Scenario
Exchange 2013 multi-role server has a public signed wildcard certificate *.domain.com being used for client access. Internally CA signed certificate is installed for Unified Messaging with the Exchange server fqdn in the subject and SAN (trusted by the Lync server).
Goal
Exchange 2013 client access server integrated with Lync 2013.
NOTE - If you don't have a unified messaging certificate installed with the server FQDN in subject & SAN, you will need to create a new certificate request, then get it signed by your internal CA to be used for the Lync/OWA integration.
Exchange Steps
1. Enable the OWA virtual directory for instant messaging
Run this in Exchange Management Shell:
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InstantMessagingEnabled $true -InstantMessagingType OCS
2. Get the UM certificate thumbprint
Get-ExchangeCertificate
3. Configure OWA web.config file
Open web.config from your %Exchange install drive%\Microsoft\Exchange Server\V15\ClientAccess\Owa
Search for </appsettings> and add the following lines above it:
<add key="IMCertificateThumbprint" value="%%%CERTIFICATETHUMBPRINT%%%" />
<add key="IMServerName" value="%%%LyncPoolName%%%" />
Save the web.config
4. Apply OWA Changes
Run this command:
C:\Windows\System32\Inetsrv\Appcmd.exe recycle apppool /apppool.name:"MSExchangeOWAAppPool"
Lync Steps
5. Create Trusted Application Pool
Get-CsSite
Note your Site ID
Create Trusted Application Pool by running:
New-CsTrustedApplicationPool -identity %ExchangeFQDN% -Registrar poolname.domain.com -Site 1 -RequiresReplication $False
6. Create Trusted Application
Choose a free port for the application. Use netstat -a to see what ports are currently being used
New-CsTrustedApplication -Applicationid OWA -TrustedApplicationPoolFqdn %ExchangeFQDN% -Port 5059
7. Enable the Lync topology
Run Enable-CsTopology
8. Test integration
Log into OWA and check that it has signed into Lync
Troubleshooting if sign in fails
Log files are on the Exchange server under %Exchangeinstalldrive%\Microsoft\Exchange Server\V15\Logging\OWA\InstantMessaging
If you see TLS errors, this is due to the certificate not being right. If you try to do this integration using a wildcard certificate you will see TLS errors such as :
"ERROR:UCWEB Failure: Code=TlsFailure, SubCode=TlsRemoteDisconnected, Reason=\r\nMicrosoft.Rtc.Internal.UCWeb.Utilities.UCWException: Unknown error (0x80131500)"
On premise unified communication accounted for over 60% of the market in 2013.
ReplyDeleteNetwork Security Market