Cisco TELEPRESENCE MANAGEMENT SUITE EXTENSION - FOR MICROSOFT EXCHANGE 2.2 Administrator's Manual

Download

Page 1

Cisco TelePresence

Management Suite

Extension for Microsoft

Exchange 2.2

Administrator Guide

D14197 05

December 2010

Page 2

Cisco TMSXE Administrator Guide 2.2 Page 2 of 60

Contents

Contents .............................................................................................................................. 2

Introduction ......................................................................................................................... 4

Pre-Installation Information ..................................................................................................................... 4

Requirements ...................................................................................................................... 5

Server Requirements .............................................................................................................................. 5

Exchange Server 2003 Installations ................................................................................................ 5

Exchange Server 2007 Installations ................................................................................................ 5

Client Requirements ................................................................................................................................ 6

Cisco TMS Requirements ....................................................................................................................... 6

Permissions required to perform installation ........................................................................................... 6

Installation and Upgrades .................................................................................................. 7

Upgrading from a previous installation .................................................................................................... 7

Installation of Server Software ................................................................................................................ 7

Installer finds an existing account .................................................................................................... 8

No Existing Account Found .............................................................................................................. 8

Initialization of Resource Accounts ....................................................................................................... 10

Existing resources or equipment accounts used for scheduling .................................................... 11

Defining Calendar Securit y Groups ............................................................................................... 11

Starting the Synchronizer ............................................................................................................... 15

Configure Security Settings and Tuning ........................................................................................ 15

Optional—Deploying the TANDBERG Form ................................................................................. 16

Uninstalling or Repairing the Installation ............................................................................................... 23

Uninstalling..................................................................................................................................... 23

Repairing ........................................................................................................................................ 23

Upgrading .............................................................................................................................................. 24

Upgrading to Cisco TMSXE on Exchange 2003 ............................................................................ 24

Upgrading to Cisco TMSXE and Migrating to Exchange 2007 ...................................................... 25

Software Reference Guide ................................................................................................ 28

Configuration Tool Reference ............................................................................................................... 28

Initialization Testing ....................................................................................................................... 28

Operations Tab .............................................................................................................................. 28

Configuration Tab .......................................................................................................................... 31

Resource Calendar Permissions ................................................................................................... 33

Enabling Cisco TMS systems in Exchange ................................................................................... 34

Manually Enabling Auto-Accept ..................................................................................................... 36

Cisco TMSXE Logging Features.................................................................................................... 39

Resolving Custom Attribute Conflicts ............................................................................................ 41

Additional Reference Materials for Administrators ................................................................................ 41

Functional Overview of Cisco TMSXE Integration ......................................................................... 41

Changes and Impact of Cisco TMSXE Installation on Existing Servers ........................................ 42

Licensing Requirements ................................................................................................................ 43

Explanation of Resource Booking Models ..................................................................................... 43

Page 3

Cisco TMSXE Administrator Guide 2.2 Page 3 of 60

Appendix A. Creating the Organization Forms Library in Exchange Server 2007 ... 46

Relevant Microsoft articles: ............................................................................................................ 46

Setting up an Organizational Forms Library .................................................................................. 46

Appendix B. Using Cisco TMSXE with Redundant Cisco TMS Servers .................... 49

Pre-Installation ............................................................................................................................... 49

Installation ...................................................................................................................................... 49

Operation ....................................................................................................................................... 49

Appendix C. Using Cisco TMSXE with Exchange 2007 Clustering ........................... 50

Overview ........................................................................................................................................ 50

Clustering Requirements ............................................................................................................... 50

Installation ...................................................................................................................................... 50

Upgrades ........................................................................................................................................ 51

Uninstalling Cisco TMSXE ............................................................................................................. 51

Operational Changes when using a Clustered Mail Server ........................................................... 51

Appendix D. Using Cisco TMSXE with Separate Admin Roles .................................. 53

Installation ...................................................................................................................................... 53

Upgrades ........................................................................................................................................ 56

Uninstalling Cisco TMSXE ............................................................................................................. 56

Operational Changes ..................................................................................................................... 56

Checking for updates and getting help ........................................................................... 58

References and related documents ................................................................................. 59

Page 4

Cisco TMSXE Administrator Guide 2.2 Page 4 of 60

Introduction

Cisco TelePresence Management Suite Extens ion for Microsoft Exchange (Cisco TMSXE) is an optional add-on to the Cisco TelePresence Management Suite (Cisco TMS) that allows you to fully integrate the scheduling functionality of Cisco TMS with your existing Microsoft Exchange deployment. This integration gives users the ability to schedule video conferences and invite participants directly from their Microsoft Outlook clients while viewing availability information of resources regardless of where meetings are created.

Pre-Installation Information

Cisco TMSXE synchronizes Microsoft Exchange calendaring and Cisco TMS scheduling by installing components in the backend servers of an Exchange organization. By installing in the backend, all users of the organization can benefit from a single installation. Cisco TMSXE is installed on an Exchange 2003 or 2007 Server in the organization, and accounts integrated with Cisco TMS must be hosted by the Information Store of that server.

Only one Cisco TMSXE installation is required per Exchange organization as long as all users have access to the resource accounts hosted by that server. There should never be more than one Cisco TMSXE installation in a single domain. Installations with complex security models where users cannot see accounts across domains should contact their Cisco sales representatives for assistance planning more complex deployments. For more information on how Cisco TMSXE integrates with your Exchange Organization and details on server changes, please refer to the Changes and Impact of Cisco TMSXE Installation on Exis ting Servers section.

Page 5

Cisco TMSXE Administrator Guide 2.2 Page 5 of 60

Requirements

Server Requirements

The installation requirements vary based on if you are installing on an Exchange 2003 or 2007 server. The requirements assume you are installing on an oper ational Ex change Server and all Microsoft requirements for Exchange Server are satisfied.

Exchange Server 2003 Installations

Exchange 2003 Server

w/Service Pack 2



Standard or Enterprise Editions.

 Exchange System Manager must be installed on the server.  Latest Service pack recomm ended.

Windows Server 2003 32bit

w/Service Pack 1 or later



Standard/Enterprise/Datacenter Edition all compatible.

 Server 2003 R2 also compatible.  Latest Service pack recomm ended.  Domain functional level Windows 2000 Native or higher.

Exchange Server 2007 Installations

Note: Microsoft only supports Exchange Server 2007 in 64bit installations for production use.

Exchange Server 2007 32bit versions are provided for testing and evaluation purposes only. The 32 bit version of Cisco TMSXE can be used with 32bit Exchange Server 2007 test environments but is not supported for production use.

Exchange 2007 Server

w/Service Pack 1 or later



Standard or Enterprise Editions.

 The Server must have the Mailbox Server role installed.  Latest Service pack recomm ended.  Public Folders required to use Direct Resource Booking option

or publishing custom form (optional).

Windows Server 2003 64bit

w/Service Pack 2 or later



Standard/Enterprise/Datacenter Edition all compatible.

 Server 2003 R2 also compatible.  Latest Service pack recomm ended.  Domain functional level Windows 2000 native or higher.

Windows Server 2008 64bit  Standard/Enterprise/Datacenter Edition all compatible.

 Server 2008 R2 also compatible.  Latest Service pack recommended.  Domain functional level Windows 2000 native or higher.

Domain Functional Level Note—The group permissions used on the calendars are not compatible with the “Windows 2000 mixed” domain level. If your domain is not Windows 2000 Native Mode or higher, you can not use the Direct Resource Booking mode until you apply your own set of permissions on the resource calendars by logging on to each mailbox using Microsoft Outlook.

Connectivity between Exc h ange Ser ver and Cisco TMS–The Integration requires that the Exchange Server where Cisco TMSXE is installed can open a HTTP/HTTPS connection to the Cisco TMS server. Also required is that the Mail Server Cisco TMS is defined to use, can send emails to the Exchange server’s domain.

Page 6

Cisco TMSXE Administrator Guide 2.2 Page 6 of 60

Client Requirements

Microsoft Outlook 2002



Latest Service pack recomm ended

Microsoft Outlook 2003 w/Service

Pack 1 or later



Latest Service pack recomm ended

Microsoft Outlook 2007



Latest Service pack recomm ended

Outlook Web Access



Requires using the Asynchronous Booking Model –

Direct Resource Booking not support in OWA

 TANDBERG Custom Form not available when using

OWA

Cisco TMS Requirements

Version  Latest version recommended.

Network  HTTP (HTTPS optional) connectivity from the

Exchange Server to C isc o T MS

 Cisco TMS must be able to send email to the

Exchange Server’s domain

Licensing



One Exchange Integration license required per Cisco

TMS system integrated

 One Application Integration license required per

Exchange Server integrated with Cisco TMS

Permissions require d t o perf orm installation

Performing the Cisco TMSXE installation requires logging into the Exchange Server as a user with specific administrator permissions. Before continuing, verify the user account you will use to perform the installation has the following permissions:

 Windows Domain Administrator for the local domain or has delegated administrative access to

the OU in Active Directory where all accounts are to be created

 Windows Administrator of the local machine you are installing on  Exchange Full Administrator if using Exchange 2003 or Exchange Recipient Administrator for

Exchange 2007 Installs

For organizations where Active Directory and Exchange permissions are segregated and no exception can be made to use the Cisco TMSXE software, see the section Using Cisco TMSXE with Separate Admin Roles for information on installing via manual methods.

During the installation you will also setup a service user on the Cisco TMS Server. If not reusing an existing account for the Cisco TMS Service User, you must supply user credentials that can create a new one. The user credentials must have the following permissions:

 Be a Windows Administrator of the server Cisco TMS runs on  Have a User Profile in Cisco TMS and be a member of the Site Administrator’s group

Page 7

Cisco TMSXE Administrator Guide 2.2 Page 7 of 60

Installation and Upgrades

Completing the installation of Cisco TMSXE requires completing all the sections in this chapter. Each section must be reviewed for both upgrades and new installations.

Upgrading from a previous installation

a. If you are running an earlier version of Cisco TMSXE and not changing Exchange Server

versions, you can continue with the installation steps as normal and the installer will handle your existing version automatically.

b. If you are currently using Exchange Server 2003 and pla n to upgr ade to Cisco TMSXE without

changing to Exchange Server 2007, review the section Upgrading to Cisco TMSXE on Exchange 2003 for pre-installation steps and information on changes in how your integration will differ with the new Cisco TMSXE product before continuing.

c. If you are currently using Exchange Server 2003 and are upgrading your integration installation to

an Exchange 2007 Server, review the section Upgrading to Cisco TMSXE and Migrating to Exchange 2007 for specific information on pre-installation needs changes in how your integration will differ with the new Cisco TMSXE product before continuing.

Installation of Server Software

If reinstalling or upgrading the software on a server where Cisco TMSXE was previously installed, the installer will automatically read the existing settings from the server’s registry and skip steps where it does not need additional user input. Because of this, not all steps listed below may be shown. If any of the previous installation’s values need to be changed, these can be changed using the Configuration Utility post-installation.

Note: There are separate installers for 64bit installations and 32bit installations – Please use the appropriate link for your server type.

1. Log into the Windows console of the Exchange Server where Cisco TMSXE will be installed. Close all other running programs and any security/anti-virus software that may hinder installing the software.

2. Launch Setup File—The Cisco TMSXE installer is located on the Cisco TMS installation media. Open the index page by double-clicking browse.bat. Click the Install link start the installation program.

3. Detecting a previous version—The installer will search for an existing installation of Cisco TMSXE and if found, will prompt if you wish to upgrade the exis ting inst al lat ion. Click Yes to continue. The installer will automatically reuse settings it finds on the server.

4. Component Check—The installer will verify all the required Microsoft software components are installed on the server, and if not will present a list of components that must be updated. The installer will complete this task for you automatically (requires Internet Access), but may require a restart of the server after the installation is complete.

5. Installation Wizard—A welcome window will appear on the screen. Click the Next button

6. Read and Accept the License Agreement—Read the License Agreement and select the ‘I accept the terms…’ option. Click Next to continue. Selecting ‘I do not accept the terms…’ or clicking Cancel will terminate the installation.

7. Set the installation folder—Select the destination folder where the software should be installed. To accept the default location, click Next to continue. Otherwise, click Change to specify a custom installation path and click Next to continue.

8. Select a Domain Controller—The installer will detect all domain controllers available to the Exchange Server and present them in a drop-down list. The domain controller selected will used by Cisco TMSXE software when interacting with Activ e Directory. Select your desired server from the drop-down list if necessary, and click Next to continue

9. Configure the Service User for Exchange—Next the installer must configure the service account to use on the Exchange Server. The installer’s choices will vary depending if an existing service account is found and if not, what choices you make to specify a new account. Each path is outlined below:

Page 8

Cisco TMSXE Administrator Guide 2.2 Page 8 of 60

Note: The service account used must be allowed to have the Log on as Batch Job permission in the local security policy. Ensure there are no Group Policies that would override the configuration of this permission.

Installer finds an existing account

If a service account exists from a previous installation or manual configuration, it will be detected, and you will be prompted to accept the existing user.

To not re-use this account, you must:

1. Click Cancel

2. Either:

a. Remove the custom attribute from the account’s mailbox b. Delete the account and mailbox altogether

3. Restart the installation.

To reuse the detected user:

1. Click Next.

2. Let the Cisco TMSXE software know the password for the service user by choosing to either:

a. Reset the Password to a strong password b. Supply a new password c. Supply the existing password to the account.

3. Fill in the password fields if necessary.

4. Click Next to continue.

No Existing Account Found

If no pre-configured service account is found, the installer will prompt ask whether you wish to create a new account, or reuse an existing Active Directory account. The installer’s steps will update depending on the option chosen.

Page 9

Cisco TMSXE Administrator Guide 2.2 Page 9 of 60

Creating a new service account (Recommended)

1. Select I want the installer to create the account and click Next

2. Specify the OU where the account should be created. Click the Browse b utton to locate which

Organizational unit the account should be placed in. Select the OU you wish to use, or click New to create a new OU. Click OK when you have made your selection. Then click Next to continue.

3. Select which mailbox store should be used for the mailbox of the account. The drop-down l is t wi ll show all available databases on the local Exchange Server. Select one and click Next to continue.

4. The installer will now create a new account TMS-Service with a strong password in the specified OU with a mailbox configured as needed for use with Cisco TMSXE in the mail database specified.

