Installing Forefront Security for #OCS / #Lync.

With the release of hotfix RU4 you now can install Forefront for OCS on Lync servers. In this article I will briefly describe the installation process of FPOCS RU4.


  • Obtain Forefront Protection for OCS here

At first you have to create a service account for FSOCS which is enabled in Lync see the screenshot below for the account information:

The service account has to member of the RTCProxyUniversalServices and the RTCUniversalServerAdmins group.

Define your additional policies regarding password expiration as you normally should do on a service account.

Enable the account in Lync with the control panel of the Lync management shell:

Proceed with the installation of the FSOCS software as described below:

  1. From your CD image or from the self-extracting package available at the Microsoft Volume Licensing Download Center, run the Setup.exe file.

  2. Read the license on the End-User License Agreement page. To accept its terms and continue with the installation, select the I accept the terms in the License Agreement check box.

  3. On the Choose Setup Type page, select Full Installation.

  4. Read the requirements for the service account on the Service Account Requirements page, and then click Next. There are different requirements for this account, depending on whether the installation is for an access edge role or for another type of role. For more information about these requirements, see Requirements For A Service Account.

  5. On the Service Account Setup page, enter the following information about a user account to be used for running the ForefrontRTCProxy service. If you intend to use the same user account for both the Service account and the Notification account, then this user must be enabled for Communications Server
    1. User name—The name of the user, in the form domain\username (for Standard Edition, front end and director roles) or machinename\username (for an access edge server role).
    2. Password—The password for the user account.
    3. Verify Password—Confirmation of the password.

  1. On the Notification Account Setup page, enter information about a user account to be used for running the ForefrontNotificationAgent. Depending on what role the installation is for, you can select to use the same account as the ForefrontRTCProxy service account or to use different credentials for the Notification account.

    For Standard Edition, front end, and director roles, the default is to use the same account as the ForefrontRTCProxy service account. You can choose to use different credentials for the Notification account by entering them explicitly. If you choose to use different credentials for the Notification account, they must belong to an account that is enabled for Communications Server.

    For the access edge server role, you must enter the credentials explicitly.

    These are the credentials that must be explicitly entered:

  • User name—The name of the user, in the form domain\username
  • Password—The password for the user account
  • Verify Password—Confirmation of the password

  • On the next page (also called Notification Account Setup), enter information about transport, SIP URI, and home or pool server.
    • Transport—Select the transport method from the following choices:
      TLS (Transport Layer Security)—Messages sent using TLS are encrypted. This is the default.
      TCP—Messages sent using TCP are not encrypted.
    • SIP URI—Enter the Session Initiated Protocol (SIP) identifier in the form
    • Home or Pool Server—Enter the home server or the pool server in the form or

    On Standard Edition, front end and director roles, the SIP URI and pool server fields are pre-populated (you can edit them, if required). For an access edge server role, these fields are not pre-populated; you must enter the data.

  • On the Director Role Configuration page, if you want to configure the director role, check Configure Forefront for the Director role on this server. This page does not appear for an access edge server role.

  • If you use a proxy server for scanner updates, select Use Proxy Settings, and then on the Proxy Information page, enter the proxy server name or IP address and its port. This ensures that your proxy server is correctly configured from the start. If you are doing a new installation, you must enter the proxy information for your site. If this is an upgrade, this page is pre-populated with the existing proxy information.

  • On the Engines page, approve or change the antivirus engine selection. The Microsoft Antimalware Engine and four other randomly selected engines are chosen. You can modify the engine selection, choosing a maximum of five engines, including the Microsoft Antimalware Engine.
  • On the Scan Engine Update Notice page, read the warning about engine updates.

  • On the Change destination folder page, either accept the default destination folder for FSOCS or select a different one. The following is the default location:

    C:\Program Files (x86)\Microsoft Forefront Security\Office Communications Server\.

    Also, accept the default data folder path or select a different one on the same page. The following is the default location:

    C:\Program Files (x86)\Microsoft Forefront Security\Office Communications Server\data

  • Setup checks to see if you have the correct version of the Windows Update Agent. If you do have the correct version, Setup then checks if Microsoft Update is enabled. If it is not, the Use Microsoft Update for updates dialog box appears, permitting you to enable it.
  • On the Ready to Install page, review the choices that you have made.
    If you want to make any changes, use the Back button in order to navigate to the page to be changed.
    If you do not need to make changes or have finished making changes, click Install to begin the installation. A progress bar indicates that the files are being copied.

  • On the Install Complete page, it is recommended that you view the Readme file. Click Finish to complete the installation

  • Know you can start the FSOCS Management console from the start menu and start editing you settings.

  • Select the server you want to connect to and press OK

  • Activate you license and press OK

  • Now you can operate you FSOCS installation and define your settings.
  • Below an example how FSOCS intercepts a message with the keyword “test”


Over salpoels
Consultant Unified Communications

2 Responses to Installing Forefront Security for #OCS / #Lync.

  1. Pat Richard zegt:

    Just a note that “Activate you lisence and press OK” should be “Activate you license and press OK”. Note the spelling of “license”.

    Also, you mention that the default path is “C:\Program Files\Microsoft Forefront Security\Office Communications Server\data” but it’s actually “C:\Program Files (x86)\Microsoft Forefront Security\Office Communications Server\data”

    Otherwise a great reference for installing the product. Thanks!

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen. logo

Je reageert onder je account. Log uit / Bijwerken )


Je reageert onder je Twitter account. Log uit / Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit / Bijwerken )

Google+ photo

Je reageert onder je Google+ account. Log uit / Bijwerken )

Verbinden met %s


Ontvang elk nieuw bericht direct in je inbox.

Doe mee met 123 andere volgers

%d bloggers op de volgende wijze: