Communications Manager Installation GuideManual component installationConfiguring the resources of a Communications Manager Server

Configuring the resources of a Communications Manager Server

You can add, modify or remove the resources that are configured for the Tungsten Communications Manager, installation with the ConfigureServer.exe tool:

  • It is always possible to add resources.

  • It is always possible to modify a resource that is not yet used by the Tungsten Communications Manager, installation.

  • It is possible to modify a resource that is in use by the Tungsten Communications Manager, installation. You must stop the components that use the resource before running ConfigureServer.exe, and restart them afterwards.

  • It is only possible to remove a resource when it is not yet used by the Tungsten Communications Manager, installation. The services account and the internal certificate are mandatory and cannot be removed, although they can be modified.

  • The internal and private ports start points cannot be modified nor removed.

  • When you modify the services account, you may also need to provide additional information:

    • When changing to a different services account, you must either provide the services update key, or the name and password of the old services account.

    • When an Administrator has changed the password of the services account, you must also provide the services update key.

    • Otherwise, it is sufficient to provide the name and password of the new services account.

    • The services update key is generated upon installation of Tungsten Communications Manager and must be administrated manually.

      Make sure to store the services update key in a secure location. There is no way to extract it manually from Tungsten Communications Manager later.

    You can also use ConfigureServer.exe to modify the global security configurations of trusting internal servers and supported TLS versions.

The ConfigureServer.exe tool can make multiple changes at the same time.

You can find the ConfigureServer.exe tool in the <deploy root>/CommunicationsManager/Programs/<version>/Management folder.

Parameters

The ConfigureServer.exe tool has the following parameters:

Parameter Required/Optional Description
Java!Home Optional. When omitted, configuration doesn't change. Not permitted when Remove!Java is true. New value for the installation folder of the Java installation.
Tomcat!Version Optional. When omitted, configuration doesn't change. Not permitted when Remove!Tomcat is true. New value for the version number of the Tomcat installation.

Make sure that the user account for Tungsten Communications Manager web applications has "Read & execute" permissions for the installation folder of the new Tomcat installation.

Security!TrustInternalServers Optional. When omitted configuration does not change.

If True, the certificate chain validation for connections between Communications Manager components and the host name validation are suppressed. This way you can enable encrypted internal SSL connections without validating the identity of the internal server through the server certificate.

Security!TLSVersions Optional. When omitted configuration does not change. The versions of the TLS protocol that are supported for encrypted connections. Possible values are:
  • TLS_11_12_13. Allows TLS 1.1, TLS 1.2 and TLS 1.3 .
  • TLS_11_12. Allows TLS 1.1 and TLS 1.2 .

  • TLS_13. Allows TLS 1.3 .

    At the moment, Microsoft Word does not support TLS 1.3. If you use TLS 1.3 only, you cannot open Word documents in Communication Manager Designer.

TLS 1.3 requires support in Java, and support in .NET on the server OS. If you choose to use TLS_13 only, make sure that these requirements are met.
Services!Password Required Password of the Tungsten Communications Manager services account. When Services!Name is set, this is the password of the new services account. When Services!Name is not set, this must be the password of the existing services account.
Services!Name Optional. When omitted, services account configuration does not change. New value for the name of the Tungsten Communications Manager services account.
Services!Key Optional when Services!Name has a value. Not allowed otherwise.

Mutually exclusive with OldServices!Name and OldServices!Password.

The services update key, which was generated upon installation of Tungsten Communications Manager. If you need to generate a new services update key after the previous one was compromised, refer to the following section of this guide: Change the services update key
OldServices!Name Optional when Services!Name has a value. Not allowed otherwise.

Mutually exclusive with Services!Key.

The name of the old Tungsten Communications Manager services account.
OldServices!Password Optional when Services!Name has a value. Not allowed otherwise.

Mutually exclusive with Services!Key.

The name of the old Tungsten Communications Manager services account.
Remove!Webservices Optional. Defaults to false when omitted. Boolean flag. Indicates whether the configuration of the web services account should be removed.
Remove!PublicContractManagerPort Optional. Defaults to false when omitted. Boolean flag. Indicates whether the configuration of the Contract Manager port should be removed.
Remove!PublicControlCenterPort Optional. Defaults to false when omitted. Boolean flag. Indicates whether the configuration of Communications Manager Control Center should be removed.
Remove!Java Optional. Defaults to false when omitted. Boolean flag. Indicates whether the configuration of the Java installation should be removed.
Remove!Tomcat Optional. Defaults to false when omitted. Boolean flag. Indicates whether the configuration of the Tomcat installation should be removed.
Remove!PublicCertificate Optional. Defaults to false when omitted. Boolean flag. Indicates whether the configuration of the public certificate should be removed.
InternalCertificate!KeystoreFile Optional. When omitted, configuration doesn't change. New value for the location of the internal SSL certificate file. For more information about internal certificates, refer to the following topic: Generate self-signed internal certificates.
InternalCertificate!KeystorePassword Required when InternalCertificate!KeystoreFile has a value. Not permitted otherwise. New value for the password of the internal SSL certificate file. For more information about internal certificates, refer to the following topic: Generate self-signed internal certificates.
InternalCertificate!Thumbprint Required when InternalCertificate!KeystoreFile has a value. Not permitted otherwise. New value for the thumbprint of the internal SSL certificate in the Windows certificate store. For more information about internal certificates, refer to the following topic: Generate self-signed internal certificates.
Webserver!ServiceUser Optional. When omitted, configuration doesn't change. Not permitted when Remove!Webservices is true. New value for the name of the Tungsten Communications Manager web services user account.
Webserver!ServicePassword Required when Webserver!ServiceUser has a value. Not permitted otherwise. New value for the password the Tungsten Communications Manager web services user account.
PublicCertificate!KeystoreFile Optional. When omitted, configuration doesn't change. Not permitted when Remove!PublicCertificate is true. New value for the location of the public SSL certificate file.
PublicCertificate!KeystorePassword Required when PublicCertificate!KeystoreFile has a value. Not permitted otherwise. New value for the password the public SSL certificate file.
PublicPorts!ContractManager Optional. When omitted, configuration doesn't change. Not permitted when Remove!PublicContractManagerPort is true. New value for the port of the Contract Manager.
PublicPorts!ControlCenter Optional. When omitted, configuration doesn't change. Not permitted when Remove!PublicControlCenterPort is true. New value for the port of Communications Manager Control Center.

Change the services update key

The services update key is a recovery password that you can use to update the services account in a Tungsten Communications Manager installation. The key is generated upon installation and must be kept secret. If the key has been compromised, you must generate a new one.

  1. Log in to the server whose services update key was compromised.

  2. Use the StopManagementService.exe tool from the <Root>\Programs\<Communications ManagerVersion>\Management\Control Center folder to stop the management service.

    If the server is registered in a Control Center, this will temporarily disrupt any interaction with that server in the Control Center.

  3. Navigate to the <Root>\Programs\<Communications ManagerVersion>\Management folder of the Communications Manager installation.

  4. Run the GenerateNewServicesUpdateKey.exe tool and specify the Services!Password parameter.

  5. Store the new services update key in a secure location.

  6. Use the StartManagementService.exe tool from the <Root>\Programs\<Communications ManagerVersion>\Management\Control Center folder to start the management service again.