Using an existing domain account (Manual Configuration)

1. Select I want to use an existing domain account. To use this option, the existing account must be a member of the local domain, must not have an existing mailbox on another server, and must have the Log on as Batch Job permission in the server’s Local Security Policy. (See

http://technet.microsoft.com/en-us/library/cc739028.aspx for assistance on assigning user rights

for your local computer). Click Next to continue.

2. Click the Browse button to open a directory browser. You may also use the Search button to locate the existing account . Select the account and click OK.

3. The screen will update to show your selected account. Click Next to continue.

4. Select which mailbox store should be used for the mailbox of the account. The drop-down list will show all available databases on the local Exchan ge Se r ver. Select one and click Next to continue.

5. Set the Service User’s password. The Cisco TMSXE software must know the password for the

service user. Select from the available options: Reset the Password to a strong password, Supply a new password, or Supply the existing password to the account. Make your selection, filling in the password fields if necessary and click Next to continue.

6. The installer will create or update the user’s mailbox in the specified database store and

configure it for use with Cisco TMSXE.

7. Select the Service Account for Cisco TMS. Next, the installer must configure the service account to use on the Cisco TMS Server. You have the option to let the installer detect a previously used account and create a new account if needed (recommended), or manually specify an existing account on the Cisco TMS Server. The installer’s steps will update depending on your selection. Either:

a. Select Let the installer create a service account if needed and click Next.

Page 10

Cisco TMSXE Administrator Guide 2.2 Page 10 of 60

i. Enter the network address to the Cisco TMS server, along with a set of user credentials

that has the appropriate administrator permissions on the Cisco TMS server as outlined in the start of this section. The Use HTTPS checkbox can only be used if your server

has been configured to use HTTPS

ii. The installer will look for an existing service user account on the Windows server based

on your domain’s email. If one is found, the installer will re-use it, otherwise the installer will create a new one. If needed, the installer will create a local Windows user account tmsconfuser on the Cisco TMS server, setup a Cisco TMS profile for the user, and assign it permissions within Cisco TMS needed to operate with Cisco TMSXE.

. Click Next to continue.

b. Select I have created a service user on the TMS server and click Next.

i. Enter the network address to the Cisco TMS server, along with the user name and

password of the existing service account. The Use HTTPS checkbox can only be used if your server has been configured to use HTTPS

ii. When reusing an existing account, the user’s Cisco TMS profile must be configured for

Cisco TMSXE manually. Open a web bro wser and log into your Cisco TMS server with a username that is a Site Administrator. Edit the user’s profile under Administrative

Tools >User Administration > Users. In the account’s profile, set Exchange Integration Service Account to Yes. Set the user’s email address to the Exchange

Service Account’s (the TMS-Service user) email address. Ensure the user is a member of a Cisco TMS group that has the Book on behalf permission set in the Group Permissions. Save the changes to the user’s profile. You can close your web browser and return to the Cisco TMSXE installer.

. Fill in the fields and click Next to

continue.

10. Start Installation—The installer now has all the information needed to complete the installation.

Click Install and the installer will complete the necessary software and configuration setup on the Exchange Server.

11. Finish installation—When complete, a Finish screen is displayed. Leaving the checkbox marked

will automatically launch the Configuration Utility so that the next portion of the installation can be completed. Click Finish to close the installer and launch the Configuration Utility to complete the next phase of the installation.

Initialization of Resourc e Accounts

Each Cisco TMS system that you wish to be scheduled from Exchange will have a Domain user account and mailbox in the Exchange environment. The accounts must be configured with specific properties and settings to operate with Cisco TMSXE.

The Configuration Utility installed as part of Cisco TMSXE allows creation, configuration, and management of these accounts. Additionally, the Configuration Utility is the tool used to change any behaviors of the Cisco TMSXE installation. The configuration utility can be found in the Start Menu, under Programs > TANDBERG > TANDBERG eXtensions for Microsoft Exchange > TANDBERG Configuration.

As part of a first time installation, you must configure and initialize the Exchange mailboxes that will represent the Cisco TMS systems to integrate. For upgrades, your existi ng acco u nt s will automatically be reused, but launching the Configuration utility is required to allow the diagnostics to be run on your existing accounts. If no new accounts are to be added, upgrade users can skip to the next section when they have opened the Configuration utility at least one time and allowed the tool to repair their existing accounts.

To fully use the Configuration utility, the logged in user must be a Domain Administrator and Exchange Full Administrator (or Exchange Recipient Administrator for Exchange 2007 Installs).

Please see the document Implementing Secure Management (HTTPS) for more information on configuring

TMS for HTTPS

Please see the document Implementing Secure Management (HTTPS) for more information on configuring

TMS for HTTPS

Page 11

Cisco TMSXE Administrator Guide 2.2 Page 11 of 60

Existing resources or equipment accounts used for scheduling

The configuration utility can automatically create new Active Directory accounts and mailboxes as part of the setup process for enabling Cisco TMS systems in Exchange. If you have existing Exchange Resource or Equipment mailboxes you currently use to represent video systems or rooms from Cisco TMS, you have the option to let the Configuration utility reuse the existing accounts .

The Configuration utility will reconfigure existing accounts as necessary to work with the Cisco TMSXE integration including synchronizing the existing schedules between Cisco TMS and the account’s calendar. This allows you to migrate from your Exchange-only model to an Exchange+Cisco TMS implementation. To reuse accounts in this manner, the account mailboxes must be prepared before attempting to configure them with the Cisco TMSXE utility.

Preparing existing mailboxes for use with Cisco TMSXE

1. The resource account’s Active Directory user account must be in the same domain as the

Exchange Server where Cisco TMSXE is being installed. If the existing account is in another domain, migrate the user account to the local domain, or re-associate the existing mailbox to a local user account. Please be sure to allow sufficient time for domain replication when moving accounts. See Microsoft documentation for assistance, such as using the

ADMT Tool to migrate

accounts.

2. The mailbox must be moved to a database located on the Exchange Server where Cisco TMSXE

was installed. Use the Exchange Management Console or shell to move the mailboxes. See

this Microsoft article for assistance on moving mailboxes for Exchange 2007 or this article for

Exchange 2003

3. If using Exchange 2007, if the mailbox is not already an Exchange 2007 Resource mailbox, convert it to a Resource mailbox using the Exchange Management Shell. Example:

set-Mailbox -Identity:ResourceName -Type:Room

When prepped, the accounts can be selected when enabling a Cisco TMS system in the steps below.

Enabling Cisco TMS Systems in Exchange

Note: When Cisco TMSXE Integration has been installed and operational, any new systems added to Cisco TMS that will be integrated with Exchange should not be booked in Cisco TMS until after they have been integrated with Exchan ge using the Configuration utility.

Start up the Configuration utility from the Start Menu. The utility is found at Programs > TANDBERG > TANDBERG eXtensions for Microsoft Exchange > TANDBERG Configuration.

As part of the start-up, the utility will perform a series of self-checks and diagnostics on the Cisco TMSXE configuration and the configured accounts. The utility will self-repair any issues it can, and will report any errors to the user.

Defining Calendar Security Groups

If you intend on granting calendar permissions to groups of users (required if using Direct Resource Booking) you should define the default security groups before continuing so they will be added to all accounts you enable. These permissions also allow users to directly interact with the calendars of resource accounts if desired.

1. Switch to the Resource Defaults tab.

2. Under Resource Calendar Permissions, use the Browse button to select an existing security group from Active Directory for each setting. In the Browse window, there is also an option to create a new security group if needed.

a. Editor Permissions – Members of the specified group will be able to edit meetings in

resource calendars created by all users.

b. Author Permissions – Members of the specified group will be able to create meetings in

resource calendars, but only edit their own meetings—not those created by other users.

3. Switch back to the Operations tab when complete to continue.

Page 12

Cisco TMSXE Administrator Guide 2.2 Page 12 of 60

The initial screen displayed shows an overview of systems found in Cisco TMS and any linked accounts in Exchange.

The left hand column represents all endpoints, rooms, and recording devices found in the configured Cisco TMS Server. The right hand column lists all Exchange accounts that have been determined to be integrated with Cisco TMS via Cisco TMSXE.

Select one or more Cisco TMS systems you wish to enable in Exchange from the left hand list. Use the shift or control keys to select multiple systems. Click the

 button.

Page 13

Cisco TMSXE Administrator Guide 2.2 Page 13 of 60

A new window appears which walks you through the Active Directory configuration for each selected system.

For each selected system, this dialog walks you through creating a new Active Directory account and mailbox OR associating the system with an existing Active Directory account and m ailbox. Use the Next/Previous buttons to switch between systems. The current system being configured is displayed in the top left. The dialog allows you to choose an option for each selected system individually. When multiple systems were selected, the OK button will be disabled until a choice has been made for each system.

Warning: Account creation/deletion/changes may take time to replicate through your Active Directory. When changes are made outside of the Configuration Utility, depending on your Active Directory design these changes may take upwards of an hour to replicate across domain controllers. If you experience errors or inconsistencies with account creation, please shutdown the Configuration Utility and allow time for your Active Directory changes to propagate.

Page 14

Cisco TMSXE Administrator Guide 2.2 Page 14 of 60

Select the account options for each system as follows.

1. Use the Next/Previous buttons to select the desired system.

Alternative A Alternative B

To create a new account for the system:

To use an existing account

Ensure Create an AD acc ount… is selected. The center panel displays a list view of your Active Directory’s organizational structure. Expand the tree if necessary and highlight the Organization Unit (OU) where the new account should be created. The mailbox and Active Directory user will automatically be created by

the utility

This option will reconfigure an existing AD user account and mailbox to be associated with the Cisco TMS system. Select Use an Existing AD Account. The center panel will show you your domain’s organizationa l structure. Navigate the tree to find the desired AD Account or use the Search feature. Only user accounts that have their mailbox on the local server will be displayed. Click on the user account you wish to associate to this Cisco TMS system.

. If you wish to use these same setting for the remaining accounts to be added, click Create the remaining accounts in this folder button, or use the Next/Previous buttons to switch to the next system.

Note: If an OU has more then 1,000 entries, only the first 1,000 will be displayed. Please use the Search option when OUs are very large.

2. Repeat the above steps using the Next/Previous buttons to toggle between the systems until a choice has been made for each system.

3. Click the OK button to continue.

In Exchange Server 2003 Installations, the utility will ask you for a password to use for the newly created accounts

Note: The password for resource accounts is not needed by users or in normal use. It is only for administrators that may wish to log into the account/mailbox directly. The resource account passwords can be changed using standard AD tools afterwards without affecting the Cisco TMSXE integration.

. The password entered will be used for acc ounts that are to be created. Marking the Reset password for all… checkbox will also set the password for accounts that are being reused.

Review selections—After choices have been made for all selected systems, a window will present a summary display of your choices.

If the information is correct, click OK, or if alterations are needed click the Edit button to return to the previous screen.

If one or more of the systems imported were associated with existing accounts, you will be asked if existing meetings events from the accounts’ Calendars should be imported into Cisco TMS. This ensures the resources’ calendars and Cisco TMS are in synch.

The account will be created with the username of TMS-<id> where <Id> is the TMS System ID. The display name of the AD user will be set to the System Name in TMS. The mailbox will be created in the Mail Store designated during installation.

This is only for Exchange S erver 2003 Installations – Exchange Server 2007 install ations will create an AD account with no password and the user account will be disabled as is normal for resource accounts in Exchange 2007

Page 15

Cisco TMSXE Administrator Guide 2.2 Page 15 of 60

Clicking Yes will cause all existing bookings in the Resources’ calendars to be booked in Cisco TMS. Clicking No will skip this step. If there are any issues booking an existing meeting, the meeting’s organizer will receive an email detailing any actions necessary.

Note: Meetings with no end date can not be booked in Cisco TMS and wi ll not synchronize to Cisco TMS. After Cisco TMSXE is installed, any meetings of this type should be edited using Outlook to a new meeting with a fixed end-date.

The configuration tool will now perform the tasks as instructed, and a status screen shows the progress of the individual systems and the overall progress.

Note: This process can take some time depending on the number of systems you are importing and design of your Active Directory.

When complete, click the OK button and the Operations tab will be displayed with the newly added systems in the right-hand column.

When all systems have been enabled in Exchange, continue to the next section to start synchronizing Cisco TMS and Exchange.

Starting the Synchronizer

The Synchronizer is an Integration component that runs on the Exchange Server that is responsible for keeping the Exchange calendars up to date with bookings and changes made in Cisco TMS.

The synchronizer is setup by the Installer but is idled in new installations until the administrator has enabled all the systems in Exchange using the Configuration Utility. When all systems have been enabled in Exchange using the Configuration Utility, the Synchronizer must be started. In upgrade situations, the Synchronizer’s state is saved, but is idled until it is activated again.

You can identify if the Synchronizer has been started by checking the button in the Configuration Utility > Operations tab. The button will be labeled Rest art S ynch ron iz er if the Synchronizer is already running. If so, no further action is necessary and you can continue to the next section. If the button says Start Synchronizer or Reactivate Synchroni zer , the Synchronizer must be started.

For new installations, to start the Synchronizer:

1. Open the Configuration Utility.

2. In the Operations tab, click the button labeled Start Synchronizer or Reactivate S ynch roni zer .

3. You will be prompted if with a warning regarding starting the Synchronizer before systems are

configured. Click Yes to start the synchronizer.

The Synchronizer will work in the background to update the Exchange Calendars of integrated systems with all meetings that exist for those systems in Cisco TMS. This process can take several hours when the Synchronizer is initialized in installations with lots of scheduling activity.

The resource account’s calendars will not have complete free/busy information for all future meetings until the Synchronizer has processed all meetings and caught up, but you do not have to wait for this to be complete before continuing the installation and using the product. The Cisco TMSXE integration will properly reject new meeting requests that would conflict even if the free/busy and resource calendars are not up to date yet.

Administrators should continue to the next section to complete the setup of their permissions and controls they want in place for resource scheduling.

Configure Security Settings and Tuning

When installed, administrators should review any security restrictions they wish to implement with booking of the integrated resource accounts. How permissions are controlled depends on what type

Page 16

Cisco TMSXE Administrator Guide 2.2 Page 16 of 60

of Exchange Server C isc o T MSXE is installed onto. Guidanc e is pro vided bel o w, broken down based on the version of Exchange you have installed onto.

Exchange 2003 Installations

For Exchange 2003 installations, access to booking the resources depends on which booking model is selected.

In the synchronous mode, booking will be limited to users who are members of the User group assigned Author access in the Configuration Utility. In new installations, this group may be empty and users will not be able to book these systems until this group is populated. Configure this group’s membership in Active Directory using the AD Users & Com puter snap-in as desired to enable users to start booking.

