Integrate OCS 2007 R2 with Exchange Server 2010 SP1 OWA
2010-06-21 45 Comments
I have seen a number of posts in different forums with questions on how to integrate Office Communications Server2007 R2 with Outlook Web App in Exchange Server 2010 Service Pack 1. There are some changes made in SP1 that will cause your current integration to break. But this can be easily fixed with a couple of configuration changes.
Changes? Why Changes??
Well, changes in this case is good. What Microsoft has done is to move the Instant Messaging settings for the OWA virtual directory from web.config to Active Directory where it should be. It’s better to have all parameters for OWA virtual directory gathered in one place, right?
Below, I will walk you through the complete configuration process. If you only want to read about the configuration related to SP1, scroll down a bit to configuration!
Pre-requirements
OCS 2007 R2 Web Service Provider found here:
http://www.microsoft.com/downloads/details.aspx?familyid=CA107AB1-63C8-4C6A-816D-17961393D2B8&displaylang=en
Hotfix for the OCS 2007 R2 Web Service Provider:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=45C94403-39FA-44D3-BE23-07F25A2D25C7
Update Unified Communications Managed API 2.0 Redist (64 Bit) Hotfix KB 2282949:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1F565A42-71D2-4FBD-8AE0-4B179E8F02AB
When running Exchange2010 Sp1 on a Windows 2008 R2, include the following UCMAREDIST Update, available here:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=b3b02475-150c-41fa-844a-c10a517040f4
Installation
The installation of the Web Service Provider is quite straight forward:
- Download and execute CWAOWASSPMain.msi to you Exchange Server 2010 CAS.
- In Windows Explorer, navigate to the directory where the files from CWAOWASSPMain.msi were placed. The default location is C:\Web Services Provider Installer Package\.
- Execute and install vcredist_x64.exe.
- Execute and install UcmaRedist.msi.
- Go to Start > All Programs > Accessories, right-click Command Prompt, and then click Run as Administrator.
- Go to the directory where the files from CWAOWASSPMain.msi were placed and run CWAOWASSP.msi.
- Install the other updates listed under pre-requirements above.
Done, you should now have all the required components installed on you Exchange Server 2010 CAS.
Configuration
Certificate
First we will configure the certificate. We start of by getting the thumbprint of the certificate by using the following command:
get-ExchangeCertificate | fl
Your thumbprint should look something like this:
4DC1EE3506E06E971FF82AC8DD60015EAC11B21E
4DC1EE3506E06E971FF82AC8DD60015EAC11B21E
To apply this to our configuration use the following command:
Set-OwaVirtualDirectory -Identity <"WebSiteIdentity"> –InstantMessagingCertificateThumbprint <CertificateThumbprint>
Set-OwaVirtualDirectory -Identity <"WebSiteIdentity"> –InstantMessagingCertificateThumbprint <CertificateThumbprint>
Example:
Set-OwaVirtualDirectory -Identity "SUNDIS-EX01\owa (Default Web Site)" -InstantMessagingCertificateThumbprint 4DC1EE3506E06E971FF82AC8DD60015EAC11B21E
Set-OwaVirtualDirectory -Identity "SUNDIS-EX01\owa (Default Web Site)" -InstantMessagingCertificateThumbprint 4DC1EE3506E06E971FF82AC8DD60015EAC11B21E
Server Name
Next we set the server name for the OCS server, this should be the FQDN of the OCS server. Use the following command:
Set-OwaVirtualDirectory -Identity <"WebSiteIdentity"> –InstantMessagingServerName <ServerFQDN>
Set-OwaVirtualDirectory -Identity <"WebSiteIdentity"> –InstantMessagingServerName <ServerFQDN>
Example:
Set-OwaVirtualDirectory -Identity "SUNDIS-EX01\owa (Default Web Site)" -InstantMessagingServerName sundis-ocs01.sundis.local
Set-OwaVirtualDirectory -Identity "SUNDIS-EX01\owa (Default Web Site)" -InstantMessagingServerName sundis-ocs01.sundis.local
Set type and Enable
Next we set the type of Instant Messaging Server to OCS by using this command:
Set-OwaVirtualDirectory -Identity "SUNDIS-EX01\owa (Default Web Site)" -InstantMessagingType OCS
Set-OwaVirtualDirectory -Identity "SUNDIS-EX01\owa (Default Web Site)" -InstantMessagingType OCS
And last but not least we enable Instant Messaging Server by using the following command:
Set-OwaVirtualDirectory -Identity "SUNDIS-EX01\owa (Default Web Site)" -InstantMessagingEnabled $true
Set-OwaVirtualDirectory -Identity "SUNDIS-EX01\owa (Default Web Site)" -InstantMessagingEnabled $true
Finish the configuration by doing a get to se the changes we made with the following command:
Get-OwaVirtualDirectory | fl InstantMessagingCertificatethumbprint, InstantMessagingServerName, InstantMessagingType, InstantMessagingEnabled 
Well I almost forgot, the last thing you should do after all these configuration changes is to restart IIS by entering the following command:
iisreset /noforce
iisreset /noforce
Now you should be all set!
