing the communication between servers with Windows IPSec configured on the servers. It provides an authentication
"white list" to ensure that network messages are accepted only from configured servers, i.e. to
ensure that they do not come from an unauthorized endpoint. IPSec also provides privacy and
integrity-checking for network messages.
E.1
Overview
The procedures involve:
Setting up a custom MMC console
Creating a new IPSec policy
The IPSec policy involves securing communication between servers. OpenScape uses the IP
Security (IP Sec) Protocol provided by Windows 2000 and above. IPSec is used between the
following servers (refer to Table E-1 on page E-2 for list of supported configurations):
Media Server and the LC Server
Media Server and the OpenScape Server
MCU and the LC Server (if on different machines)
LCS and the OpenScape Server (if on different machines)
MCU and the OpenScape Server (if on different machines)
MC and MP (if on different machines)
LCS and Gateway (if it supports IPSec)
Note: It is not important where the SQL Server is located for the security settings.
>
NOTE: Logon with the <osinstaller> account to perform these IPSec security
settings.
You will be creating IPSec filters from Media Server, LCS, OpenScape and MCU (or MC and
MP) based upon the installation scenario.
A31003-S5020-S100-1-7620, July 2004

E-1
5454secu.fm

Overview
Table E-1 lists the supported OpenScape installation scenarios.

Scenario Machine
A
Machine
B
LCS
OpenScape,
MC, and
MP
Media
Server
LCS,
Media
OpenServe
Scape MC
MP
LCS MC
and MP
Media
Serve
OpenScape
LCS and
OpenScape
Media
Serve
MC and
MP
LCS and
MC
Media
Serve
LCS
Table E-1
E-2
Machine
C
Machine
D
Machine
E
Machine
F
Machine
G
OpenScape
MP
MP (optional)
MP (optional)
MP (optional)
Media
Serve
MC and
OpenScape
MP
MP (optional)
MP (optional)
MP (optional
LCS and
OpenScape
Media
Serve
MC
MP
MP (optional)
MP (optional)
MP (optional)
LCS
Media
Serve
OpenScape
MC
MP
MP (optional)
MP (optional)
Machine
H
MP (optional)
Supported Installation Scenarios
A31003-S5020-S100-1-7620, July 2004

5454secu.fm
E.2

Creating a Custom MMC Console for IPSec Configuration
Creating a Custom MMC Console for IPSec Configuration
To create a custom IPSec configuration MMC snap-in for the local computer, on which IPSec
is being configured:
1.
From the Windows desktop, click Start-> Run, and in the Open textbox, type mmc, then
click OK.
2.
On the Console menu, click Add/Remove Snap-in.
3.
In the Add/Remove Snap-in dialog box, click Add.
4.
In the Add Standalone Snap-in dialog box, click IP Security Policy Management and then
click Add.
5.
Verify that the local computer is selected and click Finish.
6.
On the Add Standalone Snap-in dialog box, click Close.
7.
On the Add/Remove Snap-in dialog box, click OK.
8.
Click the File menu and select Save As
9.
Type a name (Example: IPSecPolicies) and click OK. You will then see the IPSecPolicies
Console Root window.
A31003-S5020-S100-1-7620, July 2004

E-3
5454secu.fm

Creating a New IPSec Policy for Media Server on the Media Server Server Machine
E.3
Creating a New IPSec Policy for Media Server on the Media Server
Server Machine
1.
From the IPSec Configuration MMC console menu, click IP Security Policies on Local
Computer and then click Create IP Security Policy.
2.
On the IPSecurity Policy Wizard welcome screen, click Next.
3.
Enter a name for this policy (required) and description (optional), then click Next.
For example, Name: Siemens OpenScape V2.0 IPSec Policy.
4.
On the Requests for Secure Communication dialog box, uncheck the Activate the default response rule check box and click Next.
5.
On the Completing the IP Security policy wizard dialog box, select the Edit Properties
check box, then click Finish.
6.
On the new policys properties window, click Add.
7.
On the Welcome to the Create IP Security Rule Wizard dialog box, click Next.
8.
On the Tunnel Endpoint dialog box, select This rule does not specify a tunnel, then
click Next.
9.
On the Network Type dialog box, select All network connections, then click Next.
10. Windows 2000 server only. On the Authentication Method dialog box, select Active
Directory default (Kerberos V5 protocol), then click Next. Ignore this step on Windows
2003 server.
11. On the IP Filter List dialog box, click Add.
12. In the Name file, enter a name for the Media Server IP Filter List. Enter a description also
in the Description field.
13. Complete Section E.3.1, Section E.3.2, and Section E.3.3.
14. On the IP Filter List dialog box, select the newly-created filter list that you created in step
12 above, then click Next.
15. On the Filter Action dialog box, select Require Security, then click Next.
16. Windows 2003 server only. On the Authentication Method dialog box, select Active Directory default (Kerberos V5 protocol), then click Next. Ignore this step on Windows
2000 server.
17. On the Completing the New Rule Wizard dialog box, uncheck Edit Properties if it is
checked, then click Finish.
E-4
A31003-S5020-S100-1-7620, July 2004

5454secu.fm

18. On the new policys properties dialog box, select the newly-created filter list that you created in step 12 above.
19. Proceed to Section E.7, Setting the Block Rule, on page E-21 to setup the Block Rule for
the Media Server.
20. Click OK (on Windows 2003 server) or Close (on Windows 2000 server).
21. On the MMC console, right-click the newly-created IPSec security policy and select Assign. This assigns the security policy to the machine and makes it active. Now you should
see Yes under Policy Assigned.
22. Continue to Section E.4 on page E-8.
E.3.1
Media Server to LC Server
1.
Click Add to add a filter.
2.
On the IP Filter Wizard window, click Next.
3.
On Windows 2003 Server, type the description (optional) and keep the Mirrored check box
checked. On Windows 2000, this step is not shown.
4.
On the IP Traffic Source window, select My IP Address from the Source address dropdown menu, then click Next.
5.
On the IP Traffic Destination window, select A specific IP Address from the Destination
Address dropdown menu, and enter the IP address of the LC Server machine in the IP
address field, then click Next.
6.
On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
menu, then click Next.
A31003-S5020-S100-1-7620, July 2004

E-5
5454secu.fm

7.
On the IP Protocol Port window, for source, select From any port. Then select To this
port and enter the trusted port number configured on LCS or 50000 (default). Click
Next.
8.
Click Finish.
9.
Continue to Section E.3.2.
E.3.2
LC Server to Media Server
1.
2.
3.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination Address dropdown menu and enter the IP address of the LC Server machine (refer to Table
3-12 on page 3-8) in the IP address field, then click Next.
5.
On the IP Traffic Destination window, select My IP Address from the Source address
dropdown menu, then click Next.
6.
menu, then click Next).
7.
port and enter 5060 or the port number configured on Media Server for SIP messages
from LCS. Click Next.
8.
Click Finish.
9.
E.3.3
Media Server to License Server (OpenScape)
1.
2.
3.
4.
5.
address dropdown menu. Enter the IP address of the OpenScape Server machine in the
IP Address field, then click Next.
E-6
A31003-S5020-S100-1-7620, July 2004

5454secu.fm

6.
On the IP Protocol Type window, select UDP from the Select a protocol type dropdown
7.
On the IP Protocol Port window, select From any port. Then select To this port and enter
4321 in the blank field for the port number, then click Next.
8.
Click Finish.
9.
Return to step 15 on page E-8.
A31003-S5020-S100-1-7620, July 2004

E-7
5454secu.fm

Creating a New IPSec Policy for LC Server on the LC Server Machine
E.4
Creating a New IPSec Policy for LC Server on the LC Server

Machine
1.
Repeat steps 1 to 11 on page E-4.
2.
In the Name file, enter a name for the LC Server IP Filter List. Enter a description also in
the Description field.
3.
Complete Section E.4.1 and Section E.4.2.
4.
If LCS and MCU are on separate servers, then complete Section E.4.3 and Section E.4.4;
otherwise, go to next step.
5.
If LCS and OpenScape are on separate servers, then complete Section E.4.5; otherwise,
go to next step.
6.
Click OK (on Windows 2003 server) or Close (on Windows 2000 server).
7.
On the IP Filter List dialog box, select the newly-created filter list that you created in step
8.
On the Filter Action dialog box, select Require Security, then click Next.
9.
Windows 2003 server only. On the Authentication Method dialog box, select Active Directory default (Kerberos V5 protocol), then click Next. Ignore this step on Windows
2000 server.
the LC Server.
13. If you do not have a gateway in your setup, skip this step. Otherwise, if the gateway does
not support IPSec (Vegastream, Mediatrix), proceed to Section E.4.7 on page E-12; if it
does, proceed to Section E.4.6 on page E-11.
E-8
A31003-S5020-S100-1-7620, July 2004

5454secu.fm

E.4.1
LCS to Media Server
1.
2.
3.
4.
5.
Address dropdown menu and enter the IP address of the Media Server machine (refer to
Table 3-12 on page 3-8), then click Next.
6.
7.
port and enter 5060 or the port number configured on Media Server for SIP messages
from LCS. Click Next.
8.
Click Finish.
9.
E.4.2
Media Server to LCS
1.
2.
3.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination Address dropdown menu and enter the IP address of the Media Server Machine (refer to Table 3-12 on page 3-8), then click Next.
5.
6.
7.
the trusted port number configured on LCS or 50000 (default). Click Next.
8.
Click Finish.
A31003-S5020-S100-1-7620, July 2004

E-9
5454secu.fm

9.
E.4.3
>
LCS to MCU
This section and Section E.4.4 only apply if the LCS and MCU are on separate machines.
1.
2.
3.
4.
5.
address dropdown menu. Enter the IP address of the MCU Server machine (refer to Table
3-12 on page 3-8) in the IP Address field, then click Next.
6.
7.
5060 or the port number configured on the MCU server for SIP messages from LCS.
Click Next.
8.
Click Finish.
9.
E.4.4
MCU to LCS
1.
2.
3.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the MCU Server machine in the IP Address field, then click Next.
5.
E-10
A31003-S5020-S100-1-7620, July 2004

5454secu.fm

6.
7.
8.
Click Finish.
9.
E.4.5
>
LCS to B2BUA (OpenScape Server)

This section only applies if the LCS and OpenScape Server are on separate machines.
1.
2.
3.
4.
5.
address dropdown menu. Enter the IP address of the OpenScape Server machine in the
IP Address field, then click Next.
6.
7.
21020 or the port number configured for B2BUA. Click Next.
8.
Click Finish.
9.
E.4.6
LCS to a Gateway that supports IPSec
This procedure applies only when you are using a gateway that supports IPSec. Ensure to setup IPSec on the gateway by referring to the gateway manufacturers documentation.
Do not perform this step If you do not have a gateway in your setup or if your gateway does not
support IPSec.
A31003-S5020-S100-1-7620, July 2004