In the asynchronous mode, booking access is controlled by Delivery Restrictions where you can define who can or can not send email to the resource account. By blocking mail sent by a user, that user can not send an invite to the account and attempt to book it. The User Group defined in the Configuration Tool has no impact on Delivery Restrictions and should not be used to try to limit booking access when Asynchronous Booking is enabled. Members of the defined User Group will still have access to the calendar directly so be aware of potential mismatches. For more information on configuring Delivery Restrictions please see the Microsoft article – How to Set Restrictions on a User

http://technet.microsoft.com/en-us/library/aa998925(EXCHG.65).aspx

Membership in the security group defined as Editor access have the additional ability to edit existing meetings in the resource’s calendar, including meetings created by other users. Configure this group’s membership in Active Directory using the AD Users & Computer snap-in as desired.

Note: Users may have to log out and back in before group membership changes are effective on their client computer.

Exchange 2007 Installations

For Exchange 2007 installations, access to booking the resources is controlled via Resource Booking Policies. The default setup on accounts will have AllBookInPolicy set to ‘true’ meaning all users can book the resource as long as the request falls within the restrictions defined on the resource account.

New accounts created by the Configuration Utility will have the default Microsoft Exchange restrictions enabled. These will limit how a user can book a meeting from Outlook, but will not limit bookings made from Cisco TMS or directly in the Resource’s calendar. Administrators may need to tune these restrictions to their desired values to control booking by Outlook users.

Administrators may configure the standard CalendarSettings of the Exchange resource accounts to their desire, including setting up Delegates and configuration for handling In-Policy and Out-of-Policy requests. Administrators should not modify the following settings and leave them as configured by the Configuration Utility:

MailboxCalendarSetting Parameter

Configured Value

AutomateProcessing

AutoAccept

Identity

For more information on Managing Resource Scheduling Parameters see:

 Managing Resource Scheduling—http://technet.microsoft.com/en-us/library/aa996338.aspx  Set-MailboxCalendarSettings—http://technet.microsoft.com/en-us/library/aa996340.aspx

Optional—Deploying the TANDBERG Form

Cisco TMSXE includes a custom appointment form that can be used by Outlook clients to gain additional functionality when creating or editing meetings such as specifying conference parameters and adding external participants . This form replaces the default Appointment form used in the Outlook client. The use of this form is optional. If you do not wish to make the form available to your clients,

Page 17

Cisco TMSXE Administrator Guide 2.2 Page 17 of 60

you can skip this chapter. Making the form available can also be added any time in the future to your installation.

It is recommended to place the TANDBERG form under the Organizational Forms Library in order to be made available for all Outlook clients in your network. If an Organizational Forms Library already exists on your Exchange server, this one can be used. If not, one has to be created before importing the custom form. The advantage of using the Organizational Forms Library is it allows you to make the form available to all users with a single process and allow future updating of the form automatically for users.

Note: Alternatively, users can load the form manually per Outlook client, by performing the steps in the Configuring clients to use the Form section and specifying a local copy of the VideoConference.oft file. This method skips the Organizational Form Library and Publishing, so any future updates to the form must be manually completed by repeating the steps to specify the form to use.

Deploying the form is broken into three phases:

 Creating the Organization Forms Library.  Publishing the Form.  Configuring clients to use the Form.

Each should be completed for new installations that wish to use the TANDBERG form. For customers upgrading Cisco TMSXE without changing your Exchange Server version, only the Publishing the Form section is necessary. The other sections were completed in your previous installation.

Creating the Organization Forms Library

If using Exchange 2007, the installation steps have changed significantly due to Public Folder changes in Exchange 2007 and will vary based how Exchange was installed. Please chose one of the two sections below that describes your Exchange environment—Exchange Server 2003 Only

Environments or Exchange Server 2007 Environment (Mixed or Pure)

Exchange 2007 Environments (Mixed and Pure)

Exchange Server 2007 Environments are not dependant on Public Folders and therefore may not have them installed and t he ref or e lacking the existing infrastructure to support the Organizational Forms Library. The presence of existing Public Folders in Exchange 2007 environments depends on how Exchange 2007 was installed and will alter the steps required to be able to publish the TANDBERG form.

If Exchange Server 2007 was installed along side or into an Exchange Server 2003 organization, the first 2007 server would have had a public folder database created and configured to replicate with the existing Public Folders. In these cases, the existing Public Folder Database can be used, and replication should already be configured between the Public Folder Databases in Exchange 2003 and Exchange 2007.

In these environments, if an Exchange 2003 Server is available, an administrator can follow the instructions in the section below for Exchange Server 2003 organizations and perform the steps on that server. Forms will replicate to the Exchange 2007 Server and therefore be available to all Outlook versions.

If using an Exchange 2003 server is not an option, use the steps provided in Creating the Organization Forms Library in Exchange Server 2007 for instructions on creating the Organizational Forms Library in this type of environment.

Exchange Server 2003 Only Environments

Be sure you are logged to the Exchange Server with full Exchange administrator rights.

1. Open the Exchange System Manager.

2. Go to Administrative Groups and then select the group containing the Exchange Server on which

you just installed the Exchange Integration component. Normally this would be the Administrative Groups/First Administrative Group.

Page 18

Cisco TMSXE Administrator Guide 2.2 Page 18 of 60

3. Select Folders

4. While viewing the System Folders, right-click on EFORMS Regis tr y and select New >

Organizational Form.

followed by Public Folder. Right-click on Public Folder and select View System

Folders.

5. A property page for the new Organizational Form library will be displayed. Fill in a suitable name

of your choice and (optional) description of the Organizational Forms Library.

6. Choose English (USA) as E-forms language.

7. Press OK to save Organizational Forms Library.

Note: If English (USA) is not listed, a Forms Library for that language already exists and another can not be created. In this scenario, you must use the existing folder to publish the form. Rightclick on any folder listed under EEFORMS REGISTRY, select Properties and find which is using English (U.S.) and us e that existing folder for the remaining steps.

8. In order to publish the TANDBERG form in the Organizational Forms Library, an Outlook user

needs to be granted “owner” permissions to the Organizational Forms Library. This is done by right-clicking on the created folder and selecting Properties. In the pop-up window, select the Permissions tab.

‘Folders’ may reside on root level if the Exchange System Manager is not configured to show administrative groups

Page 19

Cisco TMSXE Administrator Guide 2.2 Page 19 of 60

9. Click the Client Permission button and a pop-up window appears.

It is recommended only to give one single end user the owner permission (preferably an administrator), and use this user for publishing the form. Users you wish to have access to the form need a minimum of Read permission granted. By default, users will have this read permission by the Default entry being granted the Reviewer role.

10. Using the Client Permissions window, add a user and set its role to Owner as necessary and add

any desired User Groups with Reviewer Role if necessary.

11. Click OK to save the permissions, and OK again to save the properties of the new Organizational

Form.

Publishing the TANDBERG Form

When the Organizational Forms Library is in place, the TANDBERG form is “published” using an Outlook client log ged in as the user you assigned owner permissions to the Form Library.

On the server where the Integration was installed, locate the ‘Video Conference Form’ folder created in the Installation path, normally

C:\Program Files\TANDBERG\Conferencing eXtensions for

Microsoft Exchange\Video Conference Form

.In this folder is the file VideoConference.oft .

1. Copy the VideoConference.oft file using the method of your choice to a client computer with

Outlook installed.

2. Using Outlook, log in as the user you assigned ‘owner’ permission to.

Page 20

Cisco TMSXE Administrator Guide 2.2 Page 20 of 60

3. Locate the OFT file on the computer, and double-click it to open it. It will open a form in Outlook

that looks like the standard Appointment form except there is an extra tab labeled TANDBERG

If you get a warning saying the custom form could not be opened, or the form does not display the TANDBERG tab the form must be opened using an alternative method due to changes in Outlook security

Alternative Method to Open Form

a. Close the Appointment form if it is currently open b. In Outlook, Select from the File Menu > New… > Choose Form… c. Change the Look In dropdown menu to User templates in File System d. Click the Browse button to locate the folder where you copied the OFT file to and click OK.

e. VideoConference should be seen in the lis t , highlight it and Click Open f. You can now continue with the normal publishing steps

Page 21

Cisco TMSXE Administrator Guide 2.2 Page 21 of 60

4. Select from the Menu bar, Tools > Forms > Publish Forms as... as shown in the picture.

5. In the new window, change the Look In dropdown menu to Organizational Forms Library

6. Enter names in the two fields exactly as described below (case sensitive):

• Display name: Meeting

• Form name: VideoConference

• The screen should look like the image below. Click Publish when complete

The form is now published and available for users to choose as their appointment form.

Page 22

Cisco TMSXE Administrator Guide 2.2 Page 22 of 60

Configuring clients to use the Form

Publishing the form makes it available to users, but does not automatically force their Outlook client to use the form. Configuring Outlook to use the form is a one-time client configuration that can be done by each user, or through making changes to the Microsoft Windows Registry. Registry changes can be done automatically via methods such as Group Policy.

Reference Material for Registry and Bulk Changes

Microsoft utility to create registry keys to change the default form—

http://support.microsoft.com/kb/241235/EN-US/

party article about the Microsoft Utility6—

http://www.outlookexchange.com/articles/Santhosh/outlookforms.asp

Manually configuring clients to use the form

To have a user manual configure their client, have each user complete the following steps:

1. Open your Outlook Client

2. From the Folder View, Right-click the Calendar icon and select Properties.

3. The Calendar Properties window will open with the General Tab selected

4. Select Forms… from the drop-down menu for the When posting to this folder, use option

5. A Pop-Up will open. Ensure the Look In drop-down menu, has Organizational Forms Library

selected

6. An entry will be displayed nam ed Meeting. Select it and click the Open button

7. You will be returned to the Calendar Properties page. Click OK to save your changes The client will now use the TANDBERG form for all Calendar actions and have the TANDBERG tab

available when creating new book ing requ es ts .

Note: Because Outlook security does not allow previewing of custom forms, when using the Reading Pane in Outlook, calendar events can not be previewed if the entry was created using the TANDBERG form. Users must open the item to view it.

The examples in this document reference other forms, the TANDBERG form replaces the IPM.Appointment form

Page 23

Cisco TMSXE Administrator Guide 2.2 Page 23 of 60

Uninstalling or Repairi ng t he Installation

Uninstalling

To uninstall the product:

1. Select Uninstall from the product’s group in the start menu on the Exchange Server or use

Add/Remove programs from the Control Panel of the server.

2. Confirm that you want to uninstall the product from the window that is displayed and the product

will uninstall itself.

The program will leave its log directory, registry keys, and associated accounts in place to accommodate future installations or upgrades.

Note: Given the standard options of the Installation software, it is possible to select “Modify” as an option if the setup file is launched after the product is installed. However, since there are no options to install only individual elements of the product, this choice does not allow you to make any changes to the product.

Complete Removal of Product

If an administrator wishes to remove all elements of the installation, the following additional steps may be performed after uninsta l l ing the prod uc t.

 Delete the Installation Directory and Logs Directory.

(Default:

C:\Program Files\TANDBERG\Conferencing eXtensions for Microsoft

Exchange\logs

)

 Delete the Registry key at:

HKEY_LOCAL_MACHINE\SOFTWARE\TANDBERG\TANDBERG Management Suite Exchange Integration

 Delete the TMS-Service user from Active Directory and it’s associated mailbox  Delete the tmsconfuser user account from the Windows Server hosting Cisco TMS and the user

profile in Cisco TMS.

 Delete any resource accounts and their mailboxes as desired. Existing accounts can continue to

be used for Exchange-Only booking if desired.

Note: Due to Active Directory replication, a new installation of Cisco TMSXE should never be attempted immediately after removing or modifying service or resource accounts. Sufficient time must be given to allow Active Directory replication to complete before attempting to install Cisco TMSXE again.

Repairing

If a problem is suspected with the server software itself, a repair is possible. The repair process will copy all needed files to the server ensuring all files are correct and in the proper location.

Note: There are separate installers for 64bit installations and 32bit installations – Please use the appropriate installer for your server type.

To repair the installation:

1. Start the original Cisco TMSXE setup file on the server if available. If not, the Cisco TMSXE

installer is located on the Cisco TMS installation media. Open the index page using browse.bat and click the Install link to start the installation progr a m.

2. Click Next, and from the option menu, select Repair.

3. Click Next and step through the wizard to complete the repair process. After the repair is done,

the Configuration Utility will start automatically.

Page 24

Cisco TMSXE Administrator Guide 2.2 Page 24 of 60

Upgrading

The Cisco TMSXE product version 2 and onwards supersedes the previous TANDBERG Microsoft Exchange Integration product. Cisco TMSXE can also be used as an upgrade for existing Exchange 2003 installations.

There are some differences in how the Cisco TMSXE product operates compared to the previous product and this section will outline the necessary additional information for administrators to complete an upgrade and highlight differences in operation and user interaction so they can plan their upgrades accordingly.

If you are also changing the version of Exchange Server you are installing onto (from Exchange 2003 to an Exchange 2007) please jump to the Upgrading to Cisco TMSXE and Migrating to Exchange

2007 section.

Upgrading to Cisco TMSXE on Exchange 2003

Installation Changes/Requiremen ts

If operating in a segregated AD and Exchange admin organization, do not rely on previous versions of the Installation Alternatives documentation for Microsoft Integration in regards to the Cisco TMSXE product. This information is now integrated into this manual and you should reference the Appendixes for details regarding using Cisco TMSXE in this type of environment.

Prior to installing the C is c o T MSXE product, you must uninstall the existing TANDBERG Microsoft Integration product. Open the Add/Remove Programs control panel, find the TANDBERG Integration product, and click Remove to start the uninstall process.

Note: You may be prompted to restart the server when the uninstall is complete. If you wish to avoid this restart, you can manually stop all Integration components before starting the Uninstall process. Ensure the Configuration Tool is not running. Then, using Microsoft Management Console (MMC), stop the TANDBERG Synchronizer Windo ws Service under Ser vic es, and us in g the Com pone nt Services Snap-in, expand the Local Computer, and shutdown the ‘TANDBERG’ COM+ Application by right-clicking on it and selecting shutdown. With these elements stopped, you should not be prompted to restart the server when the Uninstall is complete.

Note: Cisco recommends against using the option to “remove all users, groups, and settings” during uninstall when performing an upgrade. If choosing to use this option, Cisco recommends waiting 24 hours before attempting to perform the Cisco TMSXE installation. This will allow the mailbox and Active Directory changes to fully propagate.

