Exchange Outlook Web App and OCS 2007 R2 integration
I don't know if everyone knows about this feature, but for me i think this is one of the coolest integration features in OCS 2007 R2 and Exchange 2010.
The concept is to integrate outlook web App with office communications Server 2007 R2 for presence and instant messaging, which means that users using Outlook web App will have The ability to provision their presence and use a built-in instant messaging system to chat with other OCS users, in addition to the basic Outlook Web App features. Isn't cool!
Let's get started and see how this can be accomplished.
There are four main steps to get this work
A - Configuring the Exchange Client Access Server
B - Configuring the Office Communication Server
C - User Configuration
D - High availability considerations
A - Configuring the Exchange Access Server
In order to properly configure your Exchange Client Access Server you should follow the following steps:
1. Download and install the "Microsoft Office Communications Server 2007 R2 Web Service Provider" on your Exchange 2010 CAS server (this adds special DLLs and configuration files needed to link OWA 2010 to your OCS 2007 R2 environment)
2. Gather Information about the certificate used by the Client Access Server.
3. Edit the OWA Web Config file.
4. Enable OCS Integration.
5. Restart Internet Information Services.
Step 1:- Downloading/Installing the OCS 2007 R2 Web Service Provider Files
Follow this link CWAOWASSPMain.msi to Download and install on your Exchange Client Access Server the "Microsoft Office Communications Server 2007 R2 Web Service Provider”
Step 2: Gather Certificate Information
In order to establish a secure communication between the Office communications Server and the Exchange Server both Servers should trust each other's, thus the certificate that used on the exchange server and assigned to Internet Information Services should be trusted by the OCS Server, thus the Exchange Certificate and OCS server Certificate would either be issued from the same issuer, for example: Enterprise/Subordinate CA. or issued by third party public Certificate Services example "VeriSign, star field ... etc...".
Note that in some cases where exchange is using a public Certificate for IIS and a private certificate for SMTP services you should always use the public certificate information used by IIS in the web.config file that we will see in the next step
In order to examine the Exchange Certificate Used by IIS uses the following command from the exchange PowerShell:
Get-ExchangeCertificate |fl
You should have a similar output portion in case of a private Certificate
IsSelfSigned : False
Issuer : CN=RootCA, DC=mydomain, DC=com
SerialNumber : 71652G3R00000000001A
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=Exch2k10.mydomain.com
----------------------------------------------------------------------------------------------------------------------------
In case of a public Certificate used for IIS
IsSelfSigned : False
Issuer : SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US
SerialNumber : 03F7FA1DFB783B
Services : IIS
Status : Valid
Subject : CN=Exch2k10.mydomain.com
---------------------------------------------------------------------------------------------------------------------------
Step 3: Edit the OWA Web Config File
On the Client Access Server, navigate to the following directory:
C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OWA
Open the web.config file using Notepad and perform the following steps:
1. Search for OCS (IMPoolname). You see the following three entries:
2. Populate the pool/server name:
In the <add key="IMPOOlName" section, insert the FQDN of the OCS server between the final two quotes. For our example, the line will look like this:
3. Populate the Certificate Issuer:
In the <add key="IMCertificateIssuer" section, insert the issuer of the certificate (gathered earlier) between the final two quotes. For our example, the line will look like this:
Important: in case you have double quotes included within your Certificate issuer name you should enclose the certificate issuer name with a single quote. for our example the line will look like this:
4. Populate the Certificate SerialNumber:
In the <add key="IMCertificateSerialNumber" section, insert the certificate serial number between the final two quotes. For our example, the line would look like this:
or
Important: You must manually add spaces in the Serial Number string to separate each octet or the system cannot locate the certificate.
5. Save and close the Web.config file.
Step 4: Edit the OCS Integration
To enable the OWA Virtual Directory to use OCS IM integration, from Exchange PowerShell, type the following command:
Get-OwaVirtualDirectory -server SERVERNAMEHERE Set-OwaVirtualDirectory -InstantMessagingType 1
Step 5: Restart Internet Information Services
Although the preceding changes should be detected automatically, administrators might need to restart IIS on the Client Access Server. However, doing so can cause any current OWA sessions to be logged off, so care should be taken.
From the command prompt on the Client Access server, issue the IISRESET command to restart the services.
B- Configuring the Office communications Server
Prerequisites: hotfix for UcmaRedist.msi; UcmaRedist.msp from the Microsoft Office Communications Server 2007 R2 Hotfix KB 968802 in case you have installed OCS 2007 R2 on windows 2008 R2
The Exchange Server 2010 Outlook Web App IM integration component is implemented as an OCS 2007 end-point. Thus For the integration component to sign in to OCS 2007 R2, the OCS server must be configured to trust the Client Access Server.
This is accomplished by adding the Exchange Client Access Server as a trusted server on the OCS 2007 R2 front end. To do so, perform the following steps:
1. While logged in as an OCS administrator, start the OCS Management Console by selecting the following:
Start\All Programs\Administrative Tools\Office Communicator Server 2007 R2
2. Navigate to the OCS 2007 R2 Pool. Right-click the OCS Pool name and select Properties; then select Front End Properties
3. Click on the Host Authorization tab; then click the Add button.
4. In the Add Authorized host window
Select the FQDN radio button.
