Thursday, September 30, 2010

How to Integrate Lync Server 2010 with Exchange 2010 SP1+ OWA

Lync Server 2010 can be integrated with Exchange 2010 SP1 or better, so that Exchange Outlook Web App can also act as a Lync web client.  Once integrated, users will automatically log into Lync when they log into OWA.  The OWA interface changes to include the following new features:
  • Sign In and Sign Out - Users can sign in or sign out of instant messaging from OWA.  Once signed in, the user will automatically sign into IM every time they sign into OWA.
  • Presence - User presence information is available for Lync users, showing a colored chiclet indicating their availability.
  • Contact List - The user's Lync IM contact list is made available in the OWA folder pane.  Users can be added and removed, and contact groups can be managed directly from OWA.
  • Instant Messaging - Lync users can chat with other Lync users using instant messaging directly from OWA.
  • Right-Click Functionality - Right-click menus and actions are updated to include new Lync features.  For example, right-click an email address to chat with the user or add them to an IM contact list.
All of these new OWA features can be seen in the screenshot below:


An instant messaging chat session can be started from OWA by double-clicking a contact in the Contact List or right-clicking an email address and choosing Chat.


This article explains how to configure Lync Server 2010 integration with Exchange 2010 SP1 or better.  I will assume that you have functional Lync Server 2010 and Exchange Server 2010 SP1 or SP2 servers already set up.  Let's get started.

Download and install the Microsoft Office Communications Server 2007 R2 Web Service Provider from http://www.microsoft.com/downloads/en/details.aspx?familyid=CA107AB1-63C8-4C6A-816D-17961393D2B8&displaylang=en on your Client Access Server.  This MSI package contains the installation programs to the local hard drive.  Normally it will put them in C:\Web Service Provider Installer Package, but I've also seen it install to a different drive.  Make note of the location it uses during installation.

The package will extract the following files:


Next, download and save the OCS 2007 R2 Web Service Provider Hotfix KB 981256 from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=45C94403-39FA-44D3-BE23-07F25A2D25C7 to the same C:\Web Service Provider Installer Package folder.

Download and save the Unified Communications Managed API 2.0 Redist (64 Bit) Hotfix KB 2400399 from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1F565A42-71D2-4FBD-8AE0-4B179E8F02AB to the same C:\Web Service Provider Installer Package folder.

If your CAS server is running Exchange 2010 SP1 on Windows Server 2008 R2, you need to download and save the UcmaRedist.msp patch in Microsoft Office Communications Server 2007 R2 Hotfix KB 968802 from http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19178.  The tricky part here is that the file name (UcmaRedist.msp) is the same as the Communications Managed API 2.0 Redist (64 Bit) Hotfix KB 2400399 you just downloaded.  Just rename this file name to something like UcmaRedist-R2.msp.

Now install the following files as Adminstrator in this order:
  1. vcredist_x64.exe
  2. UcmaRedist.msi
  3. UcmaRedist.msp
  4. UcmaRedist-R2.msp, if your CAS is running on Windows Server 2008 R2
  5. CWAOWASSP.msi
  6. CWAOWASSP.msp
  7. dotnetfx35setup.exe, if the .NET Framework 3.5 is not installed on Windows Server 2008.  For Windows Server 2008 R2, install the .NET Framework 3.5.1 feature from Server Manager.
Note that the MSI and MSP packages have a limited GUI during setup and don't indicate that they've installed successfully.

Next we need to configure the Exchange 2010 SP1 Client Access Server for Lync Server integration.  Run the following two commands from the Exchange Management Shell on the CAS:

$cert = (Get-ExchangeCertificate | Where {$_.Services -ilike "*IIS*"}).Thumbprint
Get-ExchangeServer (hostname)| Get-OWAVirtualDirectory | Set-OWAVirtualDirectory -InstantMessagingType OCS -InstantMessagingEnabled:$true -InstantMessagingCertificateThumbprint $cert -InstantMessagingServerName pool.domain.com
Be sure to change pool.domain.com to the FQDN of your Lync Server FE pool.  (hostname) automatically resolves to the hostname of the server you're running the cmdlet from.