When the uninstall is complete, you may be prompted to restart the server. If necessary, restart the server.

You can now follow the standard Cisco TMSXE installation instructions with the following exceptions:

 The existing Exchange Service us er will automatically be detected and re-used. The

administrator will be given the standard choices to reset the password or supply a new one. For the TMS-side service account, when prompted, use the Let the installer create a service account if needed option. This will cause the service user on the Cisco TMS server to be reused, and have its password and Service flag in Cisco TMS reset as part of the installation.

 In the Configure Service Account on the Cisco TMS Server step, be sure to select Let the

installer create a service user if needed. The installer will detect the previously used tmsconfuser

account on the Cisco TMS server and re-initia li ze it for the new insta llati on.

 The first time the Configuration Utility is opened, the utility will detect problems with the existing

resource accounts. This is normal as the sinks were disabled when the previous product was uninstalled. The configuration tool can automatically update the accounts as needed; simply select Yes when prompted to correct the issues with the accounts.

The remainder of the upgrade to Cisco TMSXE is completed by following the normal Cisco TMSXE installation steps. Your previously configured resource accounts will carry over to the new installation automatically.

Page 25

Cisco TMSXE Administrator Guide 2.2 Page 25 of 60

Note the following details regarding the installer and initial configuration:

 Your previously configured resources accounts will appear in the right column as integrated with

Exchange automatically and require no further configuration.

 The installer will re-use the previously defined Log directory for diagnostics logging. Post

installation you should update this to point to the new product’s installation folder or another of your choosing. Changing the log directory is done using the Configuration Utility under the Configuration tab.

 The Cisco TMSXE product no longer creates an Address List for integrated systems. This

address list was always optional and could be removed post-installation. Address lists can still be created by the Exchange Administrator if desired to list all integrated systems by using filters.

 If the custom form was used previously, it should be updated with the most recent form. Be sure

to complete the Publishing the TANDBERG Form section of the installation instructions to ensure your users have the most recent version of the form.

Configuration Tool Changes

The view and layout of the configuration tool has changed compared to the previous product, but the fundamentals concepts required to add/remove/test resource accounts have not changed. The tool has a new layout using Tabs that replaces the previous used Advanced button. Please see the Configuration Tool Reference for details on all of the features and use of the utility.

User Booking/User Experien ce Chan ges

The basic booking principles used by end-users have not changed from the previous product. Users should be able to immediately use scheduling with the new product with no need for retraining or additional assistance. The new TANDBERG form may have additional options compared to previous forms, but its overall use is unchanged. Please see the Error! Reference source not found. section regarding End-user operation.

Upgrading to Cisco TMSXE and Migrating to Exchange 2007

Since Exchange 2007 is not installed in-place over an existing Exchange 2003 server, these instructions assume you will install Cisco TMSXE on a different Exchange server then what was used previously. Migration of an organization from Exchange 2003 to 2007 is out of the scope of this document and will only cover moving the Integration product.

Due to changes in the resource booking models in Exchange 2007 vs. previous versions, the Asynchronous Booking model is the default, recommended booking model for Exchange 2007 installations. The instructions and notes belo w are writ ten ass uming you will be using Asynchronous Booking. Please see the Explanation of Resource Booking Models section for further details or notes on using Direct Resource Booking.

Prior to installing the C is c o T MSXE product, you must uninstall the existing TANDBERG Microsoft Integration product. On the existing server, open the Add/Remove Programs control panel, find the TANDBERG Integration product, and click Remove to start the uninstall process.

Note: When the uninstall is complete, you may be prompted to restart the server. If you wish to avoid this restart, you can manually stop all Integration components before starting the Uninstall process. Ensure the Configuration Tool is not running. Then using Microsoft Management Console (MMC) stop the TANDBERG Synchronizer Windows Service under Services, and using the Component Services Snap-in, expand the Local Computer, and shutdown the ‘TANDBERG’ COM+ Application by right-clicking on it and selecting shutdown. With these elements stopped, you should not be prompted to restart the server when the Uninstall is complete.

Page 26

Cisco TMSXE Administrator Guide 2.2 Page 26 of 60

When the uninstall is complete, you may be prompted to restart the server. If necessary, restart the server.

To reuse the existing resource accounts, the accounts’ mailboxes must be moved to a database on the new target Exchange 2007 Server.

 Use the Exchange Management Console or shell to move the mailboxes. See this Microsoft

article for assistance on moving mailboxes for Exchange 2007

Example: Using Exchange Management Shell to move a single mailbox.

Move-Mailbox contoso\john -TargetDatabase TargetDatabase "First Storage Group\Mailbox Database" -SourceMailboxCleanupOptions DeleteSourceMailbox

 Next the mailboxes must be converted to the Exchange 2007 version of a Resource mailbox.

Example using the Exchange Management Shell:

set-Mailbox -Identity:ResourceName -Type:Room

 Be sure the Active Directory user accounts for the resource accounts are in the same domain as

the Exchange Server where Cisco TMSXE will be installed.

 For security purposes, you may disable the Active Directory login for each resource account if

desired. Using the AD Users and Computers snap-in, set each resource account to Disabled.

You can now follow the standard Cisco TMSXE installation instructions with the following exceptions:

 The existing Exchange Service user will automatically be detected and re-used. The

administrator will be given the standard choices to reset the password or supply a new one. For the Cisco TMS-side service account, when prompted, use the Let the installer create a service account if needed option. This will cause the service user on the Cisco TMS server to be reused, and have its password and Service flag in Cisco TMS reset as part of the installation.

 In the Configure Service Account on the Cisco TMS Server step, be sure to select Let the

installer create a service user if needed. The installer will detect the previously used tmsconfuser

account on the Cisco TMS server and re-i nit ia lize it for the new insta ll ati on.

 After installing Cisco TMSXE, the first time the Configuration Tool is opened, the tool will detect

problems with the existing resource accounts. This is normal as the sinks were disabled when the previous product was uninstal led. The configuration tool can automatically update the accounts as needed; simply select Yes when prompted to correct the accounts.

Note the following details regarding the installer and initial configuration:

 Your previously configured resources accounts will appear in the right column as integrated with

Exchange automatically and require no further configuration.

 The Cisco TMSXE product no longer creates an Address List for integrated systems like the

previous product. This address list was always optional and could be removed post-installation. Exchange 2007 by default has an ‘All Rooms’ address list and additional lists can also be created by the administrator.

 If the TANDBERG supplied custom form was used previously, it should be updated with the most

recent form. Be sure to complete the Publishing the TANDBERG Form section of the installation instructions to ensure your users have the most recent version of the form.

 When using Asynchronous Booking (recommended), calendar permissions are no longer

required to book a system, so the security groups used by the previous product are no longer required. Access to booking rooms is controlled by the settings defined on the resource’s mailbox and calendar. The existing security groups can be removed, or may be re-used if you wish to allow users to be able to open the calendars of resources automatically. Be sure to set the groups on the Resource Defaults tab in the Configuration Utility if you plan on reusing the groups.

Page 27

Cisco TMSXE Administrator Guide 2.2 Page 27 of 60

Configuration Tool Changes

 The tool has a new layout using Tabs that replaces the previous used Advanced button.  At this time, the Configuration Utility does not display the last received email notification like the

previous product.

 When creating Resource Accounts, the utility no longer sets a password on newly created Active

Directory accounts and the accounts are set to ‘d isab le d’ in Acti ve Direc tory.

 Resource Calendar Permissions Groups are now optional and empty by default. If added, users

in these groups will be given permissions to newly created resource account’s calendars which allow the user to open the Calendar directly in their own client.

 Choosing to enable asynchronous booking is no longer available. Asynchronous Booking is the

default in the Exchange 2007 resource model and is the preferred model over direct resource booking.

See the Configuration Tool Reference for details on all of the features and use of the utility.

User Booking/User Experien ce Chan ges

The basic booking principles used by end-users have not changed from the previous product except how meetings are saved. The new TANDBERG form may have additional options compared to previous forms, but its overall use is unchanged.

If the Direct Resource Booking model was used before, users would get a pop-up if their meeting was successfully booked and if the booking failed, they could not save their meeting request. With the Asynchronous Booking model, the users will immediately be allowed to save the meeting, and shortly after will receive a meeting accept/reject notice from each resource booked in the meeting. Please see the Error! Reference source not found. section regarding End-user operation.

Page 28

Cisco TMSXE Administrator Guide 2.2 Page 28 of 60

Software Reference Guid e

Configuration Tool Ref er e nce

This section will provide details on each of the features and uses of the Configuration utility. The Configuration utility can be found in the Start Menu under TANDBERG > TANDBERG Conferencing

eXtensions for Microsoft Exchange > TANDBERG Configuration

Initialization Testing

When the Configuration tool is launched, it will perform a series of tests on the components of the integration and the accounts it discovers as integrated with Cisco TMS.

These tests are diagnostics tests to detect any changes to the resource accounts, server, or service accounts that may adversely affect the integration. These tests can catch most administrator induced errors. The number of account integrated will affect the duration of these tests – a progress bar is displayed to show percentage of completion.

Marking the Copy log to Clipboard checkbox will copy all the text displayed to the clipboard for pasting into another application if desired.

If any errors are detected that the utility can self-repair, a pop-up window will be displayed explainin g the error and prompting if the error should be repaired. The utility will report if it was able to fix the condition successfully.

Operations Tab

This is the main page of the Configuration utility.

Systems Found in

TMS

Integrated

Accounts found in

Synchronizer Start/Restart

Domain Controller

Setting

Page 29

Cisco TMSXE Administrator Guide 2.2 Page 29 of 60

Left Column

The left column displays all systems read from the configured Cisco TMS server that the Cisco TMS Service Account has access to. Endpoints, Rooms, and Recording Devices are listed – other system types are not available for Integration with Exchange but may be included automatically in meetings by Cisco TMS as required.

 TMS ID —Displays the System ID from Cisco TMS  Display Name – Displays the system’s name as displayed in Cisco TMS.

A progress bar and summary is shown at the bottom of the list.

Right Column

The right column displays all accounts found that the utility has detected as integrated with, or staged to be integrated with the Cisco TMSXE integration. The utility scans all mailboxes on the local Exchange Server and displays all those that have the TANDBERG custom attribute defined in the mailbox.

 TMS-ID – Displays the System-ID of the Cisco TMS system this account is associated with  Display Name – Disp lays the name as read from the ‘Display Name’ attribute of the Active

Directory account associated with this mailbox

 AD Account – Displays the DN of the Active Directory account associated with this mailbox

Tip: The user accounts and mailboxes created to represent Cisco TMS systems do not require or consume Client Access Licenses (CAL) for your Exchange Server. CAL licenses are tied to users or devices accessing the server, not the mailboxes themselves. An installation of Cisco TMSXE would only need one CAL for the server’s components themselves.

Adding Systems Button

The Arrow button between the columns in the Operation tab is used to link systems from Cisco TMS to resource accounts in Exchange. Details regarding this functionality are covered in section Enabling Cisco TMS systems in Exchange.

Tools/Actions

Right-clicking on any entry in the right-hand column presents a pop-up menu of available tools and actions. Use the shift or control keys to select multiple entries. These actions are primarily used for removing accounts from the integration, troubleshooting, or advanced installation scenarios.

The list below describes each of the actions available

Action

Description

Enable sink(s)

Enables the sinks in the mailbox used to notify Cisco TMS abo ut a book ing in

Exchange. When disabling the sinks, no check or booking is done on the Cisco TMS server, and the booking will only be done in Exchange. Used for repairing a damaged account or for advanced installation scenarios.

Test sink(s) This tests if the sinks defined in the mailbox are calling the integration

components with Cisco TMS properly. This is done by doing a booking in the past, and verifies that Cisco TMS replies with an exception informing that the bookings can not be done in the past. This can be used to validate bookings from Exchange to Cisco TMS are operating properly for this account. This is a troubleshooting-only tool.

Disable sink(s)

Disables the sinks in the mailbox used to notify Cisco TMS about a book ing in

Exchange. When disabling the sinks, no check or booking is done on the Cisco TMS server, and the booking will only be done in Exchange. Used for troubleshooting purposes.

Add Calendar

permissions

Adds the groups defined in the Resource Defaults page as Editor and Author

permissions respectively to the Calendar permissions of the selected mailboxes. Useful for updating existing accounts if those group settings are updated.

Add Service

Gives the Exchange-side service account (TMS-Service) permissions to the

Page 30

Cisco TMSXE Administrator Guide 2.2 Page 30 of 60

Action

Description

User

Permissions

mailbox and calendar of the selected account. Also sets the sinks on the account.

Used for repairing a damaged account or other troubleshooting.

Reconfigure

Account(s) from TMS

Used to fetch updated data from Cisco TMS for the selected accounts and update

their displayed information in Exchange. This is particularly useful when system s change name or numbers in Cisco TMS. If this happens, selecting this option will update the Active Directory information for the selected accounts.

Note: Due to Active Directory replication and Address Book generation, it may take some time before these changes are seen by Outlook users.

Remove AD User(s)

Permanently deletes the selected Active Directory account and mailbox from Active Directory and Exchange.

Warning: This action completely removes the account not only from Cisco TMSXE Integration, but from Active Directory as well.

Note that due to Active Directory replication and Address Book generation, it may take some time before these changes are seen by Outlook users.

Detach from

Integration

Removes the selected account from being integrated with Cisco TMS by disabling

the sinks and removing the custom attribute. Meetings created in Exc hang e for the account will no longer be synchronized with Cisco TMS or vise versa. The account will still be visible and usable by Exchange users as a normal Exchange resource account. This would be used to remove an account from Integration, but allow it to still be used in Exchange.

(Re)Book all

meetings

This option looks at all future meetings in the resource’s calendar and checks it

against Cisco TMS. Any meetings not in Cisco TMS will be booked in Cisco TMS so Cisco TMS has the correct availability information for the account. If there is any issue creating a particular meeting in Cisco TMS, the meeting’s organizer will receive an email describing the issue. This function is typically used when an existing resource in Exchange is updated with video support or staged in advanced installs. This does not replicate previously created meetings from the associated system in Cisco TMS to the Exchange account.

Current Domain Controller

This specifies which Domain Controller the Integration and Configuration Utility will communicate with for all of its Active Directory needs. The dropdown list will be populated with all domain controllers that it detects for the local domain.

