Thursday, July 12, 2012

Lync Group Chat: OCSChat Account? Really?!

You stood up Group Chat way back in the OCS 2007 days. Originally a proof of concept you threw out there on a day you weren't too horribly busy, it's become a critical business tool. You upgraded it to 2007 R2, but that wasn't too painful. Organically growing through your organization, the highest profile cells of users (Call Center and Help Desk) use it as their main forum for communications. Now you've moved everyone to Lync, and the only remnant of OCS 2007 R2 is the Group Chat server, a service account with a mysterious SIP URI of OCSChat@yourdomain.tld, and licensing issues you want to avoid.

Welcome to my world.

I stood up the Lync group chat environment. I made all of the appropriate DNS changes. Automatic sign-in, however, is horribly, inextricably tied to the default account of OCSChat@yourdomain.tld. Why? Wouldn't it have made life a lot easier if Microsoft had somehow allowed you to set the default search account to something you picked, rather than something related to an earlier version of the platform? Well, yeah. But, I don't make the world, I just try to manipulate it to make it work for my users and my boss.

My plan is to cut everyone over from OCS chat to Lync chat in one quick, band-aid(r) ripping, soul-crushing move. I do not intend to move historical chat data from OCS to Lync, so I get to run the environments concurrently, and have ensured all the appropriate rooms exist in the new environment with the appropriate settings. How do I cut this?

I could migrate the OCSChat account from OCS to Lync, update the Lync Group Chat environment to use the new lookup URI, restart (or wait for an hour or so) all your front-ends to get their tiny little minds wrapped around the new home for OCSChat, and then move on. There isn't much fallback in that, though. Alternately, I could change the SIP URI of the service account with OCSChat@yourdomain.tld to something like Legacy_OCSChat@yourdomain.tld and set up a new service account to use the default SIP URI in Lync. This way I haven't migrated users and I have a little bit of fallback.

There's one little problem with the above scenarios, and, like most relationships, I can say that "It's not you, it's me." I don't LIKE the default SIP URI. I'm trying REALLY HARD to get rid of OCS, and having an account out there saying "Hey, I'm OCS!" is going to annoy me for years to come.

Instead, let's figure out how to set a new SIP URI to be the default lookup account for Lync Group chat. If you look here: %AppData%\Roaming\Microsoft\Group Chat\Common\Accounts you'll see the Automatic Configuration XML file for group chat. It probably look something like this:

<?xml version="1.0" encoding="utf-8"?>
<AccountConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<name>Automatic Configuration</name>
<serverType>OCSGCF</serverType>
<sipServerType>OCS</sipServerType>
<autoDetectLookupServer>true</autoDetectLookupServer>
<lookupServerUserName></lookupServerUserName>
<useSso>true</useSso>
<useTcp>false</useTcp>
<lastUsedLoginName />
<lastUsedLoginUri></lastUsedLoginUri>
<domainName>yourdomain.tld</domainName>
<hasLoggedIn>true</hasLoggedIn>
<lcs>
<host />
<port>5060</port>
<securePort>0</securePort>
<useSecureComms>true</useSecureComms>
</lcs>
<globalCatalog>
<findGlobalCatalog>true</findGlobalCatalog>
<host />
<allowNonSSL>false</allowNonSSL>
<useCredentials>false</useCredentials>
<account />
<maxSearchResultSize>200</maxSearchResultSize>
<ADSyncFrequency>10</ADSyncFrequency>
</globalCatalog>
</AccountConfiguration>
We only care about the fields I made red... So how can we realistically set those for users? The answer is in the GroupChatConsole.adm file that comes with your Group Chat installation. Get your friendly domain administrator to apply (in a limited TEST first) this policy to your Group Chat users with the value of your lookup URI. Basically: everything after the "sip:" here:
 
 
The only value in the policy is for "Speficy lookup server URI" to be (in my case) RTCService@yourdomain.tld. Applying this policy will place a file called _gpo_ in the same folder as your Automatic Configuration XML file. It will look like this:
<?xml version="1.0" encoding="utf-8"?>
<AccountConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <name>Group Policy Configuration</name>
  <serverType>OCSGCF</serverType>
  <sipServerType>OCS</sipServerType>
  <autoDetectLookupServer>false</autoDetectLookupServer>
  <lookupServerUserName>RTCService</lookupServerUserName>  <useSso>true</useSso>
  <useTcp>false</useTcp>
  <lastUsedLoginName />
  <lastUsedLoginUri>YOUREMAIL@yourdomain.tld</lastUsedLoginUri>
  <domainName>yourdomain.tld</domainName>
  <hasLoggedIn>true</hasLoggedIn>
  <lcs>
    <port>0</port>
    <securePort>0</securePort>
    <useSecureComms>false</useSecureComms>
  </lcs>
  <globalCatalog>
    <findGlobalCatalog>true</findGlobalCatalog>
    <allowNonSSL>false</allowNonSSL>
    <useCredentials>false</useCredentials>
    <maxSearchResultSize>200</maxSearchResultSize>
    <ADSyncFrequency>10</ADSyncFrequency>
  </globalCatalog>
</AccountConfiguration>

Now, as your users apply that policy and log out and back in to Group Chat, they will be presented with a new configuration option for logging in. They will have to type their SIP URI, and rejoin their chat rooms.


Now, next time you upgrade Group Chat, you can just not worry about the "OCSChat" SIP URI, and can just stand up your new environment with a lookup URI that makes you happy. Then change the policy when you cut, and move on.

No comments:

Post a Comment