Configuring Lync RC and Exchange 2010 Sp1 to Enable OWA as a Lync Endpoint

 

While configuring my demo environment with Exchange 2010 Sp1, and Lync RC, I was triggered to find out how one can configure Exchange 2010 Sp1 to configure OWA to enable a mailbox-enabled user to chat using OWA, as is configured in our Microsoft working environment :-)

Demo Environment

I have an Exchange 2010 Sp1 CAS-HUB-MBX, called cs14ex.lync.local, and one Lync RC Enterprise Ed pool, called Pool.lync.local. My two test users, user1 and user2 have been enabled for Lync, and are able to sign-in to Lync. Logging into OWA shows no Lync integration at all…

A closer look using the Exchange Management Shell, reveals there is no InstantMessaging integration configured!

Step 1. Deploy Web Service Provider

You will need to download and install the OCS R2 Web Service Provider on your Exchange Client Access server. Since I’m running my Exchange 2010 Sp1 on a Windows 2008 R2, I need to install not only the Web Service Provider, and its hotfix, but also a specific hotfix when running it on a Windows 2008 R2.

• OCS 2007 R2 Web Service Provider: http://www.microsoft.com/downloads/details.aspx?familyid=CA107AB1-63C8-4C6A-816D-17961393D2B8&displaylang=en
• Hotfix for the OCS 2007 R2 Web Service Provider: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=45C94403-39FA-44D3-BE23-07F25A2D25C7
• Update Unified Communications Managed API 2.0 Redist (64 Bit) Hotfix KB 2282949: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1F565A42-71D2-4FBD-8AE0-4B179E8F02AB
• When running Exchange2010 Sp1 on a Windows 2008 R2, include the following UCMAREDIST Update, available here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=b3b02475-150c-41fa-844a-c10a517040f4

In the picture below you can see the files I installed, and in which order!

 

 

Step 2. Configure your Exchange 2010 Sp1 Client Access server

Using the Shell, you can configure your Client Access server OWA-virtual directory for InstantMessaging integration with OCS.

Important here are the parameters:

• InstantMessagingCertificateThumbprint = the thumbprint of the certificate which is enabled for the service IIS on your CAS!
• InstantMessagingServerName = the Lync pool name
• InstantMessagingType = OCS
• InstantMessagingEnabled = $True :-)

      

Step 3. Configure your Lync RC

Step 3.1 Use Topology Builder to add a new Trusted Application Pool

 

 

You should disable the replication of configuration data to this pool, to prevent CMS from trying to replicate to your Exchange server!

 

After creating this new trusted application pool, don’t forget to publish the topology!

After publishing the topology, a look in the Lync Shell, reveals that the cstrustedapplicationpool has been created :-)

  

And since I used a single computer, there will be also a csTrustedApplicationComputer

  

Step 3.2 Use the CS Shell to add a New-CsTrustedApplication

Using the Lync Shell, you need to add ExchangeOutlookWebAccess as a CsTrustedApplication! Make sure you define:

• TrustedApplicationPoolFqdn = FQDN of your OWA server
• Port = any un-used port

       

Step 4. Check :-)

Logging into OWA as User2, things look different than they did before my actions!

And User2 can start a chat with User 1…

 

Who can decide to respond….

 

Lync RC and Exchange 2010 Sp1 rock :-)

And special thanks to Jens & Edwin for helping me find missing pieces :-)

Update: Jens has posted a follow-up on what you need to keep in mind when you have a CAS in your Exchange 2010 Sp1 environment, which is also running the UM server role, and where you have configured the link between Lync RC and Exchange already! Check it out here: http://blogs.technet.com/b/jenstr/archive/2010/09/23/exchange-2010-rtm-sp1-owa-im-integration-with-microsoft-lync-server-2010.aspx

Ilse

Comments

• Anonymous
  January 01, 2003
  Dustin, my guess is that it is a certificate error. Enable logging for the SIP stack, use the resource kit tools of OCS R2, to analyze the log files (this will fire up the snooper tool), log into OWA, and see what the Snooper tool tells you when analyzing the generated log files... Be aware that wildcard certificates were not supported in previous releases, check technet.microsoft.com/.../2009.03.isa.aspx, you might want to try using a non-wildcard cert... Ilse

• Anonymous
  January 01, 2003
  I was able to fix this. I added the subject name mail2.company.com as a computer in ADUC.  Ran the above adding it as a new trustedapplication, etc. This fixed several things!