This selection is available as it allows you to control which domain controller handles the workload of all the queries from the Integration and it simplifies troubleshooting of replication as you know where the changes are initiated and read.

Start/Restart/Reactivate Synchronizer

This button controls the starting of the synchronizer service which is responsible for replicating scheduling changes initiated in Cisco TMS’s interfaces to the linked accounts in Exchange via a background service that runs on the Exchange Server. If the Synchronizer has not been told to start since installed, the button will be labeled Start Synchronizer, and clicking it will tell it to start processing scheduling changes in Cisco TMS from when Cisco TMS was first installed.

In upgrade scenarios, the Synchronizer will be idle and the button will be labeled Reactivate Synchronizer. Clicking the button will restart the Synchronizer from where it last left off.

If the Synchronizer has been told to start since installation, the button wi ll be lab eled Restart Synchronizer. The Synchronizer keeps track of a transaction history in Cisco TMS so that it only has

Page 31

Cisco TMSXE Administrator Guide 2.2 Page 31 of 60

to process new changes each time. Clicking Restart Synchronizer will reset the Integration’s start point in that transaction history and begin processing all scheduling changes in Cisco TMS from the beginning.

Restarting the Synchronizer is not needed in normal operation and is only for specific, advanced situations. Restarting the Synchronizer will not affect any meeting data, but is a very intensive process that can take many hours to complete.

Configuration Tab

This tab allows you to review and update the communications and configuration elements of the Cisco TMSXE Integration that were initially defined during installation. Changes made here will affect the Cisco TMSXE Integration product immediately.

Password for Service User

The account used as the Exchange side Service user is listed (Default: <domain>\TMS-Service). If you wish to update the password of the Service Account, you must do it via this page. The Configuration Utility will update the Integrati on ’s references to the account’s credentials and the password in Active Directory. Changing the service account’s password outside the utility will cause the Integration to fail. If this occurs, update the account’s password again here using the Configuration Utility to restore service.

To update the password, enter the password in the fields provided and click Apply.

Rebuild Cisco TMS Server Connection

These fields display the information Cisco TMSXE uses to communicate with the Cisco TMS server. These fields are used to update the connection in case any of the values change, such as the service user’s password being updated or the Cisco TMS server address changing. To update any of these

Page 32

Cisco TMSXE Administrator Guide 2.2 Page 32 of 60

fields, enter the new values and click the Apply button and the new values will automatically be tested. Each field is described below.

Field

Description

User Name

The username used by the Integration to log into Cisco TMS. The installation created

a local user account named ‘tmsconfuser’ by default. The account specified here must have Cisco TMS booking rights on the systems to be integrated, the Exchange

Integration Service Account flag enabled in its Cisco TMS user profile, and book on behalf permission in Cisco TMS. The username should be entered with its machine

name or domain name as appropriate. Examples: machinename\username or domain\username

Password

The password to the specified user account. Entering a password here will not change the password on the account itself, only the password saved to be used by the Integration. To change the password of the service account itself, do so using Windows and then enter the password here to update the Cisco TMSXE integration.

Server

The network address of the Cisco TMS server. If using a load balancer for Cisco

TMS, enter the shared address of Cisco TMS.

Secure

Connection

When checked, the integration will use a HTTPS connection when communicating

with Cisco TMS. HTTPS must be enabled on Cisco TMS for this option to be functional. Please see the document Implementing Secure Management for more information regarding HTTPS on the Cisco TMS Server.

Change Log Directory

This setting controls where the logs for the TANDBERG integration are saved. To change this setting to a new location, enter the folder’s path or click Browse to navigate to the new folder. When selected, click Apply to save the change.

Change Sender Address

These fields define what information is put into the Email Address headers for emails sent by the Integration to users. This is used to change the appearance of emails sent by the Integration to users and may be customized if desired.

Note: The behavior of your mail client with regards to headers and from lines may affect what users see.

Field

Description

Display

Name

This field is blank by default, but some mail systems require a value be entered

here.

Address field

Defaults to the Exchange side Service User’s address (TMS-Service) and is used

as the From address in the mail header.

Resource Defaults Tab

This tab shows several controls available regarding the default configuration of resource accounts created by the Configuration Utility.

Page 33

Cisco TMSXE Administrator Guide 2.2 Page 33 of 60

Note: These values are the defaults for accounts to be created. Changes here do not automatically affect accounts that have been created previously

Mailbox Type for new resources (Exchange Server 2007 Only)

Controls the account type used for new accounts. The choice does not affect how the integration functions and is relevant only to how administrators want to list or display accounts to users in their clients.

Asynchronous Booking (Exchange Server 2003 Only)

System-wide setting that allows users to use Asynchronous booking in addition to resource booking when integrated on an Exchange 2003 server. If set to Allow, invites sent via email will be processed by the Integration. If set to Instruct user to use resource booking, when an email invitation is received, it will be rejected and the user will receive an email instructing them to make the meeting request using the Resources field in the meeting invite. For more information regarding Asynchronous booking vs. resource booking, please see Explanation of Resource Booking Models.

Default Organizational Unit

This setting controls where accounts created by the Configur ati on Uti lity will be created in Active Directory. To change this setting, click Browse and a window will appear allowing you to browse the Active Directory and specify an existing OU or create a new one.

Mailbox Database for New Accounts

This setting controls which Mailbox storage group is used for mailboxes created for new accounts created by the Configuration Utility. This drop-down list will autom atical l y be populated w ith all Ma ilb ox storage groups found on the local server.

Resource Calendar Permissions

The groups defined here will automatically be assigned Editor or Author permissions respectively on the calendars of accounts created by the Configuration Utility. In Exchange 2003 installations, these groups are defined during installation, and users must be a member of the Author group to be able to

Page 34

Cisco TMSXE Administrator Guide 2.2 Page 34 of 60

use Direct Resource Booking. Users who are members of the Editor group will be able to book the resource and also able to edit meetings in the resource’s calendars that were created by other users.

In Exchange 2007 installations, these groups are empty by default as the permission groups are not used to control booking resource accounts in Asynchronous Book ing. However, they can still be used if desired to give user groups direct access to the calendar of resource accounts.

To change either of these groups, click the Browse button and a window will appear to allow you to select a user group from Active Directory.

If you wish to retroactively apply changes made here to existing accounts, you can use the Set Calendar Permissions action in the Operations Tab of the Configuration Utility to apply the security groups to selected existing accounts.

Enabling Cisco TMS systems in Exchange

The left hand column on the Operations tab represents all endpoints, rooms, and recording devices found in the configured Cisco TMS Server that the Cisco TMS side service user has access to. The right hand column lists all Exchange accounts that have been determined to be integrated with Cisco TMS via Cisco TMSXE.

Select one or more Cisco TMS systems you wish to enable in Exchange from the left hand list. Use the shift or control keys to select multiple systems. Click the

 button.

A new window appears which walks you through the Active Directory configuration for each selected system

For each selected system, this dialog walks you through creating a new Active Directory account and mailbox OR associating the system with an existing Active Directory account and mailbox. Use the

Page 35

Cisco TMSXE Administrator Guide 2.2 Page 35 of 60

Previous/Next button to switch between systems. The current system being configured is displayed in the top left. The dialog allows you to choose an option for each selected system individually. When multiple systems were selected, the OK button will be disabled until a choice has been made for each system.

Select the account options for each system as follows

1. Use the Next/Previous buttons to select the desired system

Alternative A

Alternative B

To create a new account for the system:

To use an existing account

Ensure Create an AD account… is selected.

The center panel displays a list view of your Active Directory’s organizational structure. Expand the tree if necessary and highlight the Organization Unit (OU) where the new account should be created. The mailbox and Active Directory user will automatically be created by

the utility

This option will reconfigure an existing AD

user account and mailbox to be associated with the Cisco TMS system. Select Use an Existing AD Account. The center panel will show you your domain’s organizationa l structure. Navigate the tree to find the desired AD Account or use the Search feature. Only user accounts that have their mailbox on the local server will be displayed. Click on the user account you wish to associate to this Cisco TMS system.

Note: If an OU has more than 1,000 entries, only the first 1,000 will be displayed. Please use the Search option when OUs are very large.

2. Repeat the above steps using the Next/Previous buttons to toggle between the systems until a choice has been made for each system.

3. Click the OK button to continue.

In Exchange Server 2003 Installations, the utility will ask you for a password to use for the newly created accounts. The password entered will be used for accounts that are to be created. Marking the Reset password for all… checkbox will set the password on accounts that are being re-used as well.

Exchange Server 2007 installations will create an AD account with no password and the user acc ount will be disabled as is normal for resource accounts in Exchange 2007

The Active Directory User Account associated with the mailbox must be a member of the local domain where

the TCX product is installed

Page 36

Cisco TMSXE Administrator Guide 2.2 Page 36 of 60

Review selections—After choices have been made for all selected systems, a window will present a summary display of your choices.

If the information is correct, click OK, or if alterations are needed click the Edit button to return to the previous screen.

Note: Meetings with no end date can not be booked in Cisco TMS and will synchronize to Cisco TMS. After Cisco TMSXE is installed, any meetings of this type should be edited using Outlook to a new meeting with a fixed end-date.

The configuration tool will now perform the tasks as instructed, and a status screen shows the progress of the individual systems and the overall progress.

Note: This process can take some time depending on the number of systems you are importing and the design of your Active Directory.

When complete, click the OK button and the Operations tab will be displayed with the newl y added systems in the right-hand column.

Manually Enabling Auto-Accept

As part of the process when enabling resource accounts in Exc han ge 200 3, the configuration tool wil l turn on auto-accept in the resource’s calendar options. In some scenarios, the methods used by the software to enable this setting are not available and this must be done manually when resource accounts are enabled. The Configuration Tool will report if it was not able to enable this setting automatically when enabling accounts.

1. On a client computer with Outlook installed, create a new Mail profile using the Mail Control

Panel. In the Mail profile, click Show Profiles, and add a new Mail profile, with an Exchange Mailbox with the credentials and properties of the resource account you are trying to modify. When created, you can set Outlook to prompt you for which profile to use when launching Outlook.

2. Open Outlook, and select the profile you configured for the resource account and supply the

credentials for the resource account.

Page 37

Cisco TMSXE Administrator Guide 2.2 Page 37 of 60

3. When the mailbox opens, select from the menu Tools > Options.

Page 38

Cisco TMSXE Administrator Guide 2.2 Page 38 of 60

4. In the Preferences tab, click the Calendar Options button.

5. In Calendar Options, click the Resource Scheduling button.

6. Mark the checkbox for Automatically accept meeting request and process cancellations and click

7. If you are prompted about setting default permissions, accept the change

8. Click OK to close the Calendar Options, and click OK again to close the Options panel. Close

Outlook

Page 39

Cisco TMSXE Administrator Guide 2.2 Page 39 of 60

Cisco TMSXE Logging Features

The Cisco TMSXE product has logging features to assist with troubleshooting of the installation and operation if required. The directory for these log files is configured in the Configuration Utility and by default is a sub-folder named Logs in the installation directory.

The logging detail and modes are controlled via registry settings the administrator can modify if desired. All values are stored in the registry at

HKEY_LOCAL_MACHINE\SOFTWARE\Tandberg\TANDBERG

Management Suite Exchange Integration

Administrators can use the Windows Registry Editor to create/modify the registry keys as needed. After any of these registry settings have been modified, the Integration should be restarted to have

the changes take effect. This can be done by either restarting the Windows Server, or you can avoid restarting the server by restarting the TANDBERG COM+ Package itself.

To restart the COM+ Package,

1. Open the Component Services Snap-in in a MMC Console

2. Expand the tree Component Services > Computers > My Computer > COM+ Applications

3. Find the TANDBERG listing, right-click on it and select Shut Down

4. Right-click on the TANDBERG listing again, and select Start The TANDBERG components will not process any registry key changes you may have made.

Setting Log Levels

Logging is controlled per component. You can define the level of information logged, and where it is logged to. By default, Errors and Info are logged to file for all components. Changing this behavior is controlled through the creation of two possible registry strings for each component—LogLevel and LogMode. These keys are not present by default, and if not detected, the default values are used.

A list of valid components you can control are listed below. The name in the left column is the string to use in the registry string (names are case sensitive!)

Valid components

How to use

Installation

Logging for steps and actions from the software

installation/upgrade/uninstall

TANDBERG Configuration

Logging for actions initiated from the Configuration Utility

TANDBERGSinks Logging related to the mailboxes/calendars and triggering of the

Synchronizer

SyncHandler

Logging related to the Synchronization processes between Cisco

TMS and Exchange

TMSConferenceAPI

Logging related to the conferencing details passed between Cisco

TMS and Exchange

The Loglevel value is used for controlling the amount of detail that is logged for a particular component. To set the LogLevel for a particular component, create a new String Value in the Cisco TMSXE registry key whose name is LogLevel ComponentName replacing ComponentName with one of the valid Component names. When created, modify the string by double-clicking it and set the value to the desired level from the list below.

LogLevel

Page 40

Cisco TMSXE Administrator Guide 2.2 Page 40 of 60

Value

Meaning

-2

Off

-1

Errors Only

Errors and Info (default)

1023

Full debugging

LogMode The LogMode value defines where the information for a particular component is logged to. Logging

can be to file or to OutputDebugString. When logging to OutputDebugString, you can use the freely downloadable DebugView utility from Microsoft to capture and view the information in real-time. DebugView can be found at

http://www.microsoft.com/technet/sysinternals/Miscellaneous/DebugView.mspx

To set the LogMode for a particular component, create a new String Value in the Cisco TMSXE registry key whose name is LogMode ComponentName replacing ComponentName with one of the valid Component names. When created, modify the string by double-clicking it and set the value to the desired level from the list below.

Value

Meaning

1 Log to file (default)

Log to OutputDebugString

Example: Setting component ‘TANDBERG Configuration’ to Debug Level Logging to file

Managing Log Files

All log files are written to the same directory. This directory is normally defined using the Configuration Utility, and can be seen in the registry key as string Log directory . When a component is set to log to file, each component creates a separate log file named ComponentName.log in the log directory.

To prevent the logs from getting too big and taking up too much disc space, an administrator can control the maximum file size and rotation of the log files. This is done globally, so all logs share the same rotation and sizing rules. The size of files is controlled by the string value Log Size

This registry setting is used to control size. The log size is a string whose value is the maximum size of a log files in bytes. To set the Log Size, create a new String Value in the Cis co TMSXE registry key whose name is Log Size . When created, modify the string by double-clicking it and set the value to the desired size in bytes. For example setting the value to ‘10485760’ for 10MB. This is also the default value used if Log Size is not defined.