Type the name of the Client Access Server, basically what you type in to run OWA, such as owa.mydomain.com
(Note: you could use the IP address button instead of the FQDN button but this is less secure as it does not rely on certificate authentication, so use the name you use to access OWA externally as that'll likely use https SSL security and will work)
Select (checkbox) the following options: Treat as Authenticated and Throttle as Server.
5. Click OK to save the configuration changes.
6. To allow changes to take effect immediately, stop and restart the OCS front-end services; note that doing so will disconnect any active users.
C- User configuration
Users should be enabled for OCS with enhanced presence enabled prior of using the IM integration
D- High availability considerations
in order to configure OCS outlook web app integration in an highly available environment where multiple Exchange CAS configured for load balancing exists, you should take the following into consideration :
1- Create the web.conf entries on all load balanced CAS servers
2- Enable IM integration on all load balanced CAS servers
3 - Add all CAS servers FQDNs along with the OWA load balanced FQDN as authorized hosted to the OCS server pool properties.
UPDATE FOR Exchange 2010 SP1
if you install Exchange 2010 SP1 the previous configuration will be broken, this Microsoft has introduced some changes on exchange to the instant messaging settings. actually what micorosoft has done is that they have moved the instant messaging settings from web.config to Active Directory where it should be.
But this is will not require you to redo all the integration steps what you will need is to simply discard the web.config part and run the following commands on all Exchange CAS servers deployed in your organization.
Get-ExchangeCertificate | Where-Object {$_.Services -match "IIS"} | Get-ExchangeCertificate | fl thumbprint,subject
Copy paste the Certificate thumbprint in the following command
Get-OwaVirtualDirectory -Server "CasServer" | Set-OwaVirtualDirectory -InstantMessagingCertificateThumbprint 4DC1EE3506E06E971FF82AC8DD60015EAC11B21E -InstantMessagingServerName ocspoolname.domain.local -InstantMessagingType OCS -InstantMessagingEnabled $true
Enjoy!
Do NOT install Exchange 2010 SP1 on your Edge/TMG server
If you are running Exchange 2010 Edge on Forefront TMG do NOT install Exchange 2010 SP1 on it yet. Doing so will lead to crash your TMG Managed Control service with the error
The Forefront TMG Managed Control service failed to initialize. Error information: Command failed with error: The term 'Get-AntiSpamUpdates' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again
Can’t install Exchange 2010 RTM when Exchange 2007 SP3 exists
I am faced with a very funny issue at a client where I'm migrating from Lotus Domino to Exchange.
As you might know Microsoft didn't release migration tools from Lotus to Exchange 2010 directly so the path was Domino -> Exchange 2007 and then Exchange 2007 -> Exchange 2010.
Since Exchange 2007 SP3 has been released a couple of days ago I've installed it on, what I was planning to be, a temporary server.
I was surprised today that I was not able to install Exchange 2010 and setup.com /PrepareSchema failed with the following error.
Single Mailbox Recovery in Exchange 2010 – Magic
Introduction
We have seen in part 1 of this tutorial the classical approach to single mailbox recovery from backups using Exchange 2010 and how this method can only restore the mailbox content to a new structure and this could be annoying for some.
Analyzing the findings of our first approach we can deduce that the problem lies behind the fact that the new mailbox of user2 has a different GUID than the one in the backup. So, logically, changing the GUID of the new mailbox and setting it to the same as the one in backup should solve the issue right ?
Let's see how we can accomplish this to make the magic happens.
Disclaimer:This article contains steps that tell you how to use ADSIEdit.msc. However, serious problems might occur if you use it incorrectly. Therefore, make sure that you follow these steps carefully and I cannot be held responsible for any damage you might bring do to your system.
Single Mailbox Recovery in Exchange 2010 – Classic
Introduction
I have written a 2 part tutorial at simple-talk.com about Microsoft Exchange 2010 Backup and Restore in which I have covered all steps needed to successfully backup your database as well as different recovery scenarios. This article can be looked at as an extension of the recovery process, part 2, and will cover the case when a single mailbox needs to be recovered from the backup.
I would like to stress first that it is not usually needed to recover a single mailbox from a backup when running Microsoft Exchange 2010 because deleted mailbox can be found in the "Disconnected Mailboxes" under "Recipient Configuration" and can simply be reconnected. However if you are just curious to learn or you are in need to recover a single mailbox for whatever reason keep on reading.
I will assume in this article that you are already familiar with the backup and restore process and that a successful full backup of the database already exists.
Backup/Restore/Manage your Exchange whitelist using exchange management shell
I will show you today how to manage, backup and restore you sender safe list on Exchange 2007 and 2010 using exchange management shell cmdlets.
To add a entry
$SafeSenders = (Get-ContentFilterConfig).bypassedSenders $SafeSenders.Add("user@safedomain.com") Set-ContentFilterConfig -BypassedSenders $SafeSenders