E-11
5454secu.fm

1.
From LCS: Click Add to add a filter.
2.
3.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the gateway in the IP Address field, then
click Next.
5.
6.
7.
8.
Click Finish.
9.
E.4.7
LCS to a Gateway that does not support IPSec
This procedure is required for gateways that does not support IPSec like Vegastream and Mediatrix. This filter allows a Gateway to connect to LCS trusted port in spite of setting the Block
Rule (Section E.7) that blocks connections to this port from any other IP addresses other than
OpenScape, MCU and Media Server.
1.
After adding the block rule from step 12 on page E-8, click Add.
2.
On the Security Rule Wizard window, click Next.
3.
On the Tunnel Endpoint window, select This rule does not specify a tunnel, then click
Next.
4.
On the Network Type window, select All network connections, then click Next.
5.
For Windows 2000 server only: Select Active Directory default (Kerberos V5 protocol), then click Next. This step does not appear on a Windows 2003 server
6.
On the IP Filter List window, click Add.
7.
On the next IP Filter List window, enter Allow Gateway in the Name field. Enter a description of the new IP filter in the Description field. Then click Add.
8.
On the IP Filter Wizard welcome window, click Next.
E-12
A31003-S5020-S100-1-7620, July 2004

5454secu.fm

9.
10. On the IP Traffic Source window, select A specific IP Address from the Source address
dropdown menu, then enter the IP Address of the Gateway. Click Next.
11. On the IP Traffic Destination window, select My IP Address from the Destination address dropdown menu and click Next.
12. On the IP Protocol Type window, select TCP from the Select a protocol type dropdown
13. On the IP Protocol Port window, select From any port Then select To this port and enter
the trusted port number of the LC server. Click Next.
14. Click Finish.
16. Check the newly-created IP Filter List radio button, Allow Gateway and click Next.
17. On the Filter Action window, select the Permit radio button and click Next.
18. Uncheck Edit Properties if it is checked and click Finish.
19. Check Allow Gateway, then click Next.
20. On the Filter Action window, select Permit, then click Next.
21. Uncheck Edit Properties if checked, then click Finish.
22. On the Properties window, check Allow Gateway if not already done.
24. Return to step 15 on page E-8.
A31003-S5020-S100-1-7620, July 2004

E-13
5454secu.fm

Creating a New IPSec Policy for OpenScape on the OpenScape Server Machine
E.5
Creating a New IPSec Policy for OpenScape on the OpenScape

Server Machine
1.
2.
In the Name file, enter a name for the OpenScape IP Filter List. Enter a description also in
the Description field.
3.
Complete Section E.5.1.
4.
If OpenScape and LCS are on separate servers, then complete Section E.5.2; otherwise,
skip to next step.
5.
If OpenScape and MCU are on separate servers, then complete Section E.5.3; otherwise,
skip to next step.
6.
7.
8.
9.
2000 server.
the OpenScape Server.
E.5.1
License Server (OpenScape) to Media Server
1.
2.
E-14
A31003-S5020-S100-1-7620, July 2004

5454secu.fm

3.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the Media Server machine (refer to Table
5.
6.
7.
4321 in the blank field for the port number, then click Next.
8.
Click Finish.
9.
E.5.2
>
B2BUA (OpenScape Server) to the LCS

This section only applies if the LCS and OpenScape Server are on separate machines.
1.
2.
3.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the OpenScape Server machine (refer to
Table 3-12 on page 3-8) in the IP Address field, then click Next.
5.
6.
7.
the LCS trusted port number or 50000 (default). Click Next.
8.
Click Finish.
9.
A31003-S5020-S100-1-7620, July 2004

E-15
5454secu.fm

E.5.3
>
License Server (OpenScape) to MCU

This section only applies if the MCU and OpenScape Server are on separate machines.
1.
2.
3.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the MCU Server (refer to Table 3-12 on
page 3-8) machine in the IP Address field, then click Next.
5.
6.
7.
4321. Click Next.
8.
Click Finish.
9.
E-16
A31003-S5020-S100-1-7620, July 2004

5454secu.fm
E.6

Creating a New IPSec Policy for MCU on MCU Server Machine
1.
2.
In the Name file, enter a name for the MCU IP Filter List. Enter a description also in the
Description field.
3.
If MCU and LCS are on separate servers, then complete Section E.6.1 and Section E.6.2;
otherwise, skip to next step.
4.
If MCU and OpenScape are on separate servers, then complete Section E.6.3; otherwise,
skip to next step.
5.
If MC and MP are on separate servers, then complete Section E.6.4 and Section E.6.5;
otherwise, skip to next step.
6.
7.
8.
9.
2000 server.
the MCU Server.
15. Continue to the next chapter.
E.6.1
>
MCU to LCS
This section and Section E.6.2 only apply if the LCS and MCU are on separate machines.
A31003-S5020-S100-1-7620, July 2004

E-17
5454secu.fm

1.
2.
3.
4.
5.
address dropdown menu. Enter the IP address of the LC Server machine (refer to Table
6.
7.
8.
Click Finish.
9.
E.6.2
LCS to MCU
1.
2.
3.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the LC Server machine in the IP Address
field, then click Next.
5.
6.
7.
5060 or the port number configured on the MCU for SIP messages from LCS. Click
Next.
8.
Click Finish.
9.
E-18
A31003-S5020-S100-1-7620, July 2004

5454secu.fm
E.6.3
>

MCU to License Server (OpenScape)

This section only applies if OpenScape and MCU are on separate machines.
1.
2.
3.
4.
5.
address dropdown menu. Enter the IP address of the OpenScape Server machine (refer
to Table 3-12 on page 3-8) in the IP Address field, then click Next.
6.
7.
4321. Click Next.
8.
Click Finish.
9.
E.6.4
>
MC to MP
This section and Section E.6.5 only apply if the MC and MP are on separate machines.
1.
From MC: Click Add to add a filter.
2.
3.
4.
On the IP Traffic Source window, select A specific IP Address from the Destination address dropdown menu. Enter the IP address of the MP machine (refer to Table 3-12 on
page 3-8) in the IP Address field, then click Next.
5.
A31003-S5020-S100-1-7620, July 2004

E-19
5454secu.fm

6.
7.
2945. Click Next.
8.
Click Finish.
9.
E.6.5
MP to MC
1.
From each MP: Click Add to add a filter.
2.
3.
4.
5.
address dropdown menu. Enter the IP address of the MC machine (refer to Table 3-12 on
page 3-8) in the IP Address field, then click Next.
6.
7.
2945. Click Next.
8.
Click Finish.
9.
E-20
A31003-S5020-S100-1-7620, July 2004

5454secu.fm
E.7

Setting the Block Rule
This mandatory configuration step must be performed to secure the trusted port of the LC Server on the LC server machine, B2BUA and license server ports on the OpenScape server machine, MCU and MEGACO ports on MCU server machine, and the Media Server port on the
Media Server machine. If this mandatory step is not performed, the LC server, B2BUA, and Media Server will be open to security breaches. This rule is set only for the Media Server, LCS,
OpenScape and MCU after the filters are set for those machines.
Complete the block rule for the specified server:
1.
After selecting the newly-created filter list, click Add.
2.
On the Security Rule Wizard welcome window, click Next.
3.
On the Tunnel Endpoint window, select This rule does not specify a tunnel, then click
Next.
4.
On the Network Type window, select All network connections, then click Next.
5.
For Windows 2000 server only: Select Active Directory default (Kerberos V5 protocol), then click Next. This step does not appear on a Windows 2003 server.
6.
On the IP Filter List window, click Add. Then in the new window, enter Block Port as the
name of the IP Filter List. Then click Add.
7.
On the IP Filter Wizard welcome window, click Next.
8.
For Windows 2003 Server only: Enter the description (optional) and keep the Mirrored
check box checked. On Windows 2000, this step is not shown.
9.
On the IP Traffic Source window, select Any IP Address from the Source address dropdown menu, then click Next.
10. On the IP Traffic Destination window, select My IP Address from the Destination address drop down menu, then click Next.
11. On the IP Protocol Type window, select port type from Table E-2 depending on the application, then click Next.
A31003-S5020-S100-1-7620, July 2004

E-21
5454secu.fm

12. On the IP Protocol Port window, select From any port. Then select To this port and enter
the port number in Table E-2 depending on the application. Click Next.
Application (Server Machine)
Port Number
(refer to Table 3-13 on page 3-9)
Port Type
LC server machine
Trusted port # on LCS (50000)
TCP
B2BUA (OpenScape)
Port # configured on B2BUA for SIP messages from LCS (default is 21020)
TCP
License Server (OpenScape) See note below
Port # configured for License Server (default

is 4321)
UDP
Media Server
Port #r configured on Media Server to receive

SIP messages from LCS (default is 5060)
TCP
MCU (MCU)
Port # configured on MCU to receive SIP messages from MC (default is 5060)
TCP
MCU (MCU)
2945 (MEGACO port)
TCP
Table E-2
Port Number Allocation
13. Click Finish.

14. If two or more applications mentioned in Table E-2 are on the same server machine then
repeat steps 7 to 13 for those applications. NOTE: A block rule must be set for each of
these applications.
16. Select Block Port, then click Next.
17. In the Filter Action window, click Add.
18. On the Filter Action Wizard welcome window, click Next.
19. On the Filter Action Name window, enter Block in the Name field, then click Next.
20. On the Filter Action General Options window, select Block, then click Next.
21. Click Finish.
22. On the Filter Action window, select the newly-created Block, then click Next.
23. On Completing the New Rule WIzard window, uncheck Edit Properties if it is checked,
then click Finish.
24. On the Properties window, check the newly-created Block Port checkbox if not already
done.
26. Return to the section that asked to do this block rule.
E-22
A31003-S5020-S100-1-7620, July 2004

5454AppF.fm
OpenScape Installation - Tools, Utilities and Hints
CheckSPN
This appendix describes the tools, utilities, and hints used to install OpenScape.
F.1
CheckSPN
CheckSPN is a utility that is available through LCS Administration tools. This utility may be used
to verify the Service Principal Name (SPN) for the system. If the SPN for a system is not registered, Kerberos communication is not possible.
To access this utility, installing the LCS Administration tools from the LCS package.
Additional information on this utility is available in the CheckSPNReadme in the Resource Kit.
F.2
MSMQ
To confirm that the Microsoft Messaging Queue Service (MSMQ) is running:

1.
In Control Panel, open Add or Remove Programs.
2.
Click Add/Remove Windows Components.
3.
Click Application Server and click Details.
4.
Verify that the status of the Message Queuing service is Started.
F.3
OpenScape RTC Tool
This GUI-based tool allows users to configure the desired RTC Settings without the need to go
into the RTC CIM repository directly. This tool should be run ONLY on those machines which
has the Microsoft Live Communications Server installed on them.
A31003-S5020-S100-1-7620, July 2004
F-1
5454AppF.fm

OpenScape RTC Tool
USAGE:
This tool provides you with the following 8 options for perform various configuration tasks on
your LCS.
F.3.1
Display Current RTC Configuration
This option will only display the necessary RTC configuration settings that are already existing
on your LCS system. It will not create or update any settings as such. From this, you can analyze if you have the correct settings or not. If required you can copy the results from the output
screen and save it in a file for reference purposes. On the bottom of the screen youll see the
Results section which says what all settings are appropriate for OpenScape to function properly. Note: By default this tool takes the port as 50000. So, if you see a FAILED * message
succeeding it, that even though you have created a B2B communication port, it is okay, as you
can have a different non 50000 port configured on your system for OpenScape usage.
F.3.2
Create new RTC Port
This option will create a new port on your LCS so that your applications can communicate with
the LCS on that port. The screen looks like this:
F-2
A31003-S5020-S100-1-7620, July 2004