Log Size

The log files will be rotated when a log hits its maximum size as defined by Log Size. When that happens, the log file is renamed ComponentName.bak and a new ComponentName.log file is created. If an existing ComponentName.bak file already exists, it is replaced by the newly rotated log.

Page 41

Cisco TMSXE Administrator Guide 2.2 Page 41 of 60

Resolving Custom Attribute Conflicts

The Cisco TMSXE integration relies on being able to set/read a Custom Attribute 1 in the mailboxes used for its Exchange Service account and the resource accounts integrated with Cisco TMS. In some customer installations, this custom attribute is already in use for other customer-specific uses. To accommodate these situations, Administrators can define which of the 15 possible custom attribute slots the Cisco TMSXE pro duc t will use.

To change from the default perform these steps prior (recommended to do prior to insta ll ing Cisco TMSXE)

1. Open the Registry Editor regedit.exe

2. Navigate to the registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Tandberg\TANDBERG Management Suite Exchange Integration

If it does not exist, create a new registry key in this location.

3. Select the TANDBERG Management Suite Exchange Integration ke y, and in the right panel,

right click and select New > String Value. Name the new value TM S Id AD Attribute (case sensitive!).

4. Double-click the newly created string value, and in the value field enter the number of the

attribute you wish to use and click OK.

5. Close the registry editor. When running the Cisco TMSXE installer and Configuration Utility they will now use the custom

attribute ID defined in the registry key. This does not reconfigure any existing accounts, so if any existing accounts were added before making the change will need to be re-enabled using the Configuration Tool to update them with the new settings.

Additional Reference Materials for Administrators

The following sections are reference material for Exchange Administrators. These sections provide additional details on the technology behind the Cisco TMSXE integration and the impact on the Exchange Server itself so administrators can be confident in how the Cisco TMSXE software affects their environment.

Functional Overview of Cisco TMSXE Integration

The calendaring functionality of Microsoft Outlook and Microsoft Exchange allows users to create meeting events in their calendars, invite other participants, resources, or equipment directly from their Outlook client. The workflow and steps to book such meetings are commonly understood by Outlook users. Cisco TMSXE leverages the programmable extensibility of Microsoft Exchange to expand this functionality to include functionality from Cisco TMS while making minimal or no changes to the User’s experience. This reduces training needed to deploy the product and makes scheduling of video conference resources easier and more accessible.

To model rooms or equipment that can be invited to meetings by users, Exchange uses designated mailbox and user accounts to represent what users can schedule. Exchange Server 2007 updates this model by having special designations of ‘room’ or ‘equipment’. These accounts have their own calendars and permissions, just like a normal user. In a traditional installation, these accounts are configured to automatically accept all meeting invitations sent to them, and their calendar is updated so other users can see when the room is available.

Cisco TMS has its own database which maintains scheduling information and availability for all systems it manages. Beyond availability, Cisco TMS also understands notions such as are other resources such as is a MCU required? Ho w t o automate any call connections? Are the systems using for example compatible protocols? Users are able to make requests to book resources managed by Cisco TMS directly from the Cisco TMS web interface.

To allow users to schedule their Cisco TMS managed devices from Outlook or Cisco TMS interchangeably, there must be a representation of a system/room in both environments. In Cisco TMS, this is the managed system. In Exchange, a resource account is created to represent the

Page 42

Cisco TMSXE Administrator Guide 2.2 Page 42 of 60

system/room. These two representations must be kept in synch to allow users in either environment to use them interchangeably.

Because Cisco TMS understands more about the resources, and adds additional checks before allowing a meeting to be created, Cisco TMS is the authoritative role. Meetings are not allowed to be saved, unless Cisco TMS says the meeting is valid. For meetings creat ed direc t l y in Cisco TMS, this is done by default and Cisco TMS does not need to check with Exchange. For meetings created in Exchange, this means Exchange must check with Cisco TMS, before allowing a meeting to be saved. Additionally, there must be a synchronization process to ensure any meetings or changes that originate in Cisco TMS, are updated on the calendars in Exchange.

To achieve this, two methods are used. The Cisco TMSXE software interjec ts wh en a meetin g is attempted to be saved in a resource’s Exchange Calendar so it can check with Cisco TMS, and a synchronization process is used to update Exchange with changes that originate on the Cisco TMS side.

To interject when meetings are saved in Exchange, Cisco TMSXE uses ‘Calendar Sinks’ on the resource accounts. Whenever someone attempts to write to the Calendar, the details are provided to Cisco TMS, and a meeting is created in Cisco TMS based on the details of the Exchange invitation. If the meeting is able to be saved in Cisco TMS, the meeting is allowed to be saved in Exchange, and the booking user gets an acceptance message followed by an email with the meeting details from Cisco TMS. If the meeting is not possible to save in Cisco TMS, the meeting in Exchange is rejected and the user receives an email stating why. Sinks allows Cisco TMSXE to inject itself only on resource accounts the administrator intends to be integrated with Cisco TMS; leaving all other calendars and resources untouched and operating as before.

Because the sink method only interjects when a meeting is saved on an Exchange Calendar, something must update the Exchange Calendars if changes are made to the representation of the system/room in Cisco TMS. This process is handled by a synchronizer installed on the Exchange Server that is notified whenever a booking change happens on Cisco TMS. The synchronizer connects to Cisco TMS to determine if the change affects any of the systems integrated in Exchange, and updates their calendars as needed. The synchronizer also automatically checks every 3 minutes as a failsafe in case notifications from Cisco TMS are missed. Using these methods, resource calendars are updated almost immediately after changes have been made in Cisco TMS.

The combination of interjecting when writing to the calendars of resource accounts and Synchronizing keep the separate representations of the same room or system in synch across both platforms.

Changes and Impact of Cisco TMSXE Installation on Existing Servers

This section is provided as reference for administrators who desire to understand fully the impact of installing Cisco TMSXE integration on their Exchange Server.

As part of the guided installation, the installer makes the some necessary changes in the scope of Domain users, the Exchange Server, and Cisco TMS Server. The changes of significance are listed below.

Changes on Exchange Server and Domain

 The installing user specifies an Organization Unit (OU) to use as the default location for all

accounts created by the software. The user is given a choice to create a new OU if desired.

 A ‘TMS-Service’ Active Directory user account is created in the local domain in the selected OU

to act as a service account on the Exchange Server

• A strong password is automatically created for the user. This can be changed using the Configuration Utility post-installation if needed.

• A mailbox is created for TMS-Service account and an inbox sink is registered on the mailbox

• There is an option to re-use an existing AD user account if desired instead of creating a new

one if desired

Page 43

Cisco TMSXE Administrator Guide 2.2 Page 43 of 60

 Creates two security groups which are used to assign calendar permissions (Only created in

Exchange 2003 installations)

 A role-restricted COM+ Application is created on the Exchange Server which runs as the TMS-

Service service account

 An installation folder with a log directory is created and the service user is granted access to the

log directory

 A Configuration Utility is installed to manage the product, and is accessible via a TANDBERG

Program Group added to the Start Menu

 Registry keys are created within a TANDBERG Hive in the Registry and the service user is

granted permission to these keys

Changes on Cisco TMS Server

 A local Windows User account named ‘tmsconfuser’ is created on the Cisco TMS Server (Normal

Windows User privileges only) with a strong random password.

• Alternatively an existing account can be specified during installation if manually configured

 Assigns the ‘tmsconfuser’ account the ‘Exchange Integration Account’ permission within Cisco

TMS and adds it to the Site Administrators Group

Permissions Granted to Service Users

The service users permissions will be configured automatically when created by the installer, but the following permissions must not be restricted for the service users.

Exchange Side Service User—TMS-service

 Log on as a Batch job  Read/Write permissions to the TANDBERG Key in the registry  Write permissions to log files directory  Read permissions to log files directory and the installation directory  Activate permissions to the TANDBERG COM+ package  Do not grant this user any Exchange Administrator Roles to prevent it from accessing other

mailboxes

Cisco TMS Side Service User—tmsconfuser

 Must have access to login to the Windows Server hosting TMS  Needs to be a member that has “Book on behalf of” permissions in Cisco TMS  Must have Exchange Integration Service Account set to Yes in its Cisco TMS Profile  Must have booking permission to the systems in Cisco TMS to be integrated

Licensing Requirements

Exchange Licensing

The Cisco TMSXE Integration has no impact on your Exchange licenses from Microsoft.

Cisco TMS Licensing

Each system that is to be integrated with Exchange must already exist in Cisco TMS and be properly licensed itself in Cisco TMS. For licensing of Cisco TMSXE Integratio n, the licensing can be per system, or per Exchang e S erver integr ate d with C is co TMS depending on the type of license you purchase.

When using per system licensing, controlling which systems are consuming licenses is set by the Remote Booking flag in System Navigator on each system. By default, Remote Booking will be set to No for each system. The first time a system is used from Exchange, if there is a free license available on the Cisco TMS server, Remote Booking will be toggled to Yes for that system. In doing so, licensing is automatically enabled for systems you have integrated with Exchange. If no more licenses are available, and Remote Booking = No for that system, the requ es ted booking will be denied.

Explanation of Resource Booking Models

Microsoft Exchange and Outlook offers two distinct ways to book resource accounts. The different models have different requirements and user experiences. Both models should be understood so an

Page 44

Cisco TMSXE Administrator Guide 2.2 Page 44 of 60

administrator can decide which is best for their organization. In Exchange 2003 installations, administrators may choose which booking model to use. In Exchange 2007 installations, Microsoft has moved away from the Direct Resource Booking model and therefore it is no longer the default method and is not covered by the standard instructions in this manual. Notes on using Direct Resource Booking in Exchange 2007 with Cisco TMSXE can be found in the section Using Direct Resource Booking in Exchange 2007..

Resource Scheduling Model/Asynchronous Booking

In this model, users send a meeting invitation via e-mail to the resource accounts just like they invite other meeting participants. The meeting invite is then accepted or rejected by the resource account and the meeting coordinator receives a response just as they do from other meeting participants. The sending of the invite and receiving of the response are done separately, so this model is referred to as ‘Asynchronous Booking’ by Cisco.

This model has the advantage that users do not need to have special permissions to the resource’s calendar and they are not required to use the Resources field. This model also does not rely on the Outlook client, so it is more compatible with other interfaces, such as Outlook Web Access (OWA).

In this model, the user sends out invitations before they receive a confirmation from the resource accounts. This means if a resource rejects the initial meeting invite, the user should re-open the calendar entry and try to rebook it. In an Exchange-Only installation, there is less potential for a resource account to reject a meeting as long as it is free. But when scheduling audio/video resources in addition to room availability, there can be other reasons such as a lack of MCUs available, incompatible call types, etc that could lead to a request being rejected. With Asynchronous Booking, users have more flexibility, but they also must take care to not repeatedly try to re-book a meeting to avoid annoying other users with too many meeting updates.

Asynchronous Booking is available in both Exchange 2003 and Exchange 2007 installations of the Cisco TMSXE Integration. On Exchange 2007 installations, it is the default and can not be disabled. On Exchange 2003 installations, the integration can be configured to allow or deny Asynchronous requests. On Exchange 2003 installations, a TANDBERG provided inbox sink facilitates Asynchronous requests. In Exchange 2007, the Resource Attendant provides this f unc tiona lit y, and is configurable using the Exchange Management Shell.

Direct Resource Booking/Synchronous Booking

In this model, when creating a meeting, users put the resource accounts for the meeting in the Resources field of the meeting invitation. By doing so, the Outlook client tries to save the meeting in the resource’s calendar directly before the meeting is allowed to be saved by the user. The benefit to this is the user gets immediate feedback if the meeting can be saved in the resource accounts calendars and avoids needing to edit a meeting after it is saved due to a later rejection. In this model, the user must use the Resources field in the meeting invitation for resources, and not the Required or Optional fields.

The negatives to this model are that it requires specific calendar permissions and settings to operate. The Cisco TMSXE Configuration Utility automates those tasks when enabling resource accounts, minimizing that burden.

In the previous product, Direct Resource Booking was the default booking model as it offers greater controls over who can book which resource and for the user feedback. When Cisco TMSXE is installed on an Exchange 2003 server, this model is still the default choice.

Exchange Server 2007 changed the booking models available, and Direct Resource Booking is no longer the preferred booking model in Exchange. The new policy controls and Resource Booking Attendant have enabled new features and better manageability. As such, with Exchange 2007 installations and going forward, Direct Resource Booking is no longer the default, and no choice is given to disable e-mail based reservations (Asynchronous Booking).

Page 45

Cisco TMSXE Administrator Guide 2.2 Page 45 of 60

Using Direct Resource Booking in Exchange 2007

It is possible to use Direct Resource Booking with Exchange 2007 but it is not the recommended scenario and functionality is reduced compared to Exchange 2003. This manual is not written to describe the combination of Exchange 2007 and Direct Resource Booking. For those that wish to continue to use this model, the additional details below are provided to account for differences in the regular manual text as it relates to Direct Resource Booking.

 You must have Public Folders deployed in your Exchange Organization.  When upgrading from Exchange 2003, and reusing existing accounts, do not convert the

mailboxes to type room or equipment – leave them as user mailboxes.

 To use Direct Resource Booking, an account must be a user mailbox type, not a room or

equipment type. This means you can not use the Configuration Utility to create new mailbox accounts. You may follow the steps in the Appendix for using Cisco TMSXE with Separate Admin roles to manually create accounts.

 The Editor and Author permission groups are not populated by default in Exchange 2007 installs.

These should be defined and used as they were in Exchange 2003 to properly grant users the ability to directly book in an account’s calendar. Ensure the groups are defined, and use the ‘Add Calendar Permissions’ action in the Operations Tab of the Configuration Utility to add the permissions to selected accounts.

 The ‘Enable AutoBooking’ action will not be avai lab le in the Conf igur at ion Uti lity. Follow the steps

in the section Manually Enabling Auto-Accept to enable Auto-Accept in the calendar of newly created resources.

 Users who incorrectly try to use Email invitations to an account bookable only through Direct

Resource Booking (a user mailbox instead of a room or equipment mailbox) will not get a reject message nor will the meeting be booked.

Page 46

Cisco TMSXE Administrator Guide 2.2 Page 46 of 60

Appendix A. Creating the Organization

Forms Library in Exchange Server 2007

During the installation of the first Exchange Server 2007 as a new Organization, the setup prompted the user with ‘Do you have any client computers running Outlook 2003 and earlier or Entourag e in your organization?’. If the user answered yes, a Pub lic Folder dat abas e and Organizational Forms library was automatically created. If they answered no, no Public Folders would have been created and creating a Public Folder Database is most likely required to be able to publish the TANDBERG form.

