Integrating Lync 2013 with Exchange 2013 OWA
In this article we'll go through integrating Lync 2013 with Exchange 2013 OWA. The contents of this article are unashamedly stolen from a colleague, but pointless re-inventing the wheel :).
Scenario
Multiple Exchange 2013 multi-role servers have the same public signed certificate being used for client access. This certificate does not contain the FQDN of the Exchange server as they can no longer be purchased from a public CA. The Subject Name of the SSL certificate matches the ExternalURL configured on the OWA virtual directories and is the DNS name assigned to the Virtual IP (VIP) on the Hardware Load Balancer (HLB).
If you only have a single Exchange Server and are not using HLB then simply use the FQDN of the Exchange Server in the following steps. You will need a certificate that contains the FQDN in the subject name field, so this will likely have to come from an internal CA. If this is the case then the issuing CA certs will have to be trusted by both the Exchange and Lync servers.
If you only have a single Exchange Server and are not using HLB then simply use the FQDN of the Exchange Server in the following steps. You will need a certificate that contains the FQDN in the subject name field, so this will likely have to come from an internal CA. If this is the case then the issuing CA certs will have to be trusted by both the Exchange and Lync servers.
Goal
Exchange Steps
1. Enable the OWA virtual directory for instant messaging
Run this in Exchange Management Shell:
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InstantMessagingEnabled $true -InstantMessagingType OCS
2. Get the OWA virtual directory ExternalURL
Run:
Get-OwaVirtualDirectory | select ExternalURL
Note the FQDN portion of the URL (e.g. for htttps://webmail.domain.com/owa the FQDN is webmail.domain.com)
Get-ExchangeCertificate
Note the thumbprint of the certificate assign to IIS
4. Configure OWA web.config file
4. Configure OWA web.config file
Open web.config from your %Exchange install drive%\Microsoft\Exchange Server\V15\ClientAccess\Owa
Search for </appsettings> and add the following lines above it:
<add key="IMCertificateThumbprint" value="CERTIFICATETHUMBPRINT" />
<add key="IMServerName" value="LyncPoolName" />
<add key="IMServerName" value="LyncPoolName" />
Save the web.config
Note: You will have to edit the web.config every time you update the Exchange Server as the web.config gets overwritten.
5. Apply OWA Changes
Run this command:
C:\Windows\System32\Inetsrv\Appcmd.exe recycle apppool /apppool.name:"MSExchangeOWAAppPool"
Lync Steps
6. Create Trusted Application Pool
Get-CsSite
Note your Site ID
Create Trusted Application Pool by running:
New-CsTrustedApplicationPool -identity <ExchangeFQDN> -Registrar <LyncPoolFQDN> -Site <SiteID> -RequiresReplication $False
Note: You may get the following error. This is because the ExchangeFQDN you are using is tied to the HLB DNS name and therefore doesn't have a computer object in Active Directory. You can safely ignore it
7. Create Trusted Application
Choose a free port for the application. Use netstat -a to see what ports are currently being used:
New-CsTrustedApplication -Applicationid OWA -TrustedApplicationPoolFqdn <ExchangeFQDN> -Port 5059
8. Enable the Lync topology
Run:
Enable-CsTopology
9. Test integration
Log into OWA and check that it has signed into Lync
Troubleshooting if sign in fails
Log files are on the Exchange server under %Exchangeinstalldrive%\Microsoft\Exchange Server\V15\Logging\OWA\InstantMessaging
If you see TLS errors, this is due to the certificate not being right. If you try to do this integration using a wildcard certificate you will see TLS errors such as :
"ERROR:UCWEB Failure: Code=TlsFailure, SubCode=TlsRemoteDisconnected, Reason=\r\nMicrosoft.Rtc.Internal.UCWeb.Utilities.UCWException: Unknown error (0x80131500)"
No comments:
Post a Comment