5454AppF.fm

OpenScape RTC Tool
By default, the port value is set to 50000, which you can change as desired. Selecting the
Trusted or Un-trusted option will create this port as Trusted or Un-Trusted, respectively.
F.3.3
Set RTC Port Trusted/un-Trusted
This option will only set an already existing RTC port to Trusted or Un-Trusted as desired.
Note: This will not create a new RTC port.
F.3.4
Create new Static Route
This option will create a new Static Route based on the information as provided in the fields on
the following screen:
A31003-S5020-S100-1-7620, July 2004

F-3
5454AppF.fm

OpenScape RTC Tool
Here the default port value has been set as 5060 but you can change it to whatever you need
top set it to. Match Uri is required in the format sip:. E.g. sip:*@siemens.com because this
will be the match pattern, and Next Hop is the FQDN of the domain or machine-name.fullyqualified-domain i.e. the destination where all messages that match the pattern set in the
Match Uri to this address.
F.3.5
Set Static Route Trusted/un-Trusted
This option will not create any new Static Routes; instead will only set an already existing Static
Route to Trusted or un-Trusted as desired. This task you can perform from the screen as displayed below:
F-4
A31003-S5020-S100-1-7620, July 2004

5454AppF.fm
F.3.6

OpenScape RTC Tool
Create Application Uri
This option will help you create an new Application Uri as desired. For doing so, you will need
to provide all the information as requested in the fields as shown in the screen below:
Click Browse to browse though your system file system to get the file and location that you
may want to provide in the Script Path. This is not a mandatory field as you can have Application Uris that dont need a routing (i.e. a .am) script.
F.3.7
Re-Sequence Application Priority
This option will display a question dialog box confirming to you if you really perform the re-sequence operation or not.
Click Yes to re-sequence operation on the Siemens Routing Dispatcher specific Application
Uri that already exists on your LCS system. By re-sequence, it means that it will push the Application Uri entry for Siemens Routing Dispatcher to the top of the Application Priority list in
the LCS CIM tables. This will enable all messages (for which the application or service has registered for) to be first presented to the application which has used this Application Uri to register
with the LCS. Click No to not do any re-sequence operation.
F.3.8
Configure All OpenScape Specific RTC Settings
This option will help you configure setting on the LCS as required by OpenScape to function
properly. Only those fields for which information has been supplied by the user, those specific
settings will be performed. No other setting will be performed apart from that. This will be notified to the user in a message box in the form of a WARNING also. That way the user performing
this operation will know what all settings were done and what not. By default a few fields will be
A31003-S5020-S100-1-7620, July 2004
F-5
5454AppF.fm

OpenScape Scripting Framework
filled with default values. You can change them as desired. Note: When you have keyed in the
gateway names and/or the dial plan information, you must click + located on the right side of
the list to add it to that list. Without doing so, the Static Routes for that particular gateway will
not be created. Same case for the Global RTC Domain settings information, you must add it to
the list first and then click Perform RTC Configuration.
The screen for performing this task will look as shown in the figure below:
Click Clear to clear all contents from all fields as displayed on this screen. It will also delete and
empty the lists that you might have filled with the gateway or Global RTC Domain information.
F.4
The OpenScape Scripting Framework provides a way to add multiple users to Active Directory,
and configure and enable them as Live Communications users. Additionally, Live Communications users can be automatically converted into OpenScape users with the OpenScape Scripting Framework.
Additional administration scripts are included with the OpenScape Scripting Framework, but
are not described in this document. Refer to the documentation inside the tool.
Installation
The OpenScape Scripting Framework tool is installed during OpenScape installation and is located in the \Siemens\OpenScape\tools folder, under ScriptingFW.
F-6
A31003-S5020-S100-1-7620, July 2004

5454AppF.fm

To launch the tool, double click OSScriptingFW.hta.

Recommendations
The tool should be run by a Domain Administrator, or a user with permissions to read and
modify Active Directory and the OpenScape Database.
The tool should be run on the OpenScape server.
Running the OpenScape Scripting Framework
F.4.1
Adding Users
1.
Double-click OSScriptingFW.hta.
2.
In the drop-down box labeled Categories, select OpenScape User Management.
3.
In the field labeled Tasks, select Create LCS Users.
4.
The following screen will appear.
Enter Script Parameters:
numUsers the number of user you wish to create.
OU the Organizational Unit the users will be added to.
sAMAccountName the base account name for the users (account names are indexed from 1 to number).
A31003-S5020-S100-1-7620, July 2004

F-7
5454AppF.fm

telephoneNumber the base telephone number must contain only numeric digits.
lcServer the host name of the LC server.
5.
Verify that the data you entered is correct, then click Run Command. The following screen
will appear.
6.
You may verify that the users were created by opening Active Directory Users and Computers, expand the node representing your domain, and clicking on the newly created Organizational Unit.
F.4.2
Converting LCS Users to OpenScape Users
1.
In the drop-down box labeled Categories, select OpenScape User Management.
2.
In the field labeled Tasks, select Create LCS Users.
3.
F-8
A31003-S5020-S100-1-7620, July 2004

5454AppF.fm

Enter Script Parameters:
4.
ou the Organizational Unit containing the LC users to be converted. If not child of

current domain partition, then OU must be fully qualified name.
systemID the System ID of the OpenScape server the users will be assigned to.
numericID the base OpenScape Numeric ID (5 to 12 digits). Be sure that any number in this range does not yet exist in the database.
extension (optional) the base extension number used to build the Extension secondary AOR.
did (optional) the base DID number used to build the DID secondary AOR.
Verify that the data you entered is correct, then click Run Command. The following screen
will appear.
A31003-S5020-S100-1-7620, July 2004

F-9
5454AppF.fm

5.
To verify that the users were created, check the current list of OpenScape Users in Siemens OpenScape Management Console.
The Convert To OpenScape Users script can be used to convert any properly configured,
LCS enabled user into an OpenScape user by using the instructions described above. This provides system administrators with the convenience of converting large numbers of LCS enabled
users to OpenScape users quickly and automatically.
F.4.3
Displaying OpenScape Components on a Server or in a Domain
1.
In the Categories drop-down menu, select OpenScape User Management.
2.
In the Tasks field, select Create LCS Users.
3.
F-10
A31003-S5020-S100-1-7620, July 2004

5454AppF.fm

4.
Verify that the data you entered is correct, then click Run Command.
5.
The following screen appears. Note the output contains the type, distinguished name in Active Directory, fully qualified hostname and version number. Depending on the type more
information is displayed such as the SystemID and SQL Server location for the OpenScape
Core Server.
A31003-S5020-S100-1-7620, July 2004

F-11
5454AppF.fm

Enter Script Parameters (all optional but at least one must be checked):
Core - check if OpenScape Servers should be searched.
RD - check if OpenScape Routing Dispatcher Servers should be searched.
TFA - check if OpenScape Trace File Accumulators should be searched.
EDM - check if OpenScape Early Deployment Server should be searched.
domain - check if search should be conducted in the whole current domain.
hostname - search only on a specific host. Host must be in current domain. Overwrites domain checkbox. Default is localhost.
NOTE: This version does not display Media Servers or MCUs.
F-12
A31003-S5020-S100-1-7620, July 2004

5454AppF.fm
F.5

SOS Script Tool for Serviceability Support
SOS Script Tool for Serviceability Support
To help serviceability, this tool provides snap shot information at any time. All necessary information is preserved in a text file.
This snap shot information can be used to verify prerequisites before deploying / installing the
OpenScape application or to confirm correct installation and configuration when problems are
encountered at a later time.
This information does not need to address the internal problems and errors of the OpenScape
application, which are to be addressed by the error reporting or trace facility as developed by
the project. These error reports provide more detail and accurate information for the internal
problems of the applications.
The tool is automatically installed as part of the OpenScape main installation. For details on
how to use this tool, refer to the SOS Script Tool for Serviceability Support document located
on the KMOSS website - document # INF-04-000232.
F.6
Different Storages of User Information
In HiPath OpenScape V2, the user information is stored in three different places, whereas, in
V1, it was only stored in the OpenScape Core MSSQL database.
In V1 and V2, HiPath OpenScape uses LCS and Windows user information from Active Directory.
F.6.1
HiPath OpenScape Core MSSQL Database XpSystem
As in V1, the HiPath OpenScape Core MSSQL database, XpSystem, contains the main user
information stored in these two tables:
XpUser
XpUserDynamic
These tables are synchronized by a HiPath OpenScape Active Directory Connector residing on
the OpenScape Server.
To access the XpSystem database, use Microsoft SQL Enterprise Manager and connect to the
SQL instance dedicated for HiPath OpenScape. By default the default instance is used.
F.6.2
User Attributes in Active Directory
In addition to the LCS user information Active Directory now also stores HiPath OpenScape
user information. A detailed description of the schema extension can be found in Chapter 5,
Active Directory Reference.
A31003-S5020-S100-1-7620, July 2004

F-13
5454AppF.fm

The main HiPath OpenScape user attributes in Active Directory are:
siemensOSSecondaryAOR: users secondary addresses of record
siemensOSHomeServer: the HiPath OpenScape server the user is homed at
siemensOSEnabled: indicates whether the user is enabled for HiPath OpenScape
siemensOSDevices: stores the mac addresses of the devices assigned to a user
siemensOSRequiredData: user data required to recreate user in DB restore cases
The main LCS user attributes in Active Directory used by HiPath OpenScape are:
msRTCSIP-PrimaryUserAddress: users primary address of record
msRTCSIP-PrimaryHomeServer: the LC server (or pool) the user is homed at
msRTCSIP-UserEnabled: indicates whether the user is enabled for LCS
The main Windows user attributes in Active Directory used by HiPath OpenScape are:
displayName: users display name
mail: users email address
telephoneNumber: users telephone number
samAccountName: users windows account name
msExchHomeServerName: users exchange server
Note: Running HiPath OpenScape in Early Deployment Mode (EDM) does not require a Active
Directory schema extension. For more details, see Chapter 6, Setting up OpenScape in Early
Deployment Mode (EDM).
F.6.2.1
Viewing These User Attributes
These Active Directory user attributes can be best viewed using ADSI Edit or LDP.exe. Both
tools are known as the Support Tools and are available on the Windows Server 2000 or Windows Server 2003 operating system CD in the \ENGLISH\WIN2003\ENT\SUPPORT\TOOLS
folder. Install the support tools by running SUPTOOLS.MSI (Support.cab in some versions).
Using ADSI Edit:
1.
Add the ADSI Edit snap-in into MMC, or just run adsiedit.msc.
2.
Connect to your Domain (local domain is the default).
3.
Expand Domain, your Domain (e.g. DC=deep,DC=sea,DC=com) and the Users folder.
4.
Choose a user object, right-click and select Properties.
5.
Scroll down until the attributes starting with siemens appear.
F-14
A31003-S5020-S100-1-7620, July 2004