If Exchange Server 2007 was installed along side an existing Exchange Server 2003 environment, the Public Folder database should have been created and configured to replicate with the existing 2003 Public Folder database and Organizational Forms Library.

The steps below cover the basic concepts for setting up Public Folders and an Organizational Forums library in Exchange Server 2007. Due to the high variation in installations, these are not step-by-step instructions but rather a collection and guide to the reference material provided by Microsoft regarding Public Folders and Organization Forms Libraries in Exchange 2007. Administrators should reference Microsoft’s documentation for more detailed information regarding Public Folders.

Relevant Microsoft articles:

Understanding Public Folders—http://technet.microsoft.com/en-us/library/bb397221.aspx Understanding Public Folder Re p lication—

http://technet.microsoft.com/en-

us/library/bb629523.aspx

Managing Public Folders—

http://technet.microsoft.com/en-us/library/bb124411.aspx

How to Create a New Public Folder Database—

http://technet.microsoft.com/en-

us/library/bb123687.aspx

How to View or Configure the Settings of Public Folders—

http://technet.microsoft.com/en-

us/library/bb123509.aspx

How to View or Modify Public Folder Database Se ttings—

http://technet.microsoft.com/en-

us/library/bb124522.aspx

How to Create an Organizational Forms Library in Exchange 2007—

http://technet.microsoft.com/en-us/library/cc540468.aspx http://support.microsoft.com/kb/933358

Configuring Public Folder Permis sion s—

http://technet.microsoft.com/en-us/library/bb310789.aspx

Setting up an Organizational Forms Library

These steps must be performed by an Exchange Administrator. See the supporting Microsoft articles for specific permissions.

1. On an Exchange Server, open the Public Folder Management Console by opening the Exchange Management Console, clicking on Toolbox, and then double-clicking on Public Folder Management Console. If there is an existing Public Folder Database, the console will connect to it, and the navigation tree will list both Default Public Folders, and System Public Folders. Public Folder Databases can also been in the Exchange Management Console > Server Configuration > Mailbox and viewing each server’s databases.

2. If no Public Folder Database exists, you will need to create one and mount it. See How to Create a New Public Folder Database—

http://technet.microsoft.com/en-us/library/bb123687.aspx for

assistance with creating a new Public Folder Database. When completed, you should be able to open the Public Folder Management Console, and be able to expand System Public Folders and see EFORMS REGISTRY

Page 47

Cisco TMSXE Administrator Guide 2.2 Page 47 of 60

3. Using the Exchange Management Shell, create a new Public Folder named TANDBERG Form under EFORMS REGISTRY for the Organizational Forms Library.

Example:

New-PublicFolder –Path “\NON_IPM_SUBTREE\EFORMS REGISTRY” –Name “TANDBERG Form”

Later steps require the use of the Outlook client and having an active mailbox with specific permissions to the Public Folder that was created. The administrator who created the Public Folder by default has sufficient permissions to complete those steps. However, if that administrator can not use an Outlook Client with a valid mailbox, you must grant permissions to the Public Folder for a user who can use Outlook. To grant the required permissions to a user, use the following commands in the Exchange Management Shell, substituting in the correct domain\username for the user to be granted the permissions.

Add-PublicFolderClientPermission –Identity “\NON_IPM_SUBTREE\EFORMS REGISTRY\TANDBERG Form” –User “domain\username” –AccessRights Owner

Add-PublicFolderAdministrativePermission -Identity “\NON_IPM_SUBTREE\EFORMS REGISTRY\TANDBERG Form” –User “domain\username” –AccessRights AllExtendedRights

4. As the Administrator who created the Public Folder, or as a user granted the required permissions in the previous step, switch to a computer with Outlook installed with a valid mail profile.

5. Download and extract the MAPI Editor from Microsoft—

http://go.microsoft.com/?linkid=5684182

6. Launch the mfcmapi.exe executable.

7. From the Session menu, select Logon and Display Store Table. If prompted, select the correct mail profile to use. The screen will update to show the stores from the user’s profile.

8. Right click the row with the Display Name Public Folders and select Open Store

9. Expand the tree in the left panel down to the TANDBERG Form folder. Public Root > NON_IPM_SUBTREE > EFORMS REGISTRY > TANDBERG Form

Page 48

Cisco TMSXE Administrator Guide 2.2 Page 48 of 60

10. In the center panel, scroll through the list and find the entry starting with PR_URL_NAME and select it

11. From the Propert y Pan e menu, select Modify Extra Properties and a new Extra Pro p e rt ies window will appear.

12. Click the Add button and the Property Tag Editor Window will appear

13. Click the Select Property Tag button

14. Scroll through the list and find PR_EFORMS_LOCALE_ID , select it and click OK

15. Click OK to close the Property Tag Editor. Click OK again to close the Extra Properties Window

16. The PR_EFORMS_LOCALE_ID Pr op ert y will no w be listed with a red icon nex t to it in the property list.

17. Double-Click PR_EFORMS_LOCALE_ID and in the unsigned decimal field, enter 1033 and click OK.

18. Close the MAPI Editor.

Tip: For Microsoft’s description of the steps using the MAPI Editor, please see How to create an Organizational Forms Library in Exchange 2007—http://support.microsoft.com/kb/933358

This completes the steps necessary to create the Organizational Forms Library. Administrators performing an installation can continue onto the Publishing the TANDBERG Form and Configuring clients to use the Form sections of the documentation.

Page 49

Cisco TMSXE Administrator Guide 2.2 Page 49 of 60

Appendix B. Using Cisco TMSXE with

Redundant Cisco TMS Servers

If your Cisco TMS installation includes multiple Cisco TMS front-end servers in a redundant or failover scenario, some additional care must be taken when installing and configuring the Cisco TMSXE Integration. This section will cover any to be aware of to ensure the Cisco TMSXE Inte grati on wil l continue to work in your redundant or fail-over scenario.

Pre-Installation

The Cisco TMS side service account is normally created by the installer as a local Windows user. Because the Cisco TMSXE Integration should be able to use any of the Cisco TMS servers, a domain user account should be used instead so the credentials will work on any of the servers.

1. Create or designate a Domain user account you will use as the Cisco TMS side service account. Using this account, open a web browser and log into the Cisco TMS web interface so a user profile will be created for the user. When complete, close your browser.

2. Open a web browser and log into your Cisco TMS server with a username that is a Site Administrator. Edit the service user’s profile under Administrative Tools >User Administration > Users. In the account’s profile, set Exchange Integration Service Account to Yes. Set the user’s email address to what will be the Exchange Service Account’s email address. This normally

would be tms-service@<SMTP Domain>

Installation

. Ensure the user is a member of a Cisco TMS group that has the Book on behalf permission set in the Group Permissions. Save the changes to the user’s profile and close your web browser.

The normal installation steps can be followed taking note of the following specifics:

 When prompted to Select the Service Account for TMS, select the option I have created a service

user on the TMS server and enter the credentials of the Domain user you designated to use as

the service user. For the Cisco TMS address, be sure to enter the address that is shared by your Cisco TMS servers (the DNS hostname, or load balanced address, etc). Do not select the HTTPS option unless all servers have been properly configured for HTTPS operation.

Operation

There is no change in operation compared to a traditional Cisco TMS. By using the shared or load balanced address for the Cisco TMS server in the Configuration Utility, the integration will connect to a live Cisco TMS server the same as regular users do.

If unsure of this address , enter any valid email address and you can come back and update the user’s TMS profile with the correct address after the TCX Installation has been completed and the TMS-Service account is created.

Page 50

Cisco TMSXE Administrator Guide 2.2 Page 50 of 60

Appendix C. Using Cisco TMSXE with

Exchange 2007 Clustering

Overview

The Cisco TMSXE Integration product has been designed to be compatible with a Clustered Mail Server created using the Continuous Cluster Replication (CCR) model of Exchange 2007.

When an organization uses Exchange Clustering, Cisco TMSXE can always be installed on another Exchange Server within the organization that is not part of a cluster. This is true for both Exchange 2003 and 2007 installations. With clustering support, Cisco TMSXE can actually be installed on an Exchange Server that is a node of a Clustered Mail Server (CMS) and will fail-over along with the Exchange Service.

In a CMS setup, Cisco TMSXE is installed on each node in the Exchange Cluster. The Cisco TMSXE Integration itself will not be clustered, and therefore will not show up in the Services/Applications of the Failover Management Console. Instead, the Cisco TMSXE integration on each node follows the state of the Exchange Clustered Server and is only active when the local server is the active node in the cluster.

Clustering Requirements

Installing on a cluster requires the additional restrictions on the standard Cisco TMSXE requirements

Details

Exchange Server 2007 w/Service Pack



Must be a CCR Clustered Mai l Serv er

 Must be Service Pack 1 or greater

Windows Server 2008



Clustering requires Enterprise or Datacenter Edition

64bit

 Latest Service pack recomm ended

Installation

These instructions assume your Clustered Mail Server (CMS) is already installed and operational. For assistance setting up and configuring your Clustered Mail Server – please refer to the Microsoft documentation—

http://technet.microsoft.com/en-us/library/bb629714.aspx

The installation on cluster nodes follows the same general steps as a stand-alone installation of Cisco TMSXE with minor differences. Follow the steps below to perform a first time installation.

1. Create a Service User Manually—The service user that will be used by Cisco TMSXE on the

Exchange Server should be created manually rather then allow the Installer to create the account.

a. Create a new local domain user with a strong password to act as the TMS-Service service

account. Example: TMS-Service. The TMS-Service account should have a mailbox created on the storage group hosted by the Clustered Mailbox Server. The TMS-Service account must have a SMTP email address that is reachable from the mail server used by Cisco TMS.

2. Add Log on as Batch Job permission – The TMS-Service user needs the Log on as Batch Job

Local Security Policy setting on each Windows Server in the cluster. As an administrator, log into each server and grant the Log on as Batch Job permission to the TMS-Service user. See

http://technet.microsoft.com/en-us/library/cc739028.aspx for assistance on assigning user rights.

3. Add Cluster Permissions – The TMS-Service user needs access to the Cluster so it can check

the state of the cluster – it will not make any changes to the cluster. Using the Failover Management Console in Windows, right-click on your cluster and select Properties. Under the

Windows 2003 Clusters are not supported due to MS DTC clustering requirement. Windows 2008

allows a local MS DTC Instance.

Page 51

Cisco TMSXE Administrator Guide 2.2 Page 51 of 60

Cluster Permissions tab, click Add and select your TMS-Service account. Grant the TMS-Service account Full Contr ol. Click OK to save the changes.

4. Install on the Active Node – You will perform the complete installation of Cisco TMSXE on the

Active Node of the cluster as if it were a stand-alone ins tallat ion following the instructions under the Installation and Upgrades section with the following exceptions:

a. When prompted to specify the Exchange Service User, select I want to use an existing

domain account and select the TMS-Service account you previously staged. When prompted for the password for the Exchange Service User select the I have the pass wor d a nd wil l provide it below option and enter the password previously created for the TMS-Service user. The installer can not change or reset the Service User’s password in Active Directory when in clustered mode.

b. Note that you can not use replication for a Public Folder database hosted on a CMS server.

A Public Folder database can be on the CMS server, or off the CMS server, but not both.

5. Install on Passive Nodes – When the installation has been complete, you will repeat the Software

Installation steps only on each of the Passive Nodes. Follow the instructions in the Installation of Server Software section on each of the passive nodes of the cluster with the following exceptions

a. The installer will detect the presence of your existing Exchange Service Account. When

prompted for the password for this account, select the I have the password and will provide it below option and enter the password previously created for the TMS-Service user.

b. Only perform the Server Software installation, the other steps of installation do not need to

be repeated.

c. Any Configuration Utility customizations on the Configuration and Resource Defaults tabs

must be repeated on each node by running the Configuration Utility on the node and updating the settings.

Upgrades

To upgrade an existing Cisco TMSXE install on a Clustered Mailbox Server you must run the software installation on each of the Cluster Nodes with the following exceptions:

 Upgrade the Active Node in the Cluster first.  Run the software installation steps and when the installer detects the existing Exchange Service

account, select the I have the password and will provide it below option and enter the password previously created for the TMS-Service user. The installer can not change or reset the Service User’s password in Active Directory when in clustered mode.

 After installing the software on the Active Node, repeat the installation on each of the Passive

Nodes.

Uninstalling Cisco TMSXE

To remove Cisco TMSXE from a Clustered Mailbox Server, you must run the software uninstall instructions on each node in the Cluster. You can follow the standard uninstall instructions in the Uninstall section. When running the uninstall on each node, at least one of the nodes must be the CMS active node to complete the uninstall and disable the sinks on resource accounts.

Operational Changes when using a Clustered Mail Server

 The Cisco TMSXE software automatically follows the state of the Clustered Mail Server and takes

no interaction from the administrator to ‘fail-over’. The Cisco TMSXE installation on each node independently starts and stops as necessary.

 The start-up tests ran when the Configuration Utility is opened will show the state of the current

node, Active or Passive. You can also see the node state in the Configuration Utility as the Synchronizer button on the Operation tab will be disabled when the node is not the active node.

 Unlike a stand-alone install where you should update the Exchange Side Service user password

via the Configuration tool, when in a clustered mode, you must update the password in Active Directory first, and then update the Cisco TMSXE installation on each node. The configuration

Page 52

Cisco TMSXE Administrator Guide 2.2 Page 52 of 60

utility can not update the password in Active Directory for the service user, only the locally stored value.

 Most of the configuration elements of the Cisco TMSXE installation shown on the Configuration

and Resource Defaults tabs are stored locally on each node, and therefore must be updated on each node if changed. To update the settings, open the Configuration Utility on each node and update the value.

 Updating the Sender email address and display name on the Configuration Tab must be updated

on the active node for the change to take effect or test. Changes here will automatically propagate to the other nodes when a node becomes the active node.

 Using the features on the Operations tab of the Configuration Utility, including adding/removing

resources, starting/stopping the synchronizer must be performed on the active node.

