Troubleshooting Communicator 2007 R2 Delegation Issues
Introduction
Microsoft has added the ability to enhance the Manager/Delegate experience used in Outlook and Exchange scenarios to now include the ability for the delegate to also schedule Office Live Meetings on the manager’s calendar. In this write-up I’ll cover the requirements for this functionality to work and some troubleshooting steps and tools that can be used to ensure the functionality works as expected.
Office Communications Server 2007 R2 and Communicator 2007 R2 Prerequisites:
- At least version 3.5.6907.3 of Office Communicator 2007 R2
- Hotfix 969821 or higher applied to the Office Communications Server 2007 R2 Front-End Server
However, since both of these updates have been superseded by new versions installation of these updates would be preferred:
- Updates Resource Center for Office Communications Server 2007 R2 and Clients
- https://technet.microsoft.com/en-us/office/ocs/ee695846.aspx
Environment Prerequisites
Before manager/delegation of Live Meetings should be expected to work it first needs to be correctly established through Outlook which can be accomplished using the steps in the article below:
- Allow someone else to manage your mail and calendar
- https://office.microsoft.com/en-us/outlook-help/allow-someone-else-to-manage-your-mail-and-calendar-HA010075081.aspx
Please be aware of a limitation in the delegation feature with Office Live Meetings and Communicator:
- 977282 Error message when a delegate user tries to schedule an Office Communications Server 2007 R2 conference on behalf of another user: "You do not have permissions to schedule meetings and conferences on behalf of the owner of this account"
- https://support.microsoft.com/default.aspx?scid=kb;EN-US;977282
Verifying the delegation is in place
When a manager sets a delegate in Outlook what they are really doing is updating an attribute of their Active Directory account called “publicDelegates” which can be viewed with several different tools to confirm it’s in place correct. An easy one to use is ExchDump which you can download from this KB article:
- 839116 Overview of the ExchDump tool for Exchange 2000 Server and for Exchange Server 2003
- https://support.microsoft.com/default.aspx?scid=kb;EN-US;839116
Specifically, run the /user report as in this example:
- Exchdump.exe /user /user:ManagerRepro
After running the command to dump out the manager’s properties open the HTM file that was generated. Expand the “Click for more details” section and look for “publicDelegates” which should be populated with the Distinguished Name of the delegate or delegates of the user:
- publicDelegates : "CN=Delegate Repro,CN=Users,DC=picmepicme,DC=local"
It’s critical to note that without this attribute populated on the manager’s account that no delegate features will work. If this step is missing it must be resolved before continuing.
The next step is to create the client-side registry key (EnableExchangeDelegateSyncUp) that tells Communicator to read the setting in Active Directory and publish it into the OCS database as documented in this KB article:
- 971845 You cannot use a set of features in Office Communicator 2007 R2 that integrate secure delegation for the local Outlook 2007 calendar
- https://support.microsoft.com/default.aspx?scid=kb;EN-US;971845
From an OCS-perspective we can take a look at what happens under the hood on the Manager’s machine when they logon as this is when the database is updated. This happens in the form of SIP SERVICE message to the OCS Database (irrelevant lines have been removed):
From: <sip:ManagerRepro@picmepicme.net>;tag=850e5af551;epid=fbe2655450
To: <sip:ManagerRepro@picmepicme.net>
CSeq: 1 SERVICE
Contact: <sip:ManagerRepro@picmepicme.net;opaque=user:epid:zN6w4yazzluMl5ULEvM4KwAA;gruu>
User-Agent: UCCAPI/3.5.6907.223 OC/3.5.6907.225 (Microsoft Office Communicator 2007 R2)
Content-Type: application/msrtc-setdelegate+xml
<setDelegates xmlns="https://schemas.microsoft.com/2007/09/sip/delegate-management" version="1"><delegate uri="sip:DelegateRepro@picmepicme.net" action="add"/></setDelegates>
To which the server responds with this acknowledgement (irrelevant lines are again removed):
From: "Manager Repro"<sip:ManagerRepro@picmepicme.net>;tag=850e5af551;epid=fbe2655450
To: <sip:ManagerRepro@picmepicme.net>;tag=B4B8A988A6EA05C2452F9A563FE5CFCB
CSeq: 1 SERVICE
<roamingData xmlns="https://schemas.microsoft.com/2006/09/sip/roaming-self" xmlns:cat="https://schemas.microsoft.com/2006/09/sip/categories" xmlns:con="https://schemas.microsoft.com/2006/09/sip/containers" xmlns:sub="https://schemas.microsoft.com/2006/09/sip/presence-subscribers" xmlns:del="https://schemas.microsoft.com/2007/09/sip/delegates">
<delegates xmlns="https://schemas.microsoft.com/2007/09/sip/delegates" version="2">
<delegate uri="DelegateRepro@picmepicme.net" publish="false" redelegate="false"/>
</delegates>
</roamingData>
The final step to check is in the database itself to confirm that the delegation was established correctly; this can be done using the OCS Resource Kit Tool dbanalyze in this manner:
- DBAnalyze.exe /report:user /user:ManagerRepro@picmepicme.net /sqlserver:ocsr2-sql-be
In the output we’re looking for this information toward the bottom of the output:
Delegates
---------
1
Delegate : DelegateRepro@picmepicme.net
If a similar report is run on the delegate user (DBAnalyze.exe /report:user /user:DelegateRepro@picmepicme.net /sqlserver:ocsr2-sql-be) the expected output would have this information at the bottom of the output:
User is a delegate of these local users
---------------------------------------
1
Delegator : ManagerRepro@picmepicme.net
Summary
The OCS delegation feature is used to allow delegates to schedule Live Meetings on behalf of managers. For this feature to work successfully the Outlook delegation by the manager must first be setup. Secondly the client-side registry key must be created so that the necessary SIP traffic will pass to the OCS database and create the required entries. Several tools were discussed in the paper to assist with troubleshooting and ensuring the necessary steps are in place.