• Anonymous
  January 01, 2003
  The comment has been removed

• Anonymous
  January 01, 2003
  The comment has been removed

• Anonymous
  January 01, 2003
  The comment has been removed

• Anonymous
  January 01, 2003
  Maybe this can help: blogs.technet.com/.../troubleshooting-lync-exchange-owa-integration.aspx Ilse

• Anonymous
  January 01, 2003
  Dustin, Start the logging tool on Lync, check all the SiP stack, and use the Snooper tool from the resource kit OCS R2, and see what it tells you. It might be possible that there is something wrong with the Exchange server name, the certificate, or anything else... If it states that the server is unknown, it might be possible you need to check trustedapplications and so on, also check if your replication is working… Ilse

• Anonymous
  January 01, 2003
  Max, the update you need when running on Windows 2008 R2, can be found here: support.microsoft.com/.../982170 Ilse

• Anonymous
  September 23, 2010
  Hi Ilse, i have downloaded the required files (according Step1) but I have only 6 files. There must be one ucmaredist Hotfix missing. Could you help ? Running E2010 SP1 on W2008R2 and Lync 2010 Regards Max

• Anonymous
  September 24, 2010
  Fix for problems installing UcmaRedist.msi on Windows Server 2008 or R2: www.expta.com/.../problems-installing-ucmaredistmsi-on.html

• Anonymous
  September 29, 2010
  Hi,  I seem to have gotten the Communicator boxes to pop up in OWA and everything, but I can't chat and on the left hand side under contact list it spins for a while and then says "Instant Messaging isn't available right now.  The Contact List will appear when the service becomes available." Any ideas on what I might have done wrong?  I'm running Exchange 2010 SP1, Lync, and 2008R2 so it should be exactly the same for me. Thanks

• Anonymous
  September 29, 2010
  @Dustin: i had the same problem - my solution: the issued name of the exchange certificate should be the internal fqdn not the external name - maybe a bug

• Anonymous
  September 29, 2010
  I'm definitely thinking it's a cert issue.  Would the fact that I have a internal cert for my Lync Server and a Digicert Wildcard for my Exchange server cause this?  I'm pretty tired, but any insight is greatly appreciated and I thank you guys for the quick responses. @Max - I hate to sound like such a novice, but I'm not quite sure what you mean.   Thanks

• Anonymous
  September 29, 2010
  One other thing I find interesting is that OWA correctly shows the presence of Lync users when I initially log into it, but disappears shortly after the error shows.  This further leads me to believe that it is seeing stuff correctly just not authenticating completely.

• Anonymous
  September 29, 2010
  Ilse, I have ran the logging tool for several short stints and analyzed the data.  I can't seem to find anything relating to OWA, or even so much as the Exchange server.  No traffic over port 4789, or anything :( The Cert still seems like a likely culprit to me, but I find it strange that nothing appears in the log files. Thanks a bunch!

• Anonymous
  October 08, 2010
  any news on this? I have the same issue

• Anonymous
  November 23, 2010
  Thanks for this blog Ilse, it helped quite a lot! We just managed to integrate OWA and Lync, and only had two issues:

• We also have an external and internal FQDN. However, when I set the internal one as a Trusted Application Pool name, no errors were received but OCS integration wouldn't work. When I sent mail.contoso.com (the external FQDN), I got an error from Lync saying that this couldn't be found in AD, but on OWA integration worked like a charm despite the error.
• We use an wildcard certificate. Halfway down the tutorial we decided to enable IIS on this certificate, but set the lync pool on the internal cert thumbprint. Voila, I am now using OWA with wildcard certificate and Lync integration as well. Could it be that the internal cert is still being used between exchange and lync, but OWA is using the wildcard cert on top of that? Hope this might help anyone who came in contact with these problems Chris@ESC

• Anonymous
  November 29, 2010
  Anyone got wildcard certificates to work?

