Getting the Tanjay Working
One of the cooler aspects of Microsoft's Office Communications Server is the Tanjay telephone device. Tanjay was the code name for what technically I should now call the Microsoft Office Communications Server 2007 Phone Edition phone. Tanjay is, however, so much less typing.
The Tanjay was one of three hardware device types that Microsoft developed for OCS. These, and more, are now sold by third parties. In addition to the Tanjay, there was the following code-name devices:
- Catalina – this was a USB handset to provides a more familiar phone experience for Office Communicator users. The Catalina is effectively a fancy mike/speaker attached to your PC via USB. Polycom make one of these.
- Anacapa – This is a blue tooth headset that can be used for receiving Office Communicator calls. This device is a USB dongle which speaks Bluetooth to a serrate headset (the pairing is done at the factory). To the host this is just a USSB speaker and mike - so no flakey BT drivers to load! Nortel make one as do Plantronics.
At present, there are two models of the Tanjay on the market: the LG Nortel 8540. The other is the Polycom CX700. In theory they are meant to be broadly equivalent and are priced similarly at around US$600.
I've got a pair of the LG Nortel devices and managed last week to finally get them working. The whole process is rather convoluted and very hard work, but do-able.
There are two main parts to getting the phone working are:
- Basic connectivity - getting the phone out of the box and able to make/receive basic calls.
- Configuring and configuring device updates - to get the most out of the Tanjay, you need to update the bios.
To some degree, you have to get basic connectivity working before you can get the device updates to work.
The steps required to get basic connectivity established are:
- Configure DHCP
- Configure DNS
- Configure NTP
- Configure DHCP
- Configuring Certificates
- Testing it
Configuring DHCP
The Tanjay device gets it's IP address information via DHCP. You need to setup your DHCP servers with sufficiently sized scopes that contain the following DHCP Options:
- Option 3 - Router (IP Default gateway for the phone)
- Option 6 - DNS Servers (one or more DNS servers)
- Option 15 - DNS Domain Name (default domain name for the phone)
- Option 44 - WINS/NBNS Servers (One or more WINS servers)
- Option 45 - NBNS Node Type (set to 0x8).
In my case, my devices shipped with beta firmware (which worked but needed to be upgraded). The WINS server is used for the beta code and in particular to enable the phone to find the DC via NetBios (for DCs on remote networks). The RTM firmware now uses DNS for name resolution via option 6 where the phone is in the domain specified with option 15.
You also need to configure DHCP to support Option 119. This allows the device to have multiple domain names the device should the device can't for some reason, resolve a domain controller using the DNS servers specified via Option 6
Configure DNS
In operation, the Tanjay is just a Office Communicator client. It has to register to an OCS server and use that Server to negotiate phone calls.
The Tanjay uses a combination of SRV and A records to find the OCS resources. You may need to add 4 different groups of records (in addition to the DNS RRs implemented by AD):
- NTP - you need a SRV record that points to the FQDN of the time service (see later for setting up NTP). This has the format:
_ntp Port:123 <FQDN of NTP Server>
- Internal SRV records - you need potentially two SRV records to your internal DNS Server, These enable the Tanjay to discover internal OCS resources. The first (_SIP._TLS.<sipdomain>) is for TLS connections and the second (_SIP._TCP.<sipdomain>) for TCP connections. For both records, the host has to be either you SE Server FQDN, your EE Single Server FQDN, or a FQDN Pointing to the hardware load balance. The ports are the normal posts (5061 for TLS, 5060 for TCP). These in turn resolve to the A record with the relevant IP address (or VIP address for the HLB).
- External SRV records - you need potentially two SRV records to your external DNS Server, These enable the Tanjay to discover external OCS resources
- A record(s) for your SIP Domain. In your internal DNS, you need an A record for SIPInternal.<sipdomain> which points to your OCS FE server (or HLB).In your external DNS, you need an A record for SIP.<sipdomain> that points to the Access Edge server
Configure NTP
The Tanjay uses NTP to get updated time - synchronised time is a requirement for Kerberos authentication. The device uses the UDP SRV record noted earlier to locate the relevant NTP server. Your NTP server can be any NTP server, but my preference is for it to be a DC.
As I understand it, the Tanjay can use the Internet and can access external time servers (e.g. time.windows.com). Some organisations block NTP externally or have Tanjay devices that are operating in networks that are not attached - and for these situations, we need to configure a local NTP server.
To configure NTP, look at KB article 816042 - How to configure an authoritative time server in Windows Server 2003.
Configure Certificates
This Tanjay uses X.509 digital certificates to create the TLS tunnel for connection OCS. To get your Tanjay to log in securely, it's necessary to get your Root CA cert into the trusted root store on the phone. This proved to be a very major pain.
In my case, I first loaded the certificate onto a temporary share on the DC. Then I logged into the Tanjay using a domain account. To to that, you need to exit from the phone app (aka Domo), and use native WinCE features. You have to set the owner User ID, Password and domain. This may sound simple, but when you get the relevant dialog on the screen, the soft keyboard pops up neatly obscuring the screen (and no way to move the darned soft kb). But once you get the credentials entered, you can use the network to download this cert to add it to the device root CA. For testing, you might create a short user name with a very short password!
If you are using the Tanjay externally, you will typically need to use a public cert for your Access Edge. Note that the set of public Root CAs trusted by default by the Tanjay is more limited than the full Windows client - so choose your cert provider carefully. And check that you don't need to export your CA's root cert to the device as well as the internal CA cert!
You also need to configure your domain so that clients autoenroll for the Root CA Certs, which makes some of the pain go away.
Testing it
Once you have all the above items configured, you can get your device to make/receive calls, advertise and view presence, etc. You need to reboot the device (I just turned the power off and on). As the phone comes up, you can see it getting an IP address.
After may trial and errors, it took me around 3 hours to get this far. Due to time constraints, I did not have time (that day) to get the update server working, but I'll report on that in Part 2 of this blog post. And in closing, I would like to personally thank Dennis Herzig of Global Knowledge for providing the solid and feature rich Virtual Image environment that has made this all possible!
3 comments:
Hi, I am a member of tanjay development team. this is a nice blog. You have explained so many details in a very simple manner.
Great work.
Just in case you may need to ask any specific question please feel free to contact me.
hi, do you have any guide on how to install the update server for the tanjay?
i've installed one, but the tanjay doesn't seem to be picking up any updates from the update server at all.
any ideas?
Good post. I have a question regarding these phones. I work from home and our company is rolling out the Tanjay's. I connect to the office via VPN only. Is it possible to connect the phone to my PC? In an office setting, the PC would be conected to the PC. I would like to connect the phone to my PC once I have established a VPN session. IS this possible?
Thanks.
Post a Comment