Now we need to configure the Lync 2010 server.  Use the Lync Server Topology Builder to add a new Trusted Application Pool, as follows:
  • Open the existing topology.
  • Expand your Lync Server 2010 > your sitename.
  • Right-click Trusted application servers and select New Trusted Application Pool.
  • Enter your CAS server or CAS array's FQDN in the Pool FQDN field, select Single Computer Pool and click Next.  If you're using a hardware load balancer with separate VIPs for OWA and MAPI connections, use the FQDN for the OWA (HTTPS) connections.
  • Select the Front End Pool for the Trusted Application Pool.
  • Click Finish.
  • Right-click the new Trusted Application Server and select Edit Properties.
  • Clear the check box for Enable replication of configuration data to this pool and click OK.
  • Publish the new topology.  If you used the CAS Array or HTTPS VIP FQDN above, you will get a warning about the computer name not existing in Active Directory.  This is safe to ignore.
The final step is to create a new CsTrustedApplication using the Lync Server Management Shell on the Lync 2010 server.  Run the following command from the management shell:

New-CsTrustedApplication -ApplicationID ExchangeOutlookWebApp -TrustedApplicationPoolFqdn cas.domain.com -Port 9999
Enable-CsTopology
Be sure to change the TrustedApplicationPoolFqdn value in the command above to the FQDN of your CAS server or CAS array.  The Port value can be any unused TCP port.

Now login to Outlook Web App and enjoy the new Lync Server goodness!


Posted by Jeff at 2:03 PM
Labels: , , , , ,

27 comments:

  1. Great walkthru, however, when I go to install UcmaRedist.msi it says I need to install .Net Framework 3.5. I am running 2008 R2, so I go to Server Manager and I see that it is already installed. Help?

    ReplyDelete

  2. Had to uninstall .Net 4.0 stuff to proceed with the install. Lame, but effective.

    ReplyDelete

  3. Also - there is a " missing from the above string after 'IIS' - it should look like below:

    $cert = (Get-ExchangeCertificate | Where {$_.Services -ilike "*IIS*"}).Thumbprint

    ReplyDelete

  4. Hi, great post!

    I ran the above and all went well. However, when I then login to OWA I can see the LYNC IM Presence ICON (i.e. the Available, Busy, ..etc) but its is all greyed out and when I click on the Sign In to IM from OWA nothing happens. Any idea where I may have gone wrong?

    Thanks

    ECL

    ReplyDelete

  5. I had the same problem the first time, due to the there are two versions of the UcmaRedist.msp patch which are named the same. Review the steps above and try reconfiguring it again.

    ReplyDelete

  6. I've applied the R2 update. But mine is still grayed out and not selectable.

    ReplyDelete

  7. I'm getting the below within the Event log. Everything grayed out.

    The IM provider registry location doesn't contain a path to the implementation .dll file.

    Key: SYSTEM\CurrentControlSet\Services\MSExchange OWA\InstantMessaging
    String: ImplementationDLLPath

    ReplyDelete

  8. Hi, any developpement on the greyed out IM in OWA, because i have the same problem, all patchs are added even the R2 one (Running w2k8 r2 ent).

    ReplyDelete

  9. Please double-check each of the steps above. I've implemented this many times with no issues, as long as the steps above are followed carefully.

    ReplyDelete

  10. If I do these steps will there be any need for a reboot of our "only" CAS server? Any downtime required for a reboot? Restart services? Anything?

    ReplyDelete

  11. Nope, no need to restart anything. It just works.

    ReplyDelete

  12. Hi Jeff,

    I would like to thank you for this blog post, it's been definitely informative.

    In my lab implementation, I've experienced few problems with the integration while I followed your step by step guide. The reason why my integration failed was, the hash algorithm of the certificate was sha512 on both the Exchange Server and the Lync Server.

