For any given scenario and configuration, it is possible to install all CMG F/B Connector components on a single server, as shown in the illustrations in the introductory chapter (Determine your FBC scenario) of this Guide. However, many production environments experience sufficient query volume to warrant separate servers to ensure optimal performance. The installation instructions here therefore describe how to install CMG’s F/B Connector on two servers.
If you prefer that all subcomponents reside on a single server, simply combine the components of CMG Server 1 and CMG Server 2 as they are listed in step 1 above. All CMG Free/BusyConnector subcomponents are installed by the AutoRun utility included in the CMG product kit.
IMPORTANT: Before you install, on any computer that will host any CMG FBC web subcomponent, remove the IIS DefaultWebSite: In the navigation tree at left, right-click DefaultWebSite, and then select Remove from the pop-up menu. CMG requires a dedicated server for its own web subcomponents. |
IMPORTANT: Remember, the CMG AutoRun installer must be run on the computer where you want to install a particular subcomponent. If you are deploying the F/B Connector to two different computers, you must run the AutoRun installer twice—once on each computer. |
NOTE: The AutoRun installer automatically checks your environment to verify CMG prerequisites, but you can bypass the prerequisites check by running the installer from the command line and appending ignoreprerequisites=1 to the command string. |
Remember: For Exchange queries for GroupWise F/B information, the simplest approach is to dedicate a separate CMG FBC Server 2 (as noted in step 1 above, for Exchange queries to GroupWise, and GroupWise replies) for each GroupWise server, with all the CMG servers feeding into the single Exchange server.
CMG includes an Autodiscover Certificate Wizard to automate much of the process of installing this necessary certificate for the Free/Busy Connector. The wizard can be launched from CMG’s Management Console, on the Quest Web Services screen (under GroupWise Free/Busy Connector), as described in the procedure documented in the next subtopic below (see Using the Autodiscover Certificate Wizard to Obtain and Install a Certificate). Alternatively you can manually request and install a certificate, as described in the second subtopic below (see To Manually Request and Install a Certificate Using IIS 7.0–8.5).
To use the Autodiscover Certificate Wizard to install the necessary web services certificate using IIS 7.0–8.5:
1 |
In CMG’s Management Console, on the Quest Web Services screen (under GroupWise Free/Busy Connector): Click the Autodiscover Certificate Wizard button to launch the wizard. |
a |
From a web browser, enter https://<Local_Certification_Authority_computer>/certsrv |
b |
c |
Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64- encoded PKCS #7 file. |
e |
f |
Click Submit. |
g |
4 |
5 |
Specify the path and filename of the certificate file downloaded in step 3 above, and click Finish to register the file and dismiss the wizard. |
1 |
From Internet Information Services, click Server Certificates. |
2 |
From the Actions Pane, select Create Certificate Request. |
3 |
Enter autodiscover.<smtpdomain> or <smtpdomain> for the primary domain and all required subdomains. Then click Next. |
4 |
5 |
Specify the file name, and click Finish. |
a |
From a web browser, enter https://<Local_Certification_Authority_computer>/certsrv |
b |
c |
Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64- encoded PKCS #7 file. |
e |
Copy and paste the text from the certificate request into the Saved Request box when you selected Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file. |
f |
g |
Click Submit. |
h |
1 |
From Internet Information Services, click Server Certificates. |
2 |
From the Actions Pane, select Complete Certificate Request. |
|
First, you must enable the SAN (Subject Alternate Name) flag on your CA. On the machine running CA services, run these commands at the command prompt to enable the flag:
When the SAN flag is enabled, you can create the certificate:
1 |
Open IIS on the machine running F/B and select the server. Scroll to the bottom, open Server Certificates, and click on Create Certificate Request. |
2 |
For the common name, enter something appropriate for your larger domain. For example, for a domain alejandro.xyzcorp.com, the common name on the certificate is *.xyzcorp.com. (This is somewhat generic, as we will later add specific namespaces to the certificate.) |
4 |
Open the certificate request you just created, and select and copy all of the text. |
5 |
Open the certificate web enrollment page for the CA of your domain— e.g., https://hostname/certsrv. Then select Request a Certificate, and then select Advanced Certificate Request. |
6 |
Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file. |
7 |
In the Base-64-encoded certificate request box, paste all of the text that you copied from the text file in step 4 above. |
8 |
9 |
In the Additional Attributes box, enter any alternate-domain information in this format: |
10 |
12 |
Go back to IIS and click Complete Certificate Request. |
13 |
For the Filename containing the certification authority’s response, click the Browse button and select the certificate you just saved. (Be sure to change the file type to *.* instead of *.cer, or you won’t see the file you saved—since it is a .P7B extension.) Type a friendly name that is easy to remember and identify so you can find your certificate on the list later. You should then see your new certificate on the list. |
15 |
Click the Details tab, and scroll down to Subject Alternative Name. Highlight this field, and you should see all of your domains in the Details box. |
Now bind your certificate to the HTTPS protocol on the QuestFreeBusy website:
1 |
On the CMG F/B computer, in IIS Manager: Select QuestFreeBusy. |
2 |
3 |
4 |
In the Edit Site Binding window, in the SSL certificate drop-down list: Select the certificate you just created. |
5 |
Click OK. |
Log in as the CMG account to be used with the F/B Connector (if you haven’t already). Then, in Internet Options (via Windows Control Panel or IE Tools):
1 |
2 |
In Settings, scroll down to User Authentication | Logon, and click the radio button for Automatic logon with current user name and password. |
3 |
4 |
Add the Exchange Server EWS and Autodiscover URLs to the Trusted Sites. |
5 |
By default, CMG is installed with the log42net utility to generate log files of CMG components’ system activity. This information is critical to diagnosing any problems that may arise. Logging is enabled by default for all CMG components.
The default configurations will be suitable for almost all organizations and circumstances, but you can customize logging features if you like. The log42net utility may be configured to work a particular way with each CMG component. Configuration instructions are nearly identical from one component to another, so we present those details separately, in Appendix C of the CMG User Guide (not in this FBC Configuration Guide).
Use CMG’s Management Console to configure the Free/Busy Connector’s components—to identify the participating servers and their locations, register the necessary account access credentials, and set other operating parameters and preferences. See chapter 4 of the CMG User Guide for field notes and application notes for each screen in the F/B Connector Management Console.
Before running any of CMG’s F/B Connector subcomponents, you must synchronize GroupWise users as Office 365 contacts, and Exchange users to GroupWise. CMG’s Directory Connector does not support directory synchronizations directly between GroupWise and Office 365. In this non-hybrid O365 scenario, however, you can configure Microsoft’s Azure AD Sync synchronization tool to synchronize a local AD with Office 365. See Microsoft’s Azure AD Sync tool documentation for instructions and guidance in configuring the Azure AD Sync tool for this purpose.
NOTE: GroupWise sometimes mistakenly generates F/B queries for addresses in the form user-domain-com@domain.com (instead of user@domain.com). Queries to such addresses will fail if AD does not recognize the address, so be sure to add that address form as an alias in AD for each Exchange user. |
For FBC coexistence with Office 365, run Enable-OrganizationCustomization, and then create the availability address space by opening a PowerShell session and using the following commands:
You can use Network Load Balancing to permit multiple web servers to handle Autodiscover requests. This is optional, not required to deploy CMG. For more information, see this Microsoft article.
Configure DNS to point autodiscover.<smtpdomain.com> to the computer where CMG’s Autodiscover service is installed. For each domain, Exchange connects to predefined Autodiscover URLs using DNS host entries.
© 2021 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy