Lync – Exchange 2010 SP1 OWA integration

I just realized I am missing something from my Lync lab deployment: Lync – Exchange 2010 SP1 OWA integration. I will begin by installing the required prerequisites on my Client Access server.

First, I will download and install “OCS 2007 R2 Web Service Provider” http://www.microsoft.com/downloads/details.aspx?familyid=CA107AB1-63C8-4C6A-816D-17961393D2B8&displaylang=en

 The files will be unpacked here:

Let’s now install the files in the required order:

1. vcredist_x64.exe
2. UcmaRedist.msi
3. CWAOWASSP.msi

Time for “Unified Communications Managed API 2.0 Redist (64 Bit) Hotfix KB 2282949” http://www.microsoft.com/download/en/details.aspx?id=7557

…and "OCS 2007 R2 Web Service Provider Hotfix KB 981256" http://www.microsoft.com/download/en/details.aspx?id=797

At this point, just to be sure I have not missed anything, I will run Windows Updates before proceed further. But of course – Visual C++ update…

Now I can proceed with configuration of OWA virtual directory integration. First I need to obtain the thumbprint of my Exchange certificate by running “Get-ExchangeCertificate | fl” form Exchange Management Shell:

 

I will get the Identity of my OWA with the command"Get-OwaVirtualDirectory | fl"

…and use it to construct my command:

Set-OwaVirtualDirectory -Identity "EX\owa (Default Web Site)" -InstantMessagingCertificateThumbprint 8F9D12B0B143689DD34D55B04CB063A418124FA3 -InstantMessagingServerName fe.lynclog.com -InstantMessagingType OCS -InstantMessagingEnabled $True"

Where “EX\owa (Default Web Site)” is the Identity I obtained from the previous command, the Thumbprint is from “Get-ExchangeCertificate | fl” and “fe1.lynclog.com” is my Lync Standard Edition Server.

Lastly, I will restart the IIS with “iisreset” command.

Now, when I run “Get-OwaVirtualDirectory | fl”, the required parameters are set:

Time for Lync Server configuration.  From Lync Management Shell let’s get the SiteId:

…and construct my command to create Trusted Application Pool – “New-CsTrustedApplicationPool -Identity ex.lynclog.com -Registrar fe1.lynclog.com -Site 1 -RequiresReplication $False”

As instructed, I will run “Enable-CsTopology”

Next step – to create New trusted Application. The command will be “New-CsTrustedApplication -ApplicationId ExOwaAccess -TrustedApplicationPoolFqdn ex.lynclog.com -Port 3800” where ApplicationId is a just a name, TrustedApplicationPoolFqdn is the FQDN of the CAS server and Port – an unused port. Lastly, “Enable-CsTopology” as required.

…and test our setup:

Integrating Exchange UM with Lync 2010

Until now, my lab was under domain “drago.ws”. Recently I acquired “lynclog.com” and for the last two days I have been deploying another lab. From now on, our examples will be on this lab – still same topology, different domain.

Now that I have deployed Microsoft Exchange 2010 SP1, it is time to configure Unified Messaging role to work with Lync and further extend testing for voicemail, Subscriber Access, Auto attendant etc. As usual, when deploying new software and/or roles, I made sure the OS and product is fully patched and updated. Another habit of mine is to resolve all errors or warnings in the Windows Event log before attempt to integrate products and services. My previous experience thought me that something “innocent” that I postponed for resolving later sometimes lead to major problem else seems unrelated…

On my UM server, first I made sure TLS is enabled. Fact is – I could not install certificate on the UM server unless TLS or Dial is enabled.

Because TLS support was turned ON, our UM server needs a certificate, else the service will not start. This certificate must be from Trusted Root CA and since UM is internal service only, a certificate form our Domain CA will be sufficient.

In EMC, server node, click on your UM server and proceed further

I just created offline certificate request. Now I will go to my Domain Certificate Services we site and process the request.

Here I need to open my request (c:\um.req) with notepad and copy the content. It is very important to copy the text exactly as it is. I always use STRL + A to make sure only the necessary text was copied.

…paste the text in the request page and submit the request.

Next step is to complete the pending request. Click on the request to see “Complete Pending Request” option…

…and now I see the certificate as Valid. However, I must assign service(s) to it.

At the end, I have a valid certificate assigned to UM server. Reboot and let’s move further.

Next, I will create UM dial plan.

My dial plan is not completed yet. I still must create Subscriber access number and so other customization.

***Note that here I used two numbers - +14785550001 which is full US E.164 number and “+0099” which, because has “+” on front, is still considered E.164. I want to see if this number can be utilized later somehow.

***ALERT***ALERT***ALERT***

Apparently there are some changes introduced with SP1. Make sure you follow the next steps or your Auto Attendant will not be able to transfer to extensions.

***You must apply at his point.

 Next, I will customize my UM Mailbox Policy created automatically when the Dial plan was enabled. Since this is lab, I will change the Minimum PIN Policy to 4 digits and remove the PIN expiration.

…and leave the rest to default settings.

Lastly, Auto Attendant. Frankly, with the introduction of RGS, I rarely use AA except in one case (the Main college number, where the caller has an option to dial by extension or name).

…and customize it.

Let’s move to our front end server and execute “C:\Program Files\Common Files\Microsoft Lync Server 2010\Support\OcsUmUtil.exe” from Command Prompt.

Oops. I forgot to change the Name of the contact object.

Move back to the UM server. In Exchange Management Shell, navigate to C:\Program Files\Microsoft\Exchange Server\V14\Scripts and execute .\ExchUCUtil.ps1

 The setup is now completed and test calls to Subscriber Access and Auto attendant numbers were successful with all features functioning as expected.