5454AppF.fm

Using LDP:
1.
Logon to the domain controller with the <osinstaller> account.
2.
Start Ldp.exe which should be found at C:\Program Files\Support Tools\LDP.exe.
3.
On the Connection menu, click Connect and enter the domain (e.g. deep.sea.com) and
then click OK.
4.
On the Connection menu, click Bind and then click OK. This will use the default credentials of the logged in user. If not logged in with <osinstaller> or Domain Admin, enter the
<osinstaller> account information.
5.
On the View menu, click Tree, and then click OK.
6.
In the left pane, browse to the desired user and view its attributes in the right pane.
F.6.2.2
Viewing these User Attributes in EDM mode
In EDM mode the user attributes are stored in ADAM. The ADAM schema is created as part of
the EDM installation.
A31003-S5020-S100-1-7620, July 2004

F-15
5454AppF.fm

LDP.exe usage is identical when connecting to AD or ADAM. To connect to ADAM specify the
ADAM server to connect to and bind using the <osinstaller> account.
As part of the ADAM installation ADAM ADSI Edit is installed that is equivalent to ADSI Edit
but used with ADAM. Refer to ADAM documentation for more details on ADAM ADSI Edit. Connect with <osinstaller> privileges.
F.6.3
HiPath OpenScape Tables in LCS (RTC) MSDE Database
The HiPath OpenScape Routing Dispatcher which is installed on a LC server uses five database tables that are created in the LCS (RTC) MSDE database RTC. The tables are:
OsUsers
OsHomeServer
OsAorConflicts
OsAor
OsAdcReplicationCookie
These tables are used by the RD for routing purposes and mainly contain a mapping from a
SIP URI to a HiPath OpenScape server. These tables are synchronized by a HiPath OpenScape Active Directory Connector residing on the LC server.
F.6.3.1
Accessing this Database
By default the LCS MSDE instance is named RTC. HiPath OpenScape requires the LC instance to be named RTC.
>
F-16
Note: If LCS runs on a computer with no MSSQL installed, the Client Tools Only
needs to be installed. From the MSSQL standard or enterprise edition CD, select
SQL Server 2000 Components -> Install Database Server. Go through the initial install screens until you see the following screen and select Client Tools Only. Go
through the remaining install screens and install the client tools.
A31003-S5020-S100-1-7620, July 2004

5454AppF.fm

To connect to the RTC database open SQL Server Enterprise Manager and do the following:
1.
Expand Microsoft SQL Servers.
2.
Right-click SQL Server Group and select New SQL Server Registration.
3.
Click Next on the first pop-up window.
4.
On the Register SQL Server Wizard screen, under Available servers enter the RTC
server database (i.e. computer_name\RTC). If RTC runs on the local computer, enter (LOCAL)\RTC.
5.
Then click Add, then Next.
6.
On the next two windows, click Next and then Finish.
A31003-S5020-S100-1-7620, July 2004

F-17
5454AppF.fm

ConvertAdmins
7.
You should now be able to navigate to the RTC database and see the above mentioned
tables.
>
F.7
Note: By default, LCS disables connecting the LCS MSDE database remotely.
Therefore, logon to the LC Server and use (local)RTC to connect to the database.
ConvertAdmins
This tool allow members of protected groups in Active Directory to be OpenScape Users.
The protected groups in Active Directory are:
Administrators
Account Operators
Server Operators
Print Operators
Backup Operators
Domain Admins
Schema Admins
Enterprise Admins
Cert Publishers
The members of these groups or users who were once a member of these groups have their
AdminCount set as 1.
For further details please refer to http://support.microsoft.com/default.aspx?kbid=817433.
F-18
A31003-S5020-S100-1-7620, July 2004

5454AppF.fm
F.7.1

ConvertAdmins
Usage
/? Help
/L The full path of the log file, if logging is desired.
/TRUSTEE The name of the trustee to be given permissions (recommended OpenScape Admin). The format is domain\user. E.g. if the domain name is DEV the switch would be /TRUSTEE DEV\OpenScape Admin
/SQLSERVER The name of the SQL Server to read the list of OpenScape users. E.g. if the
name of the SQL Server host is SQLServ1, and the default instance is used (MSSQLSERVER),
the switch would be /SQLSEVER SQLServ1. If a named instance is used, say OSInstance1,
the switch would be /SQLSEVER SQLServ1\OSInstance1
/USERS A comma separated list of users. If this list is provided, the /SQLSERVER switch is
ignored, and the users are read from the user list. The format of the users should be in the domain\user format. E.g if user1, user2 and user3 in the DEV domain are members of protected
groups and need to be OpenScape users, the switch would be /USERS
DEV\user1,DEV2\user2,DEV\user3.
/M Represents the Mode. The user list can be provided using the /USERS switch or the users
can be read from the SQL database by providing the /SQLSERVER switch. Can have one of
the following values:
DISPLAY Providing this mode will display all users that are members of protected
groups.
A31003-S5020-S100-1-7620, July 2004

F-19
5454AppF.fm

ConvertAdmins
DELETE Delete all users from OpenScape database (valid only with the /SQLSERVER
switch)
ADDACE Enables the trustee to read/ write the SiemensPropertySet for such users.
DELACE Removes the ACE setting (to read/ write SiemensPropertySet) from the trustee
for such users.
DISPLAYACE It lists all such users for which the trustee has been given permissions to
read/ write SiemensPropertySet.
F.7.2
1.
Usage Scenarios
Upgrade from OpenScape V1 to V2
OpenScape V1 allowed members of protected groups to be OpenScape users. In OpenScape V2, this is not allowed by default. In order to upgrade from V1 to V2, these users
must be handled in one of the following ways:
a) Adding permissions to read/ write SiemensPropertySet to a trustee (such as the installer account, or the OpenScape Admin group) for these users. (user the /ADDACE
mode, the /SQLSERVER and the /TRUSTEE switches).
b) Deleting these users from OpenScape (use the /DELETE mode, the /SQLSERVER
and the /TRUSTEE switches).
2.
Migration from EDM mode to Production mode
In order to upgrade from EDM to Production mode, the OpenScape users that are members of a protected group must be handled in one of the following ways:
a) Adding permissions to read/ write SiemensPropertySet to a trustee (such as the installer account, or the OpenScape Admin group) for these users. (user the /ADDACE
mode, the /SQLSERVER and the /TRUSTEE switches).
b) Deleting these users from OpenScape (use the /DELETE mode, the /SQLSERVER
and the /TRUSTEE switches).
3.
Before adding new OpenScape users that are members of the protected groups
a) Use the /ADDACE mode, the /TRUSTEE switch and provide the list of users using the
/USERS switch.
4.
The trustee needs to be changed
a) Use /DELACE mode, /SQLSERVER and /TRUSTEE switch to provide the old trustee
name.
b) Use the /ADDACE mode, /SQLSERVER and /TRUSTEE switch to provide the new
trustee name.
F-20
A31003-S5020-S100-1-7620, July 2004

licenses.fm
Required Licenses and Software Prerequisites
This appendix provides information about OpenScape licenses.
G.1
CAL = Client Access License

Component
Server License
required?
MS Exchange Server
2000/2003
CALs
required?
CAL License
Type
Quantity
User Mode
1 Server license + 1
CAL/user
Note 1
Yes but none spe- Yes but none

cific to Openspecific to
Scape
OpenScape
MS LCS
Version 1.0.4949
Yes
Yes
Note 1
Active Directory Application Mode (ADAM)

Note 2
No
No
Note 1: If the customer is licensed for Microsoft Exchange under Software Assurance or an
Enterprise Agreement before October 1, 2003, the customer is likely already licensed for Live
Communications Server 2000. Refer to Microsoft for details as licensing provisions are subject to change at Microsofts discretion. Some helpful links are: http://www.microsoft.com/education/?id=livecommservertransition and http://www.microsoft.com/office/livecomm/howtobuy/
default.mspx.
Note 2: Active Directory Application Mode (ADAM) is a part of Microsofts fully integrated
directory services available with Windows Server 2003. ADAM can be downloaded at http://
www.microsoft.com/downloads/details.aspx?FamilyId=9688F8B9-1034-4EF6-A3E52A2A57B5C8E4&displaylang=en.
G.2
Component
Server License
required?
CALs
required?
License Type
Quantity
OpenScape Base
Package
Yes
n/a
User
1 Server license + user license in package of 25
A31003-S5020-S100-1-7620, July 2004

G-1
licenses.fm

OpenScape Administration Clients
Component
Server License
required?
CALs
required?
License Type
Quantity
OpenScape User
Package
n/a
Yes
User
Additional 25 user license

package
No
No
OpenScape
Routing Dispatcher
No. Included in
OpenScape
Base Package
No
n/a
n/a
MS Windows
Server 2003
Standard or Enterprise Edition
Yes
Yes
User Mode
CAL, and
Server Mode
server
1 CAL per user; Server

comes with initial 25
CALs; No CALs required
for Gateway
MS SQL Server
2000 and SP 3
Standard or Enterprise Edition
Yes
No
Processorbased
Note 1
1 Server license only
OpenScape EDM No, included in

OpenScape
Base Package
No
n/a
n/a
Microsoft ADAM
(refer to Note 2 in
Section G.1)
No
n/a
n/a
No
Note 1: Refer to www.microsoft.com/licensing.
G.3
OpenScape Administration Clients
The only license needed per client is MS Windows 2000, MS Windows 2003, or MS XP Professional.
G.4
MCU
Component
Server License
required?
CALs required?
License
Type
Quantity
OpenScape MCU
No. Covered in the Base

OpenScape license for up to
full 288 ports on 4 servers
No
n/a
n/a
G-2
A31003-S5020-S100-1-7620, July 2004

licenses.fm

Routing Dispatcher
Component
Server License
required?
CALs required?
MS Windows Yes. One for each server. Up No. Only one set of
Server 2003
to 4 servers may be required CALs is sufficient to
Standard or Ento support all 288 ports
access all Win200x
terprise Edition
servers
G.5
License
Type
Quantity
Server
Routing Dispatcher
Nothing needed since it is installed on the LC Server.
G.6
Trace File Accumulator (TFA)
TFA requires a Windows 2003 Server or XP license but no CALs required.
G.7
Early Deployment Mode (EDM)
ADAM requires Windows 2003 but no CALs.
G.8
Media Server
Component
OpenScape
Media Server
Server License
required?
CALs required?
No. Included in
No CALs.
Base OpenScape Thirty Media Server
system
ports included but additional ASR/TTS
sessions licenses
may be required
CAL
License
Type
Quantity
n/a
1 ASR/TTS session
is provided in Base
OpenScape package. Up to 29 more
may be purchased.
MS Windows
2000 Advanced
Server + SP4 minimum
Standard Edition
Yes
No. Only one set of

CALs is sufficient to
access all Win200x
servers. Note 3
User
n/a
Speechify TTS
Scansoft V2.0
Yes. Already in
OpenScape
product structure
No
No
n/a
A31003-S5020-S100-1-7620, July 2004

G-3
licenses.fm

End Points
Component
Server License
required?
CALs required?
CAL
License
Type
Quantity
OSR Scansoft
Yes. Already in
OpenScape
product structure
No
n/a
n/a
MSDE 2000 +
SP3
No with purchase
of Win2K Server
No
n/a
n/a
VocalOS
(Vocalocity)
No with purchase
of Win2K Server
No
n/a
n/a
Note 3: According to Microsoft, the fact that no additional CALs are required for the Media
Server is based on the assumption that all access to the Media Server is directed through
OpenScape and LCS. If in the future, we decided to add features to the Media Server that may
enable direct access to it (without going through OpenScape), additional Windows CALs may
be required.
G.9
End Points
End Point
Server License
required?
CALs
required?
CAL
License Type
Quantity
OptiPoint 400
n/a
Already covered
by OpenScape
user license
n/a
n/a
Windows Messenger
Version 5.0
n/a
n/a
n/a
n/a
MS Windows 2000 or
MS Windows XP Professional
n/a
n/a. Part of client

machine
n/a
n/a
G-4
A31003-S5020-S100-1-7620, July 2004

licenses.fm

OpenScape Order Examples
G.10
This section shows three examples of OpenScape V2.0 orders and lists all the required components. The examples include some variations in Microsoft licensing agreements.
Item
Number of OpenScape users; accessible from various endpoints like multiple PCs, SIP phone, voice/self-service portals
150
90
400
Number of conferencing ports
72
30
150
Additional ASR/TTS ports
10
25
Number of ports in SIP Gateway that connects OpenScape to

the customers PBX
48
24
4 x 48
Number of Siemens SIP phones
70
10
100
Software Assurance (SA) for Exchange Agreement)
No
Yes
Yes
Enterprise Agreement
No
No
Yes
OpenScape Basic Package(25 users, including service)
25 user packages
15
Additional ASR ports
10
25
Additional TTS ports
10
25
HiPath OpenScape Design

For the customer specific consulting and creation of the solution design including deployment, test and training concept.
Based on results of analysis phase, the customers requirements will be transformed into a specific solution design.
Hourly
Hourly
Hourly
HiPath OpenScape Integration

For the integration in the customer-specific environment
Hourly
Hourly
Hourly
HiPath OpenScape Training

For the customer specific creation and implementation of customer training which reflects the customers specific solution
implementation
Hourly
Hourly
Hourly
Win2003 Server license for the OpenScape server
LC Server license for the OpenScape server
Customer Configuration
OpenScape Components
HiPath OpenScape Professional Services Packages*
Microsoft Components
A31003-S5020-S100-1-7620, July 2004

G-5
licenses.fm

Item
Win2003 Server license for the MCU Server
Win2000 Advanced Server license for the Media Server, 30

ports included
Processor-based SQL Server 2000 license
Windows server user-mode CALs. With a single CAL, each

user will be able to access any of the Win2000/Win2003 servers from any device
150
90
LCS user-mode CALs (LCS license includes 5 CALs)
145
Exchange 2000/2003, AD and the client licenses for the XP/

Win2K client machines are considered as pre-requisite with no
additional licenses required by OpenScape
Additional Equipment
Vega100 48-channel gateway (service extra)
*Note: For the successful implementation of the HiPath OpenScape project, HiPath OpenScape Professional Services are required (refer to HOSc PS description).
G-6
A31003-S5020-S100-1-7620, July 2004

5454appH.fm
Nur fr den internen Gebrauch Upgrade - Production Mode with Upgrade of Media Server
Pre-Requisites
Upgrade - Production Mode with Upgrade of Media

Server Software
H.1
Pre-Requisites
The domain should be in native mode. If it is in mixed mode, you need to raise its functional
level to native mode (using AD Domains and Trusts snap-in).
It is recommended to prepare Config.XML file before beginning upgrade. The file

should reflect your OpenScape system layout.
H.2
Environment Preparation for Upgrade from V1-SPCR to V2
H.2.1
Forest Preparation
For details on how to do the following steps, refer to Chapter 7, Setting Up a Forest in Production Mode.
Log on as the Schema Admin or the Enterprise Admin.
Copy all the Forest Preparation related files from the CD.
Validate the Forest.
Depending on the validation results, prepare the Forest or continue.
H.2.2
Root Domain Preparation
For details on how to do the following steps, refer to Section 8.7, Root Domain Preparation and
Verification.
Log on as the Root Domain Administrator.
Copy all the Environment Preparation V2 related files from the CD.
Validate the Root domain.
Depending on the validation results, prepare the Root Domain or continue.
H.2.3
Domain Preparation
For details on how to do the following steps, refer to Section 8.8, OpenScape System Domain
Preparation and Verification.
A31003-S5020-S100-1-7620, July 2004
H-1
5454appH.fm
Upgrade - Production Mode with Upgrade of Media Server Software Nur fr den internen GeEnvironment Preparation for Upgrade from V1-SPCR to V2
Log on as the child Domain Administrator of the domain being prepared.
Validate the domain.
Depending on the validation results, prepare the Domain or continue.
>
Note: If there is more than one OpenScape System in the same child domain, the
old OpenScape Service group has to remain as it is for V1 OpenScape to co-exist
with V2 OpenScape. Therefore, the domain prep will automatically rename the old
group to OpenScape Service V1 and copy all its members to the new group.
Only a restart of the remaining V1 systems in the same child domain is required.
H.2.4
Add Domain to Root Domain
For details on how to do the following steps, refer to Section 8.10, Root Domain Membership
and Verification.
Validate the root domain membership.
Depending on the validation results, add the Domain or continue.
H.2.5
System Preparation - OpenScape
For details on how to do the following steps, refer to Section 8.13, OpenScape System Preparation and Verification.
H-2
Before doing the System Preparation, please check the current status of the Forest
and Domains.
Validate the root domain.
Validate the Root Domain Membership.
Edit the Config.xml file (if you did not complete the file as a prerequisite).
Validate the OpenScape System.

A31003-S5020-S100-1-7620, July 2004
5454appH.fm
Nur fr den internen GebrauchUpgrade
- Production Mode with Upgrade of Media Server SoftEnvironment Preparation for Upgrade from V1-SPCR to V2
H.2.6
Depending on the validation results, prepare the System or continue.
System Preparation - RD (LCS Server)
For details on how to do the following steps, refer to Section 8.14, Routing Dispatcher/LCS
System Preparation and Verification.
Log on as the Domain Administrator on the child domain being prepared.
Validate the RDS.
H.2.7
System Preparation - TFA
For details on how to do the following steps, refer to Section 8.17, TFA System Preparation
and Verification.
Validate the TFA.
H.2.8
System Preparation - MCU
This section is only required if MCU resides on a separate Server.

For details on how to do the following steps, refer to Section 8.16, MCU System Preparation
and Verification.
Validate the MCU.
A31003-S5020-S100-1-7620, July 2004

H-3
5454appH.fm
Upgrade - Production Mode with Upgrade of Media Server Software Nur fr den internen GeUpgrade Software
H.3
Upgrade Software
H.3.1
Backup the OpenScape Database
Log on with the installer account created by the system preparation.
Backup the OpenScape DB Using the OMC (use help if needed).
H.3.2
Uninstall OpenScape and keep the Database
Uninstall OpenScape core and OMC.
If OpenScape and MCU are installed on one server, then
H.3.3
Uninstall MCU (refer to Section A.4.5 on page A-6).
Check for Admins as OpenScape Users
In OpenScape V1, we might have some accounts as OpenScape Users that might have the
AdminCount attribute set in Active Directory. These accounts are members of some protected
groups in Active Directory. These accounts are protected for security reasons, and do not inherit the access rights.
These users cannot be upgraded as such from V1-V2.
To successfully upgrade users from V1 to V2, the following options are available:
Remove these admin accounts from OpenScape. This option requires OpenScape Admin
privileges.
1.
Log on as the OS Installer or a member of the OpenScape Admin group on the child domain being prepared.
2.
Copy the ConvertAdmins.exe and Interop.ActiveDS.dll files from the OpenScape EPT
folder on the CD to the OpenScape Server.
3.
4.
On the command line, type
H-4
A31003-S5020-S100-1-7620, July 2004

5454appH.fm
- Production Mode with Upgrade of Media Server SoftUpgrade Software
ConvertAdmins /m DELETE /SQLSERVER <sqlserver> /L <logfile>.
5.
6.
To grant permissions to the OpenScape Admin group and retain these users in OpenScape, follow the instructions below:
1.
Log on as the Domain Administrator of the child domain being prepared.
2.

3.
4.

ConvertAdmins /m ADDACE /SQLSERVER <sqlserver> /L <logfile> /TRUSTEE <Domain>\OpenScape Admin.
5.
The appropriate permissions shall be granted to the OpenScape Admin group for all the
OpenScape users with AdminCount as 1.
6.
H.3.4
Install OpenScape
For details on how to do the following steps, refer to Chapter 9, Installing OpenScape.
To install a new bind, after you removed all old OpenScape applications, make sure
your system is cleaned up:
Check that all Siemens BC files are gone from the C:\Windows\Assembly folder.
Check that all Siemens services are removed.
Install OpenScape Core.
Install OMC.
H.3.5
Uninstall Routing Dispatcher (RTC Extension)
Remove RTC Extension by using the Add/Remove Programs from the Control Panel.
A31003-S5020-S100-1-7620, July 2004

H-5
5454appH.fm
H.3.6
Install Routing Dispatcher
For details on how to do the following steps, refer to Section 9.3, Installing the OpenScape
Routing Dispatcher.
H.3.7
Uninstall MCU (only if installed on a separate Server)
Refer to Section A.4.5, OpenScape MCU Uninstall.
H.3.8
Install MCU (only if installed on a separate Server)
For details please refer to Chapter 12, Installing OpenScape MCU.
H.3.9
Uninstalling ComResponse V1 and V1 Third Party Software
Be sure to be logged on as the user that installed the software before using Add/Remove Programs.
1.
From the Service Control panel, select Siemens HPCR Startup Windows Service and
stop this service. Also select Siemens HPCR StoreEventService Windows Service and
stop this service.
2.
From the Control Panel > Add/Remove Programs:

Remove HiPath ComResponse.
Save the database when prompted (recommended).
3.
From the Control Panel > Add/Remove Programs, remove the following components:
Sun Java 2 Runtime Environment, SE V1.4.1
Realspeak and/or L&H Telecom Realspeak SAPI4 V3...
Microsoft Speech API
SpeaKING Engine SAPI4
HiPath CAP Fault Management V1.0
Microsoft SQL Server Desktop Engine (IWR)
Microsoft Internet Explorer WebControls
.NET Framework 1.1 Hotfix (KB821156)
.NET Framework 1.1
H-6
A31003-S5020-S100-1-7620, July 2004

5454appH.fm
- Production Mode with Upgrade of Media Server SoftUpgrade Software
.NET Framework 1.0 (if installed)

