Exchange Outlook Web App and OCS 2007 R2 integration

I don’t know if everyone knows about this feature, but for me i think this is one of the coolest integration features in OCS 2007 R2 and Exchange 2010.

The concept is to integrate outlook web App with office communications Server 2007 R2 for presence and instant messaging, which means that users using Outlook web App will have The ability to provision their presence and use a built-in instant messaging system to chat with other OCS users, in addition to the basic Outlook Web App features. Isn’t cool!

Let’s get started and see how this can be accomplished.

There are four main steps to get this work

A – Configuring the Exchange Client Access Server
B – Configuring the Office Communication Server
C – User Configuration
D – High availability considerations

A – Configuring the Exchange Access Server

In order to properly configure your Exchange Client Access Server you should follow the following steps:

1. Download and install the “Microsoft Office Communications Server 2007 R2 Web Service Provider” on your Exchange 2010 CAS server (this adds special DLLs and configuration files needed to link OWA 2010 to your OCS 2007 R2 environment)
2. Gather Information about the certificate used by the Client Access Server.
3. Edit the OWA Web Config file.
4. Enable OCS Integration.
5. Restart Internet Information Services.

Step 1:- Downloading/Installing the OCS 2007 R2 Web Service Provider Files
Follow this link CWAOWASSPMain.msi to Download and install on your Exchange Client Access Server the “Microsoft Office Communications Server 2007 R2 Web Service Provider”

Step 2: Gather Certificate Information

In order to establish a secure communication between the Office communications Server and the Exchange Server both Servers should trust each other’s, thus the certificate that used on the exchange server and assigned to Internet Information Services should be trusted by the OCS Server, thus the Exchange Certificate and OCS server Certificate would either be issued from the same issuer, for example: Enterprise/Subordinate CA. or issued by third party public Certificate Services example “VeriSign, star field … etc…”.

Note that in some cases where exchange is using a public Certificate for IIS and a private certificate for SMTP services you should always use the public certificate information used by IIS in the web.config file that we will see in the next step

In order to examine the Exchange Certificate Used by IIS uses the following command from the exchange PowerShell:

Get-ExchangeCertificate |fl

You should have a similar output portion in case of a private Certificate

IsSelfSigned : False
Issuer : CN=RootCA, DC=mydomain, DC=com
SerialNumber : 71652G3R00000000001A
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=Exch2k10.mydomain.com
—————————————————————————————————————————-
In case of a public Certificate used for IIS

IsSelfSigned : False
Issuer : SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O=”Starfield Technologies, Inc.”, L=Scottsdale, S=Arizona, C=US
SerialNumber : 03F7FA1DFB783B
Services : IIS
Status : Valid
Subject : CN=Exch2k10.mydomain.com
—————————————————————————————————————————

Step 3: Edit the OWA Web Config File
On the Client Access Server, navigate to the following directory:
C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OWA

Open the web.config file using Notepad and perform the following steps:

1. Search for OCS (IMPoolname). You see the following three entries:

2. Populate the pool/server name:
In the <add key="IMPOOlName" section, insert the FQDN of the OCS server between the final two quotes. For our example, the line will look like this:

3. Populate the Certificate Issuer:
In the <add key="IMCertificateIssuer" section, insert the issuer of the certificate (gathered earlier) between the final two quotes. For our example, the line will look like this:

Important: in case you have double quotes included within your Certificate issuer name you should enclose the certificate issuer name with a single quote. for our example the line will look like this:

4. Populate the Certificate SerialNumber:
In the <add key="IMCertificateSerialNumber" section, insert the certificate serial number between the final two quotes. For our example, the line would look like this:

or

Important: You must manually add spaces in the Serial Number string to separate each octet or the system cannot locate the certificate.

5. Save and close the Web.config file.

Step 4: Edit the OCS Integration
To enable the OWA Virtual Directory to use OCS IM integration, from Exchange PowerShell, type the following command:

Get-OwaVirtualDirectory -server SERVERNAMEHERE Set-OwaVirtualDirectory -InstantMessagingType 1

Step 5: Restart Internet Information Services
Although the preceding changes should be detected automatically, administrators might need to restart IIS on the Client Access Server. However, doing so can cause any current OWA sessions to be logged off, so care should be taken.
From the command prompt on the Client Access server, issue the IISRESET command to restart the services.

B- Configuring the Office communications Server
Prerequisites: hotfix for UcmaRedist.msi; UcmaRedist.msp from the Microsoft Office Communications Server 2007 R2 Hotfix KB 968802 in case you have installed OCS 2007 R2 on windows 2008 R2

The Exchange Server 2010 Outlook Web App IM integration component is implemented as an OCS 2007 end-point. Thus For the integration component to sign in to OCS 2007 R2, the OCS server must be configured to trust the Client Access Server.

This is accomplished by adding the Exchange Client Access Server as a trusted server on the OCS 2007 R2 front end. To do so, perform the following steps:
1. While logged in as an OCS administrator, start the OCS Management Console by selecting the following:
Start\All Programs\Administrative Tools\Office Communicator Server 2007 R2
2. Navigate to the OCS 2007 R2 Pool. Right-click the OCS Pool name and select Properties; then select Front End Properties
3. Click on the Host Authorization tab; then click the Add button.
4. In the Add Authorized host window
Select the FQDN radio button.
Type the name of the Client Access Server, basically what you type in to run OWA, such as owa.mydomain.com
(Note: you could use the IP address button instead of the FQDN button but this is less secure as it does not rely on certificate authentication, so use the name you use to access OWA externally as that’ll likely use https SSL security and will work)
Select (checkbox) the following options: Treat as Authenticated and Throttle as Server.
5. Click OK to save the configuration changes.
6. To allow changes to take effect immediately, stop and restart the OCS front-end services; note that doing so will disconnect any active users.

C- User configuration
Users should be enabled for OCS with enhanced presence enabled prior of using the IM integration

D- High availability considerations
in order to configure OCS outlook web app integration in an highly available environment where multiple Exchange CAS configured for load balancing exists, you should take the following into consideration :

1- Create the web.conf entries on all load balanced CAS servers
2- Enable IM integration on all load balanced CAS servers
3 – Add all CAS servers FQDNs along with the OWA load balanced FQDN as authorized hosted to the OCS server pool properties.

UPDATE FOR Exchange 2010 SP1

if you install Exchange 2010 SP1 the previous configuration will be broken, this Microsoft has introduced some changes on exchange to the instant messaging settings. actually what micorosoft has done is that they have moved the instant messaging settings from web.config to Active Directory where it should be.

But this is will not require you to redo all the integration steps what you will need is to simply discard the web.config part and run the following commands on all Exchange CAS servers deployed in your organization.

Get-ExchangeCertificate | Where-Object {$_.Services -match "IIS"} | Get-ExchangeCertificate | fl thumbprint,subject

Copy paste the Certificate thumbprint in the following command

Get-OwaVirtualDirectory -Server "CasServer" | Set-OwaVirtualDirectory -InstantMessagingCertificateThumbprint 4DC1EE3506E06E971FF82AC8DD60015EAC11B21E -InstantMessagingServerName ocspoolname.domain.local -InstantMessagingType OCS -InstantMessagingEnabled $true

Enjoy!

Experienced Consultant Team Lead with a demonstrated history of working in the information technology and services industry. Skilled in Azure, Skype for Business, SQL Server, Iaas, Saas, PaaS, ITIL, Microsoft Solutions, and Servers. Strong information technology professional, technology passionate.

Posted in Messaging & Collaboration Tagged with: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*