• Anonymous
  November 29, 2010
  I sorted the wildcard problem. If you installed and configured everything with a wildcard certificate. You have to go back and reconfigure a few steps.

1. Request a new sertificate to your exchange server.(from local domain CA is ok)
2. Assign certificate yo iis and owa using exchange 2010 manager.
3. redoo step 2 in this guid, assigning certificate to a pool.
4. restart iis or excahnge or server. 5  Logon to outlook webapp to see if everthing is working  with the lync integration.
5. Go back to exchange 2010 mananger and assing the wildcard certificate to your iis/owa site. Then everything is working perfectly with your wildcard certificate assign to exchange 2010 and lync server.

• Anonymous
  December 04, 2010
  Interesting...so what if you already have MOC integration with the CAS (an existing OCS 2007R2 pool name in the CAS config)?  does this mean that I'd lose the functionality for IM where one user is on the OCS 2007R2 pool and the other is on the Lync pool?

• Anonymous
  December 27, 2010
  The comment has been removed

• Anonymous
  January 05, 2011
  I've tried using both internal and external names for the pool name and neither work.  I don't see IM capability in OWA whatsoever.  I've followed the directions exactly.  Once difference is that my CAS and UM servers are collocated, should I still be creating the trusted application if this is the case?  I don't have functioning UM as I have no interest in enterprise voice or telephony. What logs can I check to see what's going on here?

• Anonymous
  January 06, 2011
  Got it working.  It appears I needed to do an IIS reset or wait for some sort of replication.

• Anonymous
  January 06, 2011
  Get-OwaVirtualDirectory : fl instant in Exchange Management Shell, reveals only •InstantMessagingType =none •InstantMessagingEnabled = false how can i get rest i.e •InstantMessagingCertificateThumbprint =   •InstantMessagingServerName = please help me

• Anonymous
  January 16, 2011
  Jazz, make sure you are running Exchange 2010 SP1! Ilse

• Anonymous
  February 01, 2011
  one failure with owa was the ntfs permission on the lync share which was also solved here: social.technet.microsoft.com/.../d1f1d7db-65a6-4625-8dd3-3e2c5d1f28e8 the other failure with owa and lync was teh replication in the trusted applications for exchange, which we must deactivate.

• Anonymous
  February 23, 2011
  We seem to be missing an important point Apart from setting Client Access server OWA-virtual directory for InstantMessaging integration with OCS. We ALSO need to SET  get-owamailboxpolicy | set-owamailboxpolicy –instantmessagingtype ocs. If this is not set intergration will not work

• Anonymous
  March 10, 2011
  Great post! It helped me a lot! One remark: you could use any certificate for the instant messaging, it does not have to be the IIS certificate. So I used a certificate with the internal FQDN of the exchange server in the subject, issued from an internal CA. I've added that certificate to the exchange 2010 sp1 server and assigned none services to it, but configured that thumbprint as the instantMessagingCertificateThumbprint and it works. My IIS certificate is a different one from a public CA without the internal FQDN of the Exchange server.

• Anonymous
  January 02, 2012
  The comment has been removed

• Anonymous
  March 28, 2012
  Dear, I can help, I have an Exchange 2010 SP1 with Windows 2008R2 Enterprise (without SP1) I downloaded the packete corresponding to the version I have but when I install it tells me the following this error gives me the packete CWAOWASSP and the UcmaRedist It reads the upgrade patch cannot be installed by the windows installer service because the program to upgraded may be missing, or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch

• Anonymous
  April 10, 2012
  Hi, I am not able to see presence information in OWA. I am running Exchange server 2010 SP1. while running the •Hotfix for the OCS 2007 R2 Web Service Provider: •Update Unified Communications Managed API 2.0 Redist (64 Bit) Hotfix KB 2282949: i am getting error. plz help me.

• Anonymous
  September 24, 2014
  Configuring Lync RC and Exchange 2010 Sp1 to Enable OWA as a Lync Endpoint - Ilse Van Criekinge's Weblog - Site Home - TechNet Blogs

• Anonymous
  December 03, 2015
  The comment has been removed