4.
Remove Web Telephony Engine by doing the following:

a) Open a command prompt and go to the C:\Program Files\Web Telephony Engine\ directory.
b) For each ms*.dll in the directory, execute regsvr32 /u <ms*.dll>. For example,
regsvr32 /u MSWTECOM.DLL
regsvr32 /u MSWTESHR.DLL
regsvr32 /u MSWTESNP.DLL
c)
Restart the Media Server computer.
d) Delete the Web Telephony Engine folder and all subfolders located at C:\Program
Files\Web Telephony Engine.
e) From the Control Panel > Add/Remove Programs, remove the Web Telephony Engine
instance.
H.3.10
System Preparation - Media Server
For details on how to do the following steps, refer to Section 8.15, Media Server System Preparation and Verification.
Validate the Media Server.
Depending on the validatIon results, prepare the System or continue.
H.3.11
Pre-installation of the Media Server
Please refer to Chapters 3 and 4 of the Media Server Installation document.
H.3.12
Install Third Party Software
Please refer to Chapter 5 of the Media Server Installation document.
H.3.13

A31003-S5020-S100-1-7620, July 2004
H-7
5454appH.fm
H.3.14
Cleanup Old Groups and Accounts
After upgrading all OpenScape Systems in this domain to V2, the following groups and accounts are no longer needed:
Delete the group and account using the AD Users and Computers Snap-in.
The phones may need to be rebooted after an upgrade is done.
H-8
A31003-S5020-S100-1-7620, July 2004

5454appI.fm
Nur fr den internen GebrauchUpgrade - Production Mode with Re-Install of Media Server
Pre-Requisites
Upgrade - Production Mode with Re-Install of

Media Server PC
I.1
Pre-Requisites

I.2
I.2.1
Forest Preparation
For details on how to do the following steps, refer to Chapter 7, Setting Up a Forest in Production Mode.
Log on as the Schema Admin or the Enterprise Admin.
Copy all the Forest Preparation related files from the CD.
Depending on the validation results, prepare the Forest or continue.
I.2.2
Verification.
I.2.3
Domain Preparation
A31003-S5020-S100-1-7620, July 2004
I-1
5454appI.fm
Upgrade - Production Mode with Re-Install of Media Server PC Nur fr den internen Gebrauch
Depending on the validation results prepare the Domain or continue.
>
I.2.4
and Verification.
I.2.5
I-2
and Domains.

A31003-S5020-S100-1-7620, July 2004
5454appI.fm
I.2.6
Upgrade - Production Mode with Re-Install of Media Server PC

Validate the RDS.
I.2.7
and Verification.
Validate the TFA.
I.2.8

and Verification.
Validate the MCU.
A31003-S5020-S100-1-7620, July 2004

I-3
5454appI.fm
Upgrade Software
I.3
Upgrade Software
I.3.1
I.3.2
Uninstall OpenScape and Keep the Database
I.3.3
Uninstall MCU (refer to Section A.4.5, OpenScape MCU Uninstall).
privileges.
1.
2.
Copy the ConvertAdmins.exe and Interop.ActiveDS.dll files from the OpenScape EPT
folder on the CD to the OpenScape Server.
3.
4.
I-4
A31003-S5020-S100-1-7620, July 2004

5454appI.fm

Upgrade Software
5.
6.
To grant permissions to the OpenScape Admin group and retains these users in OpenScape, follow the instructions below:
1.
2.

3.
4.

5.
6.
I.3.4
Install OpenScape
Check that all Siemens BC files are gone from the C:\Windows\Assembly folder.
Install OMC.
If OpenScape and MCU are installed on one server:
I.3.5
Install MCU.
A31003-S5020-S100-1-7620, July 2004

I-5
5454appI.fm
Upgrade Software
I.3.6
Routing Dispatcher.
I.3.7
I.3.8
I.3.9
Backup the Media Server Database
Open the Services Management from the Control Panel.
Stop the Siemens HPCR Startup Windows Service. Then, stop the MSSQL$IWR
service.
Copy the following files from C:\Program Files\Microsoft SQL Server\MSSQL$IWR\Data to a safe location such as a network server:
I.3.10
iwrdb.mdf
iwrdb_log.ldf
IwrReport.mdf
IwrReport_log.ldf
Go back to the Services Management. Start the MSSQL$IWR service and the Siemens HPCR Startup Windows Service.
Backup User-Created Applications on Media Server
Each application created in the Media Server has a corresponding folder on the Server. The
following process backs up the folders for the customer-created applications.
I-6
Identify the names of all customer-created applications by doing the following:
Start the MSSQL$IWR service (if not already started).
A31003-S5020-S100-1-7620, July 2004

5454appI.fm

Upgrade Software
Open the Media Server System Administrator via the Start > Programs > Siemens
OpenScape > OpenScape Media Server > Media Server Administration.
Go to the Application Builder.
Click Custom.
Write down all the application names of the applications listed under Application
Name.
Click Word Web.
Name.
To save the application folder of the user created application, do the following:
Using Windows Explorer, go to the folder C:\Program Files\Siemens\IWR\www\IWR\Applications.
For each of the application names that were written down, copy each of the folders with
that same name. Make sure all the files and folders beneath it are copied too.
Save the folders to a safe location such as a network server that is not on the Media
Server machine.
Save any additional files (.wav, .xml, .vxml, etc.) not stored in the application folder that are
used by the application. To know if an application uses additional files, do the following:
Under Custom or Word Web, click on the application name.
Click view.
Click on a step.
Click Step Settings (the magnify glass icon).
Scroll to the bottom of the webpage.
Click the Options tab.
See if there is a file listed in URL. If so, locate the file. Save the path to the file and then
save file to a safe location. If the file is already located in a safe location, then there is
no need to save it again. But, save the path to the safe location so that later that connection to the location can be restored and verified.
Do this for each step of the application.
I.3.11
Backing Up Report Files on Media Server
The Media Server contains reports that the user generates. The following process backs up the
report files.
A31003-S5020-S100-1-7620, July 2004
I-7
5454appI.fm
Upgrade Software
Open the Windows Explorer.
Go to <IWR home directory>\www\IWR\SA\Report\ReportFiles.
Copy the report files that you want to save to a safe location such as a network server.
I.3.12
Reinstall the Operating System on the Media Server PC
Reinstall the Operating System on the Media Server PC. After the PC is reinstalled, please refer to the Media Server Installation document for installing the Windows Components (Chapter
3) and the pre-installation checklist (Chapter 4).
I.3.13
I.3.14
I.3.15
Restoring the Media Server Database
After installing the third party software, do the following steps to restore the database:
Create a new folder iwr_save in the folder C:\Program Files\Microsoft SQL Server\MSSQL$IWR\Data.
Go to the safe backup location where the database files (iwrdb.mdf, iwrdb_log.ldf, IwrReport.mdf, and IwrReport_log.ldf) are stored and copy the files.
Paste the files in C:\Program Files\Microsoft SQL Server\MSSQL$IWR\Data\iwr_save.
I.3.16
I-8
A31003-S5020-S100-1-7620, July 2004

5454appI.fm

Upgrade Software
Note: Before installing, be sure that Section I.3.15, Restoring the Media Server Database is
completed.
I.3.17
Restoring the User-Created Applications on the Media Server
After installing the Media Server, do the following steps to restore the customer-created Applications:
Go to the safe location where the customer-created application folders are stored.
Copy each of the customer-created application folders (and all files and folders beneath it) into the Applications folder located at C:\Program Files\Siemens\IWR\www\IWR\Applications.
Note: Do not overwrite anything in the Application folder on the new machine.
This copy operation restores all customer-created application folders without disturbing the folders that were installed as a part of Media Server. If the copy operation advises you that a folder already exists on the target, or asks for permission to overwrite
an existing folder or file, answer No.
Restore any additional files to their original location (with the exact path that they had
originally). For the files that were already saved to a safe location, make sure the connection to that location is restored.
To verify that the applications were copied properly, open the System Administrator
Application (Start > Programs > Siemens OpenScape > OpenScape Media Server >
Media Server Administration). Click on Application Builder. Click on either Custom or
Word Web. The applications should be there. View the steps and all the properties of
each application, including any media files (.HTML, .WAV, .TXT, etc.) associated with
each application.
I.3.18
Restoring Report Files on the Media Server
After installing the Media Server software, do the following steps to restore the report files.
Go to the safe location where you stored the report files.
Copy all the files back to <IWR home directory>\www\IWR\SA\Report\ReportFiles.
To verify that the report files were copied properly, open the System Administrator Application:
Click Start->Programs->Siemens OpenScape->OpenScape Media Server->Media

Server Administration).
Click System Administrator->Reports.
Click Report Jobs. The report files should be there.
A31003-S5020-S100-1-7620, July 2004

I-9
5454appI.fm
Upgrade Software
For each report, click View to open the report file.
I.3.19
I-10
A31003-S5020-S100-1-7620, July 2004

5454appJ.fm
Nur fr den internen Gebrauch Upgrade - Early Deployment Mode with Upgrade of Media
Pre-Requisites
Upgrade - Early Deployment Mode with Upgrade of

Media Server Software
J.1
Pre-Requisites

J.2
J.2.1
Verification.
J.2.2
Domain Preparation
Depending on the validation results, prepare the Domain or continue.
A31003-S5020-S100-1-7620, July 2004

J-1
5454appJ.fm
Upgrade - Early Deployment Mode with Upgrade of Media Server Software Nur fr den inEnvironment Preparation for Upgrade from V1-SPCR to V2
>
J.2.3
and Verification.
J.2.4
System Preparation EDM/ADAM Server
For details on how to do the following steps, refer to Section 8.18, EDM System Preparation
and Verification.
Edit the Config.xml file (if you did not complete the file as a prerequisite)
Validate the EDM System.
J.2.5
and Domains.
J-2

A31003-S5020-S100-1-7620, July 2004
5454appJ.fm
Nur fr den internen GebrauchUpgrade - Early Deployment Mode with Upgrade of Media Server
J.2.6
Validate the RDS.
J.2.7
and Verification.
Validate the TFA.
J.2.8

and Verification.
A31003-S5020-S100-1-7620, July 2004

J-3
5454appJ.fm
Upgrade - Early Deployment Mode with Upgrade of Media Server Software Nur fr den inUpgrade Software
Validate the MCU.
J.3
Upgrade Software
J.3.1
J.3.2
J.3.3
privileges.
J-4
A31003-S5020-S100-1-7620, July 2004

5454appJ.fm
Upgrade Software
1.
2.

3.
4.

5.
6.
1.
2.

3.
4.