Page 53

Cisco TMSXE Administrator Guide 2.2 Page 53 of 60

Appendix D. Using Cisco TMSXE with

Separate Admin Roles

Cisco TMSXE normally requires the installing and operating user be a Local Domain Administrator and an Exchange Full Administrator (or Exchange Recipient Administrator for Exchange 2007 Installs). In some organizations, due to internal policy or security requirements, these requirements can not be met as these roles are explicitly separated. This section is intended to provide additional instruction on how the Cisco TMSXE product can be ins tall ed and opera ted in an env ironment where the Active Directory and Exchange Administrative roles are segregated.

Assumptions/Background

The following are the assumptions about the customer environment for these instructions.

 An Admin Group is responsible for creating users, groups, and mailboxes for new users.  An Exchange group is responsible for ongoing operation of Exchange Servers and mail

processes.

 The Exchange group has local administrative rights to the Exchange server, but does not have

Domain Administrative rights.

 The users installing the product are aware of any replication delays associated with their Active

Directory implementation—how it affects propagation of changes in AD objects and permissions and any waits that are required before changes will take effect.

 The process description assumes this is a first time installation of the TANDBERG product.

For common terminology purposes in this guide, the user from the Admin group will be called the ADAdmin. The user from the Exchange group will be called the Exchange-Admin.

 AD-Admin is a member of Domain Admins.  Exchange-Admin is a Local Administrator and delegated Full Exchange Administrator

permissions (or Exchange Recipient Administrator in Exchange 2007).

Installation

This section will outline how to adapt the installation process to function when the Active Directory and Exchange Administrator roles are separated.

Pre-Installation Steps

1. The AD-Admin must create or decide which OU in Active Directory will be used for accounts

related to the Cisco TMSXE Integration. Accounts are not required to be in the same OU, but the policy should be followed for consistency with the standard product.

2. The Exchange-Admin decides which Exchange Server and Information store will be used for the

Exchange Integration (all mailboxes for integrated accounts must be located in information stores on the same Exchange Server).

3. The AD-Admin must create a new domain user or designate an existing user to be the Exchange

Side service user. Example: TMS-Service. The remainder of the instructions will refer to this account as TMS-Service. When creating a new account, create a mailbox for the TMS-Service user. The mailbox must be in an information store on the specified Exchange Server. If re-using an existing account and the mailbox for the TMS-Service user not stored on the specified Exchange Server, the Exchange-Admin must move the user’s mailbox to the specified Exchange Server before proceeding. The account must have a SMTP email address that is reachable from the mail server used by Cisco TMS.

4. The AD-Admin must set the extensionattrbute1 property on the TMS-Service user to be ‘TMS-

Service’. a. Exchange 2003—Using the AD Users and Computers tool, enable Advanced Features from

the View Menu, open Properties for the user, select the Exchange Advanced Tab, click Custom Attributes and edit the value of extensionAttribute1 to be ‘TMS-Service’

Page 54

Cisco TMSXE Administrator Guide 2.2 Page 54 of 60

b. Exchange 2007 – Using Exchange Management Console, open the Properties of the

Mailbox, on the General tab, click Custom Attributes and edit the value of extensionAttribute1 to be ‘TMS-Service’.

5. The AD-Admin or Exchange-Admin must make the TMS-Service account a local Windows

Administrator of the specified Exchange Server.

6. The AD-Admin or Exchange-Admin must grant the ‘Log on as Batch Job’ Local Security Policy to

the TMS-Service account on the specified Exchange Server. Ens ure no Group Policy setting will block or remove this permission. See

http://technet.microsoft.com/en-us/library/cc739028.aspx

for assistance on assigning user rights for your local computer.

7. The AD-Admin must create or identify a Windows user account that can log into the Cisco TMS

server to be the Cisco TMS Side Service user. The user account can be a local Windows account on the Windows Server hosting Cisco TMS or a domain user. We will refer to this account as tmsconfuser.

Open a browser and log into the Cisco TMS website with a user with Site Administr ator privile ges . Go to Administrative Tools > User Administration. If the tmsconfuser account has never logged into Cisco TMS, create a new user profile. If the account has logged in previously, find the existing user profile and click Edit. Ensure the username of the profile matches the username of the service account. Set the Exchange Integration Service Account value to Yes. Set the email address of the profile to be the email address of the TMS-Service account created in the earlier steps. Ensure the user is a member of a Cisco TMS group that has the book on behalf of permission and book permission on all systems that will be integrated (recommend using Site Administrator group which will allow access to all systems). Save the profile and close the Cisco TMS website.

8. If users will be given access to resource calendars so they can interact with the calendars directly

(required if using Direct Resource Booking), the AD-Admin must create or designate an existing security group for the ‘Editor’ role and ‘Author’ security groups that will later be granted permissions to the resource’s calendars.

Stage the Resource Accounts

These steps will outline how to prepare a resource account for use with the Cisco TMSXE integration. These steps should be repeated for each resource account to be integrated, and anytime you need to integrate a new system and be completed before trying to enable the corresponding Cisco TMS system using the Configuration Utility.

1. Log into the Cisco TMS web interface and find the Cisco TMS System ID of the system that will

be associated with this resource account. This can be seen by looking at the View Settings page for the system in Navigator. Example ID = 15

2. If an existing resource account is going to be reused, have the Exchange-Admin move the

mailbox to an Information Store on the Exchange Server where Cisco TMSXE is installed. If no existing resource account is going to be reused, have the AD-Admin create a new Active Directory user and mailbox for the Exchange Resource account. In Exchange 2007 Installs, be sure to create a mailbox of type room or equipment. The mailbox for the user must be located on an Information Store on the Exchange Server where Cisco TMSXE is installed. Most of the account’s properties, such as username, password, display name, and email address are not significant to the Integration and can be whatever values you chose. It is recommended you set the Display Name value to the same name as the matching system in Cisco TMS.

3. The AD-Admin must set the extensionattribute1 property on the resource account to TMS-xx

where xx is replaced with the numeric ID found in step 1. Example TMS-15. a. Exchange 2003—Using the AD Users and Computers tool, enable Advanced Features from

the View Menu, open Properties for the user, select the Exchange Advanc ed Tab, click Custom Attributes and edit the value of extensionAttribute1 to be TMS-15.

b. Exchange 2007 – Using Exchange Management Console, open the Properties of the

Mailbox, on the General tab, click Custom Attributes and edit the value of extensionAttribute1 to be TMS-15.

4. The AD-Admin must grant send as and receive as permissions for the TMS-Service account to

this resource account. a. Exchange 2003—Using AD Users and Computers, enable Advanced Features from the

View Menu, open the Properties of the resource account. Select the Security tab, and click the Advanced Button. Click Add and specify the TMS-service account. A new window

Page 55

Cisco TMSXE Administrator Guide 2.2 Page 55 of 60

appears, change the Applies to drop-down to This object only and add the send as and

receive as security permissions in the Allow column. Click OK and OK again to close the Advanced Security window.

b. Exchange 2007 – Use the Exchange Management Shell to grant the s e nd as and receive as

ExtendedRights on the resource account to the TMS-Service account. An example is shown below, replace the Resource and User accounts names as necessary

Add-ADPermission -Identity domain\ResourceName –User domain\TMS-Service

-ExtendedRights ("send-as", "receive-as") -InheritanceType All

5. The AD-Admin must grant full mailbox access permissions to the resource account's mailbox.

a. Exchange 2003—Using AD Users and Computers, open the Properties for the resource

account. Under the Exchange Advanced tab, click the Mailbox Rights button, Click Add and specify the TMS-service account. While the TMS-Service account is selected, mark the checkbox for allow full mailbox access. Click OK and OK again to close the properties for the resource account

b. Exchange 2007 – Use the Exchange Management Shell to grant the full mailbox access on

the resource account to the TMS-Service account. An example is shown below, replace the Resource and User accounts names as necessary

Add-MailboxPermission -Identity domain\ResourceName –User domain\TMS-Service -AccessRights FullAccess –InheritanceType All

6. The AD-Admin must configure essential Calendar Settings for the account.

a. Exchange 2003 – This step will be completed using the Configuration Tool and can be

skipped here

b. Exchange 2007 – Use the Exchange Management Shell to change the

MailboxCalendarSetting AutomateProcessing to AutoAccept and disable the default settings that change the conference title. An example is shown below, replace the Resource account name as necessary

Set-MailboxCalendarSettings –Identity domain\ResourceName –AutomateProcessing:Autoaccept –DeleteSubject $false –AddOrganizerToSubject $false

Run the Software Installer

When the Pre-Installation and staging steps have been completed, the standard Cisco TMSXE software installer can be run taking note of the specific steps outlined below. For a more detailed description of the software installer’s steps, see the Installation of Server Software section.

 The Exchange-Admin user should be the user to run the installer  When specifying the Exchange Service User, the installer will automatically detect the pre-staged

TMS-Service user account. Accept to use this account, and when prompted for the Exchange Service User Password, select I have the password and will provide it below and enter the password set during pre-installation.

 When prompted for the Cisco TMS Service user account, select I have created a service user on

the TMS server and enter the credentials of the tmsconfuser account setup during pre-

installation.

Enable the Staged Resource Accounts

After the server software has been installed, the Exchange-Admin can use the Configuration Utility to enable the accounts that were previously staged by the AD-Admin. These steps can be repeated any time new resource accounts have been staged and are to be added to the Cisco TMS XE Integration.

1. Start up the Configuration Utility from the Start Menu as the Exchange-Admin. The utility is found

at Programs > TANDBERG > TANDBERG Conferencing eXtensions for Microsoft Exchange > TANDBERG Configuration

2. During the self-test during the start-up of the Configuration Utility, it will detect errors with any

accounts that have been pre-staged. When prompted if you wish to repair them, click Yes . The utility will setup the sinks automatically for you.

3. If users are to be granted permissions to the resource calendars, the AD-Admin should have

specified these groups during the pre-installation steps. Switch to the Resource Defaults tab,

Page 56

Cisco TMSXE Administrator Guide 2.2 Page 56 of 60

and ensure the groups are set in the Resource Calendar Permissions section. If not, use the Browse button to select the existing group for each setting. Switch back to the Operations tab when complete to continue

The accounts that were pre-staged will appear in the right hand column as if they were already enabled. You will use the actions available in the Configuration Utility to complete the setup of the accounts.

4. Highlight the accounts that have been pre-staged. Use the shift or control keys to select multiple

systems. Right-click the highlighted systems and select Add Calendar Permissions. A pop-up window will appear showing the progress of the work. Click OK when complete.

5. Repeat the previous step for each of the following actions

a. Enable Autobooking

b. (Re-) Book all Meetings

The pre-staged accounts are now properly integrated with Cisco TMSXE.

Completing the Installation

When the initial resource accounts have been fully enabled using the Configuration Utility. The remainder of the installation should be completed using the s tand ard ins ta lla tio n instructions under:

Starting the Synchronizer – To be completed by the Exchange-Admin Configure Security Settings and Tuning- To be completed by the AD-Admin and Exchange-Admin Optional—Deploying the TANDBERG Form – To be completed by the Exchange-Admin

Upgrades

When performing an upgrade, the existing accounts remain intact, so no Staging or Pre-Installation steps are required by the AD-Admin. The setup file can be run by the Exchange-Admin following the standard instructions.

If the previous copy was uninstalled rather then performing an in-place upgrade, the existing resource accounts had their Integration elements disabled during the uninstall. When the software installat ion is complete, open the Configuration Utility. The Utility will detect that the sinks are disabled on your resource accounts and prompt if you wish to repair them. Click Yes when prom pted and your accounts will be re-enabled.

Uninstalling Cisco TMSXE

The product can be uninstalled by the Exchange-Admin using the standard methods. Optionally, if the resource and service accounts will not be needed for future use, the AD-Admin can safely remove the accounts completely. See Complete Removal of Product for more details.

Operational Changes

When using separate Exchange and Active Directory administrators, not all features of the Configuration Utility will function because you may lack the permissions necessary. The Utility will return an error if you do not have sufficient permissions to complete the task.

Operation Tab Changes

The following action commands will not complete without AD-Admin rights

Add Service User

Permissions

Reconfigure Account(s) from

Cisco TMS

Remove AD User(s)

Detach from Integration

Removing/Disabling Accounts

Without full permissions, accounts can not be removed automatically using the Configuration Utility.

This is not ava ilable in t he configura t ion utility when installed on Exchange 2007 servers. This s etting is only

needed if doing Direct Resource Booking.

Page 57

Cisco TMSXE Administrator Guide 2.2 Page 57 of 60

To remove an account from the Integration without removing it from Exchange-on l y book ing, do the following:

1. Using the Configuration Utility, have the Exchange-Admin use the Disable Sinks action in the

Operations tab

2. Using AD Users and Computers, have the AD-Admin remove the following from the resource

account a. the extensionAttribute1 value b. the send as and receive as permissions granted to the TMS-Service account c. the full mailbox access permission granted to the TMS-Service Account

To remove an account from both the Cisco TMSXE Integration and Exchange-only booking, simply have the AD-Admin delete both the us er accoun t and mailbox.

Configuration Tab Changes

Change the Password for Service User requires AD-Admin permissions to use. The other settings may be configured by the Exchange-Admin.

Resource Defaults Tab Changes

All settings may be changed by the Exchange-Admin.

Page 58

Cisco TMSXE Administrator Guide 2.2 Page 58 of 60

Checking for updates and getting help

Cisco recommends registering your product at http://www.tandberg.com/video-conferencing-

services.jsp in order to receive notifications about the latest software and security updates. New

feature and maintenance releases are published regularly, and we recommend that your software is always kept up to date.

If you experience any problems when configuring or using Cisco TelePresence Management Suite Extension for Microsoft

Exchange, consult the documentation at

http://www.tandberg.com/support/video-conferencingdocumentation.jsp for an explanation of how its individual features and settings work. You can also

check the support site at

http://www.tandberg.com/support/ to m ak e sure you are running the latest

software version. You or your reseller can also get help from our support team by raising a case at

http://www.tandberg.com/support/. Make sure you have the following information ready:

 the software build num ber  your contact email address or telephone number

Page 59

Cisco TMSXE Administrator Guide 2.2 Page 59 of 60

References and related do cuments

<List the documentation suite for the product here and any other external related documents.> The following table lists documents and web sites referenced in this document. All product

documentation can be found on our

web site.

Name Document reference

Conferencing eXtensions for Microsoft

Exchange User Guide

D14753.01

Page 60

Cisco TMSXE Administrator Guide 2.2 Page 60 of 60

THE SPECIFICATIONS AND INFORMATION REGA RDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMA T IO N, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCU R ATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCO RP O RATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT F ILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABI L ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRI NGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LI MITA TI ON, LO ST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at

www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their

respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.