    I've written a blog post about this matter and I hope that it helps also your blog readers.

    http://blog.kabal.se/post/2010/12/27/Integrate-Lync-Server-2010-with-Exchange-2010-SP1-OWA-sha512-Certificate-Limitation.aspx

    Best Regards
    Omid

    ReplyDelete

  13. Get-OwaVirtualDirectory : fl *instant* in Exchange Management Shell, reveals only

    •InstantMessagingType =none

    •InstantMessagingEnabled = false

    how can i get rest i.e

    •InstantMessagingCertificateThumbprint =

    •InstantMessagingServerName =

    please help me

    ReplyDelete

  14. I just used these directions after trying other directions earlier and these worked first time. Thanks.

    ReplyDelete

  15. I have followed your steps. but get the message instant messaging is not available at this moment.
    When i run this command: Get-CsManagementStoreReplicationStatus is see that the replication with exchange status false is. what can i do about it.?>

    ReplyDelete

  16. i,
    I follow all the instruction. But not work, i read all user comments. Then issue is my local exchange fqdn and my go-daddy cas certificate name fdqn is different: example
    exchange server fqdn: abc.contose.com
    CAS Certificate name: mail.contose.com
    Lync fqdn: lync.contose.com
    local ad: xyz.contose.com

    When I create a trusted role on lync then give me an error the mail.contose.com not exist in active directory. then i create a computer name in ADUC "mail" but no effect.
    This is my production environment and I don, t want to any mass on my exchange server CAs certificate. Please help what can i do.

    ReplyDelete

  17. “Instant Messaging isn’t available right now. the Contact List will appear when the service becomes available”…

    Im getting the above error when i login to OWA. Have analysed the logs using the Lync Logging tool and it appears my problem may be certificate related as the following error is flagged:

    "The connection was closed before TLS negotiation completed. Did the remote peer accept our certificate?"

    My Exchange is using a public CA. It is also Exchange 2010 SP1 on Windows 2008 R2. Lync is also on R2 but using a self signed certificate. Any ideas on why im getting the above errors?

    ReplyDelete

  18. Sounds like AD replication has not completed.

    ReplyDelete

  19. Thanks for your answer Jeff but i dont think that islikely. This is one single site with one DC. The problem appears to be certificate related. Both certs are only capable of server authentication. Do these need to include client authentication? As the Exchange server rejects the Lync cert. At least that's what the SIP Stack is telling me. Unless its a red herring.....

    ReplyDelete

  20. Great, thanks for the information. I have followed your guide and it works perfectly. I have 2 Exchange 2010 SP1 CAS servers with OWA and a Lync 2010 Enterprise deployment with Edge services working beautifully! Keep up the good work! cheers, KRC

    ReplyDelete

  21. What if you're in a coexistence scenario where you have some users on Lync and others on OCS. Is this a case of one or the other, but not both? Assuming that is the case and you point OWA to Lync, what is the experience for someone who logs in and isn't on Lync yet?

    ReplyDelete

  22. Hi Scott,

    Lync OWA integration only works for Lync users. If you're already using CWA 2007 and want to minimize web access downtime, migrate Lync users only when they've been migrated to Exchange 2010.

    ReplyDelete

  23. I've followed this procedure to a T. Doesn't work.

    ReplyDelete

  24. Jeff -

    The link for Hotfix KB 2400399 is now pointing to Hotfix KB 2647091, so both UcmaRedist.msp are the same 4 MB file.

    I followed all the other steps, it's not working though.

    ReplyDelete

  25. Great instructions, thanks Jeff!

    The only issue I had was the certificate assignment grabbed the public UC cert and not the internally signed cert.

    I ran Get-ExchangeCertificate and then copied the correct thumbprint. Then ran Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InstantMessagingCertificateThumbprint . After a quick IISReset, OWA/Lync integration came right up.

    ReplyDelete

  26. Great instructions, thanks Jeff!

    The only issue I had was the certificate assignment grabbed the public UC cert and not the internally signed cert.

    I ran Get-ExchangeCertificate and then copied the correct thumbprint. Then ran Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InstantMessagingCertificateThumbprint . After a quick IISReset, OWA/Lync integration came right up.

    ReplyDelete

  27. Thanks for this, but I had the problem of IM not signing in (nothing happens, Chat greyed out). Used the Lync logging tools and Res Kit to Analyze. Turns out it was trying my external FQDN of my CAS instead of my internal FQDN (webmail.domain.com instead of webmail.domain.local). Deleted Trusted App Server from topology, re-publish, recreate Trusted App Server using external FQDN and re-Published. Then re-run New-CsTrustedApplication cmdlet using External FQDN and Bingo all now working.

    ReplyDelete

Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.

Subscribe to: Post Comments (Atom)