5.
6.
J.3.4
Install ADAM and EDM
For ADAM installation please refer to Section 6.3, ADAM Installation.
For EDM Server installation please refer to Section 6.4, EDM Installation.
Installation of OpenScape will copy the OpenScape V1 user into ADAM to upgrade them to V2
users.
J.3.5
Install OpenScape
A31003-S5020-S100-1-7620, July 2004

J-5
5454appJ.fm
Check the GAC that all Siemens BC files are gone.
Install OMC.
J.3.6
Install MCU.
J.3.7
Routing Dispatcher.
J.3.8
J.3.9
J.3.10
Uninstalling ComResponse V1 and V1 Third Party Software
Be sure to be logged on as the user that installed the software before using Add/Remove Programs.
1.
From the Service Control panel, select Siemens HPCR Startup Windows Service and
stop this service. Also select Siemens HPCR StoreEventService Windows Service and
stop this service.
2.
From the Control Panel > Add/Remove Programs:

Remove HiPath ComResponse.
J-6
A31003-S5020-S100-1-7620, July 2004

5454appJ.fm
Upgrade Software
Save the database when prompted (recommended).
3.
From the Control Panel > Add/Remove Programs, remove the following components:
Sun Java 2 Runtime Environment, SE V1.4.1
Realspeak and/or L&H Telecom Realspeak SAPI4 V3...
Microsoft Speech API
SpeaKING Engine SAPI4
HiPath CAP Fault Management V1.0
Microsoft SQL Server Desktop Engine (IWR)
Microsoft Internet Explorer WebControls
.NET Framework 1.1 Hotfix (KB821156)
.NET Framework 1.1
.NET Framework 1.0 (if installed)
4.
Remove Web Telephony Engine by doing the following:

a) Open a command prompt and go to the C:\Program Files\Web Telephony Engine\ directory.
b) For each ms*.dll in the directory, execute regsvr32 /u <ms*.dll>. For example,
regsvr32 /u MSWTECOM.DLL
regsvr32 /u MSWTESHR.DLL
regsvr32 /u MSWTESNP.DLL
c)
Restart the Media Server computer.
d) Delete the Web Telephony Engine folder and all subfolders located at C:\Program
Files\Web Telephony Engine.
e) From the Control Panel > Add/Remove Programs, remove the Web Telephony Engine
instance.
J.3.11
For details on how to do the following steps, refer to the OpenScape Installation document
A31003-S5020-S100-1-7620, July 2004

J-7
5454appJ.fm
Depending on the validatIon results Prepare the System or continue.
J.3.12
Pre-installation of the Media Server
Please refer to Chapters 3 and 4 of the Media Server Installation document.
J.3.13
J.3.14
J.3.15
J-8
A31003-S5020-S100-1-7620, July 2004

5454appK.fm
Nur fr den internen Gebrauch Upgrade - Early Deployment Mode with Re-Install of Media
Pre-Requisites
Upgrade - Early Deployment Mode with Re-Install

of Media Server PC
K.1
Pre-Requisites

K.2
K.2.1
Verification.
Depending on the validation results prepare the Root Domain or continue.
K.2.2
Domain Preparation
Depending on the validation results prepare the Domain or continue.
A31003-S5020-S100-1-7620, July 2004

K-1
5454appK.fm
Upgrade - Early Deployment Mode with Re-Install of Media Server PC

>
Nur fr den internen
K.2.3
and Verification.
K.2.4
System Preparation EDM/ADAM Server
For details on how to do the following steps, refer to Section 8.18, EDM System Preparation
and Verification.
Validate the EDM System.
K.2.5
and Domains.
K-2

A31003-S5020-S100-1-7620, July 2004
5454appK.fm
Nur fr den internen GebrauchUpgrade - Early Deployment Mode with Re-Install of Media Serv-
K.2.6
Validate the RDS.
K.2.7
and Verification.
Validate the TFA.
K.2.8

and Verification.
A31003-S5020-S100-1-7620, July 2004

K-3
5454appK.fm

Upgrade Software
Nur fr den internen
Validate the MCU.
K.3
Upgrade Software
K.3.1
Backup the OpenScape DB Using the OMC (use help if needed).Uninstall OpenScape
and keep the Database.
K.3.2
Uninstall MCU (Section A.4.5, OpenScape MCU Uninstall).
K.3.3
K-4
privileges.
A31003-S5020-S100-1-7620, July 2004

5454appK.fm
Upgrade Software
1.
2.

3.
4.

5.
6.
1.
2.

3.
4.

5.
6.
K.3.4
Install ADAM and EDM
For ADAM installation please refer to Section 6.3, ADAM Installation.
For EDM Server installation please refer to Section 6.4, EDM Installation.
A31003-S5020-S100-1-7620, July 2004

K-5
5454appK.fm

Upgrade Software
Nur fr den internen
Installation of OpenScape will copy the OpenScape V1 user into ADAM to upgrade them to V2
users.
K.3.5
Install OpenScape
Check the GAC that all Siemens BC files are gone
Install OMC.
K.3.6
Install MCU.
K.3.7
Routing Dispatcher.
K.3.8
K.3.9
K.3.10
K-6
Backup the Media Server Database

A31003-S5020-S100-1-7620, July 2004
5454appK.fm
Upgrade Software
Stop the Siemens HPCR Startup Windows Service. Then, stop the MSSQL$IWR
service.
Copy the following files from C:\Program Files\Microsoft SQL Server\MSSQL$IWR\Data to a safe location such as a network server:
K.3.11
iwrdb.mdf
iwrdb_log.ldf
IwrReport.mdf
IwrReport_log.ldf
Go back to the Services Management. Start the MSSQL$IWR service and the Siemens HPCR Startup Windows Service.
Backup User-Created Applications on Media Server
Each application created in the Media Server has a corresponding folder on the Server. The
following process backs up the folders for the customer-created applications.
Identify the names of all customer-created applications by doing the following:
Start the MSSQL$IWR service (if not already started).
Open the Media Server System Administrator via the Start > Programs > Siemens
OpenScape > OpenScape Media Server > Media Server Administration.
Go to the Application Builder.
Click Custom.
Name.
Click Word Web.
Name.
To save the application folder of the user created application, do the following:
Using Windows Explorer, go to the folder C:\Program Files\Siemens\IWR\www\IWR\Applications.
For each of the application names that were written down, copy each of the folders with
that same name. Make sure all the files and folders beneath it are copied too.
A31003-S5020-S100-1-7620, July 2004

K-7
5454appK.fm

Upgrade Software
Nur fr den internen
Save the folders to a safe location such as a network server that is not on the Media
Server machine.
Save any additional files (.wav, .xml, .vxml, etc.) not stored in the application folder that are
used by the application. To know if an application uses additional files, do the following:
Under Custom or Word Web, click on the application name.
Click view.
Click on a step.
Click Step Settings (the magnify glass icon).
Scroll to the bottom of the webpage.
Click the Options tab.
See if there is a file listed in URL. If so, locate the file. Save the path to the file and then
save file to a safe location. If the file is already located in a safe location, then there is
no need to save it again. But, save the path to the safe location so that later that connection to the location can be restored and verified.
Do this for each step of the application.
K.3.12
Backing Up Report Files on Media Server
The Media Server contains reports that the user generates. The following process backs up the
report files.
Open the Windows Explorer.
Go to <IWR home directory>\www\IWR\SA\Report\ReportFiles.
Copy the report files that you want to save to a safe location such as a network server.
K.3.13
Reinstall the Operating System on the Media Server PC
Reinstall the Operating System on the Media Server PC. After the PC is reinstalled, please refer to the Media Server Installation document for installing the Windows Components (Chapter
3) and the pre-installation checklist (Chapter 4).
K.3.14
K-8
A31003-S5020-S100-1-7620, July 2004

5454appK.fm
Upgrade Software
K.3.15
K.3.16
Restoring the Media Server Database
After installing the third party software, do the following steps to restore the database:
Create a new folder iwr_save in the folder C:\Program Files\Microsoft SQL Server\MSSQL$IWR\Data.
Go to the safe backup location where the database files (iwrdb.mdf, iwrdb_log.ldf, IwrReport.mdf, and IwrReport_log.ldf) are stored and copy the files.
Paste the files in C:\Program Files\Microsoft SQL Server\MSSQL$IWR\Data\iwr_save.
K.3.17

Note: Before beginning the installation, be sure that the Section K.3.16, Restoring the Media
Server Database is completed.
K.3.18
Restoring the User-created Applications on the Media Server
After installing the Media Server, do the following steps to restore the customer-created Applications:
Go to the safe location where the customer-created application folders are stored.
Copy each of the customer-created application folders (and all files and folders beneath it) into the Applications folder located at C:\Program Files\Siemens\IWR\www\IWR\Applications.
A31003-S5020-S100-1-7620, July 2004

K-9
5454appK.fm

Upgrade Software
Nur fr den internen
Note: Do not overwrite anything in the Application folder on the new machine.
This copy operation restores all customer-created application folders without disturbing the folders that were installed as a part of Media Server. If the copy operation advises you that a folder already exists on the target, or asks for permission to overwrite
an existing folder or file, answer No.
Restore any additional files to their original location (with the exact path that they had
originally). For the files that were already saved to a safe location, make sure the connection to that location is restored.
To verify that the applications were copied properly, open the System Administrator
Application (Start > Programs > Siemens OpenScape > OpenScape Media Server >
Media Server Administration). Click on Application Builder. Click on either Custom or
Word Web. The applications should be there. View the steps and all the properties of
each application, including any media files (.HTML, .WAV, .TXT, etc.) associated with
each application.
K.3.19
Restoring Report Files on the Media Server
After installing the Media Server software, do the following steps to restore the report files.
Go to the safe location where you stored the report files.
Copy all the files back to <IWR home directory>\www\IWR\SA\Report\ReportFiles.
To verify that the report files were copied properly, open the System Administrator Application:
Click Start->Programs->Siemens OpenScape->OpenScape Media Server->Media

Server Administration).
Click System Administrator->Reports.
Click Report Jobs. The report files should be there.
For each report, click View to open the report file.
K.3.20
K-10
A31003-S5020-S100-1-7620, July 2004

5454abbr.fm
List of Abbreviations
This table shows some important abbreviations.

Abbreviation
Definition
AD
Active Directory
ADAM
Active Directory Application Mode
ASR
Auto Speech Recognition
CA
Certificate Authority
CLT
CAP License Server
EDM
FQDN
Fully Qualified Domain Name
IPSec
IP Security Protocol
LCS
Live Communications Server
MCU
Multipoint Control Unit
MC
Multipoint Controller
MP
Media Processor
MSMQ
Microsoft Messaging Queue
OMC
PKI
Public Key Infrastructure
Root CA
Root Certificate Authority
RD
Routing Dispatcher
SIP
Session Initiation Protocol
TCP
Transmission Control Protocol
TFA
TLS
Transport Layer Security
TTS
Text-to-Speech
Windows Messenger
WM
A31003-S5020-S100-1-7620, July 2004

Y-1
5454abbr.fm
Y-2
A31003-S5020-S100-1-7620, July 2004

5454IX.fm
Index
Index
B2BUA E-11, E-15

block rule E-21
configuration
minimum complete server 2-5
Configuring
DNS Server 12-5
LCS Route 12-6
MC SIP 12-5
MCU SipURI 12-4
configuring
OpenScape certificate 10-3
SMTP server 10-5
WM client 4-4
Configuring Certificates A-2
Configuring Profiles for SIP Phones 16-5
Configuring the Account Security Privileges in
the Exchange Server Stores B-1
Configuring the RTCService Account 4-4
ConvertAdmins F-18
CRDirect C-1
creating
custom MMC console E-3
new IPSec policy E-4, E-8, E-14, E-17
Creating an SRV Record on DNS A-6
CRForward C-2
CAP License Server (CLT) 3-3

Certifcate Authority (CA) A-2
certificate configuration 10-3
checklist
final installation 8-1, 17-1
MCU installation 12-1
checkSPN F-1
D-2
D-7
CIM Namespace Security 3-13
Client
installing 15-1
Complex Setup 8-4
Deployment Models 2-7

Deployment Rules 2-6
detecting virus 9-4
Different Storages of User Information F-13
DNS Server 12-5
DNS SRV Records 16-1
Document Storage 14-1
Domain Admins 9-3
Domain Mode 3-7
Domain Preparation 8-9
Access Rights
OpenScape Database D-6
WMI CIM Repository D-6
Account Check 9-4
account requirements
for OpenScape management 3-12
Account Security Privileges B-1
Active Directory
Attribute Definitions 5-4
Attributes and Objects 5-1
Attributes and Objects Hierarchy 5-2
Class Definitions 5-5
Environment Recommendations 5-1
adding filters from MP to MC E-20
Adding Users A-1
Application Server Mode 9-3
Assigning OpenScape Phones from Unassigned Phones 16-6
A31003-S5020-S100-1-7620, July 2004

E
Early Deployment Mode 2-5, 3-5, G-3
5-7
Z-1
5454IX.fm
Index
Early Deployment Mode with Re-installation

of Media Server PC 2-1
Early Deployment Mode with Upgrade of Media Server Software 2-1
Enabling SSL for Outlook Web Access
(OWA) on the Exchange Server B-9
Enabling SSL in IIS on the OpenScape Server B-8
Enabling WebDav on the Exchange 2003
Server B-1
endpoints requirements 3-5
Environment Preparation Tool 2-2
Brief Description of Steps 8-6
Domain Preparation 8-9
F
feedback, documentation 1-3
firewall requirements 9-4
Forwarding Rule Target C-3
G
Gateway permit rule E-12
H
hardware
recommendations 3-5
hardware requirements 3-1
High Traffic Call Model 3-6
I
imported AD users 3-11
Importing
SIP Phone Certificate 16-1
infrastructure
requirements 3-1
Infrastructure Components 2-4
Installation Requirements
EDM 6-2
Installing
Microsoft Hotfix 10-2
OMC 10-1
OpenScape 9-9
installing
OMC package 10-2
OpenScape Client 15-1
Z-2
Windows Messenger 4-4

WM client 4-2
IPSec policy E-4, E-8, E-14, E-17
IPSec Security 11-1
L
LC Server 2-3
LC Server Certificate 16-2
LCS
setup checklist and troubleshooting 4-6
LCS (RTC) MSDE Database F-16
LCS Route 12-6
LCS, local machine groups 4-2
licenses 2-13
non-OpenScape 2-18
local machine groups 4-2
M
MC SIP 12-5
MCU
installation checklist 12-1
requirements 3-4
MCU SipURI 12-4
MCU System Preparation and Verification 833
Media Server 3-4
Media Server System Preparation and Verification 8-30
Microsoft .NET Framework V1.1 2-3
Microsoft Hotfix 10-2
Migrating from ADAM to Active Directory 6-5
MIgrating from EDM to Production Mode 6-4
minimum complete server
configuration 2-5
MMC console E-3
MSMQ F-1
N
Namespace Permissions 3-13
Non-OpenScape licenses 2-18
Non-Siemens system components
MS SQL Server 3-2
Normal Traffic Call Model 3-5
A31003-S5020-S100-1-7620, July 2004

5454IX.fm
Index
Obtaining a Certificate 16-1

OMC
installing the package 10-2
overview 10-1
OMC Snap-in 10-2
One Box Configuration 12-5
OpenScape
Adding Users A-1
administration Client requirements 3-3
licenses 2-13
scripting framework F-6
OpenScape Application Server 2-1
requirements 3-1
OpenScape Certificate 10-3
OpenScape Client Registry Entries 15-2
OpenScape Licenses 2-13
OpenScape Management Console 2-2, 9-4
OpenScape MCU 2-2
OpenScape Phones Certificate 16-3
OpenScape Routing Dispatcher 2-2
OpenScape Scripting Framework F-6
OpenScape System Domain Preparation and
Verification 8-12
Remote Administration Mode 9-2

Requirements
Forest in Production Mode 7-1
requirements
endpoints 3-5
firewall 9-4
for OpenScape management 3-12
infrastructure 3-1
MCU 3-4
Media Server 3-4
OpenScape administration Client 3-3
OpenScape Application Server 3-1
Root Domain D-1
Root Domain Membership and Verification 819
Routing Dispatcher 3-3, 9-5, G-3
Routing Dispatcher/LCS System Preparation
and Verification 8-28
RSA SecurID 14-2
RTC Tool F-1
RTCService Account 4-4
P
passwords for the OpenScape services 3-11
Permissions
Domain-DNS Object D-5
EDM Server D-6
Service Connection Point D-6
Permissions on AD Objects D-5
permit rule for Gateway E-12
Phone Discovery 16-7
Portal Access 9-4
Ports and Routes 9-6
ports and routes 9-6
Problems Uninstalling OpenScape A-5
Production Mode 2-5
Production Mode with Re-installation of Media Server PC 2-1
Production Mode with Upgrade of Media
Server Software 2-1
A31003-S5020-S100-1-7620, July 2004

S
Schedule+FreeBusy Information B-6
SDK Applications 11-1
Security Troubleshooting 14-1
Server Information 3-8
setting up
user and administrator cross-functionality
9-3
WM client 4-2
siemensOSDomain 5-6
siemensOSGlobalContainer 5-6
siemensOSServiceConnectionPoint 5-6
siemensOSServices 5-5
siemensOSTrustedService 5-6
SIP Phone Certificate 16-1
Creating and Issuing A-7
Locating and Exporting A-10
Requesting A-9
SIP Phone Discovery 16-7
SIP Phones, obtaining a certificate 16-1
SMTP server 10-5
Z-3
5454IX.fm
Index
SOS Script Tool for Serviceability Support F13

SQL Server 2-3
SRV Record on DNS
Creating A-6
SSL Encryption 3-2
SSL Encryption for MS SQL Server 2000 3-2
Synchronizing the Time 9-1
T
Terminal Services service 9-3
testing
with Windows Messenger 4-3
TFA System Preparation and Verification 835
Trace File Accumulator 2-2, 3-4, 14-2, G-3
Troubleshooting
Security 14-1
Unintstalling OpenScape A-5
WebDAV B-1
WebDav B-1
Windows Messenger
client configuration 4-4
installing 4-2, 4-4
setting up 4-2
testing with 4-3
uninstalling 4-3
Windows Messenger (WM) Client 4-2
Windows Server 2003 Terminal Services 9-2
WSE2.0 for SDK 3-3
X
XML File 8-8, 8-22
XpSystem F-13
U
uninstalling
Windows Messenger 4-3
Upgrade - Early Deployment Mode with ReInstall of Media Server PC K-1
Upgrade - Early Deployment Mode with Upgrade of Media Server Software J-1
Upgrade - Production Mode with Re-Install of
Media Server PC I-1
Upgrade - Production Mode with Upgrade of
Media Server Software H-1
Upgrades from V1 SPCR to V2 2-1
User Creation via OpenScape Management
A-1
User Creation via Script A-1
users
imported AD 3-11
V
verifying
server infrastructure 9-5
virus detection 9-4
W
Web Service Enhancements 2-4
Z-4
A31003-S5020-S100-1-7620, July 2004

www.siemens.com/hipath
The information provided in this document contains merely general descriptions or characteristics of performance which in case of actual use do
not always apply as described or which may change as a result of further
development of the products.
An obligation to provide the respective characteristics shall only exist if
expressly agreed in the terms of contract.
*1PA31003-S5020-S100-1-7620*
Siemens AG 2004 Information and Communication

Networks Hofmannstrae 51 D-81359 Mnchen, Germany
Reference No.: A31003-S5020-S100-1-7620
Printed in the Federal Republic of Germany.
Subject to availability. Right of modification reserved.

OpenScape V2.0 Installation Guide

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

OpenScape V2.0 Installation Guide

Hochgeladen von

Copyright:

Verfügbare Formate

HiPath OpenScape V2.

The information provided in this document contains merely general descriptions or

1 About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A31003-S5020-S100-1-7620, July 2004

Nur fr den internen Gebrauch

2.3.5 Deployment Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

A31003-S5020-S100-1-7620, July 2004

4.3.2 Uninstalling Windows Messenger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5 Active Directory Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

6 Setting up OpenScape in Early Deployment Mode (EDM) . . . . . . . . . . . . . . . . . . . .

7 Setting Up a Forest in Production Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8 Preparing the OpenScape Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A31003-S5020-S100-1-7620, July 2004

Nur fr den internen Gebrauch

8.7 Root Domain Preparation and Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9

A31003-S5020-S100-1-7620, July 2004

11 Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

Nur fr den internen Gebrauch

11.2 Special Steps for SDK Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

13 Installing the OpenScape Media Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1

15 Installing the OpenScape Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1

17 Final Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1

A31003-S5020-S100-1-7620, July 2004

Nur fr den internen Gebrauch

A31003-S5020-S100-1-7620, July 2004

F.3.5 Set Static Route Trusted/un-Trusted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F-4

Nur fr den internen Gebrauch

H.3.5 Uninstall Routing Dispatcher (RTC Extension) . . . . . . . . . . . . . . . . . . . . . . . . . . . H-5

A31003-S5020-S100-1-7620, July 2004

J.2 Environment Preparation for Upgrade from V1-SPCR to V2 . . . . . . . . . . . . . . . . . . . . .

K Upgrade - Early Deployment Mode with Re-Install of Media Server PC . . . . . . . . . . K-1

Nur fr den internen Gebrauch

K.3.8 Uninstall MCU (only if installed on a separate Server). . . . . . . . . . . . . . . . . . . . . . K-6

A31003-S5020-S100-1-7620, July 2004

Nur fr den internen Gebrauch

About This Guide

Purpose of This Guide

How to Use This Guide

Chapter 2, Overview, provides a high-level overview of OpenScape and its components.

A31003-S5020-S100-1-7620, July 2004

About This Guide

Nur fr den internen Gebrauch

A31003-S5020-S100-1-7620, July 2004

About This Guide

This guide also includes Abbreviations and Index.

HiPath OpenScape V2.0 Administration Guide, A31003-S5020-A900, provides the user

HiPath OpenScape User Guide, A31003-S5020-A100

HiPath OpenScape Project Planning Guide, A31003-S5020-A300

HiPath OpenScape Media Server V2.0 Installation Guide, A31003-S5020-S200

Title: HiPath OpenScape V2.0, Installation Guide

Order Number: A31003-S5020-S100-1-7620

A31003-S5020-S100-1-7620, July 2004

About This Guide

Nur fr den internen Gebrauch

A31003-S5020-S100-1-7620, July 2004

Nur fr den internen Gebrauch

Upgrades from V1 SPCR to V2

Production Mode with Upgrade of Media Server Software

Production Mode with Re-installation of Media Server PC

Early Deployment Mode with Upgrade of Media Server Software

Early Deployment Mode with Re-installation of Media Server PC

OpenScape Application Server

A31003-S5020-S100-1-7620, July 2004

Nur fr den internen Gebrauch