OCS Settings
You do however need to make one last finishing touch on the Office Communications Server. That is to add the FQDN of the certificate that you specified in the Set-OwaVirtualDirectory command above as a trusted host in you OCS server. To do this Navigate to the pool or server in OCS, right click on your pool or server and select Properties and then Forest End Properties.
Open the Host Authorization tab and then click Add.
Enter the FQDN found on the certificate you added in the previous step and make sure that you check Throttle AS Server and Treat As Authenticated, when finished click Ok. The FQDN will most certainly include a external domain in your case. In my case it’s an internal domain for testing purposes.
Make sure that all settings are correct, when finished click Ok.
Give OSC a moment to apply the settings and then head of to OWA and enjoy!
Thanks for reading and don’t hesitate to comment if you have any further questions or thoughts about the post!
Martin's Wonderful World of Unified Communications 
Thank you very mutch.
No worries, I’m glad that you find it helpfull!
Pingback: Exchange 2010 RTM and SP1 OWA Integration With OCS 2007 R2 « msunified.net
The link for the UcmaRedist.msi update to install on a W2008 R2 appears to be unavailable. Was it pulled or is there an updated link.
Disregard, just noticed someone updated my E2010 servers with .NET 4.0 install goes much better with it removed. I’m getting really tired of all these .net versions, it’s getting rediculas.
Great :)
Yes .NET 4.0 must be removed for UcmaRedist.msi to work, thanks for pointing that out.
Thanks a lot, but can you provide alternative link to the 2008 R2 hotfix ? or can you upload it if you have it ? the link is broken.
The update has been pulled by Microsoft because of an issue with response groups. As of now this update is no longer available but Microsoft is working on a re-release.
I will take a look and see if I have the update and if I can make it available for you to download.
hi, any update on the patch availability? i have server 2008 r2 and just missing that patch to fully integrate ocs and owa.
If you’re still looking for the hotfix I have updated the post with a working link to the new download page.
Pingback: Step by step guide how to integrate OCS 2007 R2 in Exchange Server 2010 SP1 OWA « UC2GO Blog
If you need the pulled update send me an email at martin (a) sundstroms (dot) se and I will try to help you!
Hi, it was really helpful.
Thanks
My pleasure Rajesh! Thanks for reading and leaving your feedback!
Hi Martin,
I’ve done the exact steps you posted here. but we end up with the message:
“instant messaging isn’t available right now the contact list will appear when the service becomes available”
without the SP1 it was working fine. we have a wildcard certificate for our webmail/ocs server
thanks for your help
Hi Bauke,
First I have to apologize for the late answer! Is this issue still valid or have you solved it already?
Best regards
Martin
hi martin,
No problem. the issue is still there :-)
i’m completely out of options.
if you need any logging or something please let me know
thanks in advantage
Bauke
Ok, lets see if we can get it to work. Try to add the complete OWA URL into the Host Authorization tab of OCS, I had this problem myself when setting this up and that solved it.
so that will be https://webmail.domain.com/owa ?
I think I can only enter a fqdn and webmail.domain.com is already in the list
Can you try with the internal fqdn and not the external one? And make sure that the certificate matches the internal fqdn.
I have tried it already with
– cas fqdn’s and without external fqdn
– cas fqdn’s and external fqdn
– external fqdn only
no luck at all.
we use a wildcard on the isa / cas / frontend servers only the OCS server is no wild card. it is the fqdn of the server self signed by internal CA
Sorry that I didn’t notice that you use a wildcard certificate before, but the Exchange server needs to have a certificate with a subject name when integrating with OCS and not a Wildcard cert. Office Communications Server requires the use of x.509 certificates and does not support wildcard. Could you issue a trusted certificate with a subject name and try? This can be an internal one like in my example just to make sure that it works using a standard or SAN certificate, it must still be trusted though.
You could also try to enable logging for the SIP stack, using the resource kit tools of OCS R2.
Nice article, I did as exactly described above and it works fine … vrrrrooooom :-)
Thanks Rajesh, I’m glad that you find it helpfull :)
I have followed all the steps, but cannot seem to send IM’s in both directions. When logged in to OWA I can see presence of users, can send them IM’s, but if they are on Office Communicator 2007 R2 client they cannot respond to the messages. I am running OCS 2007 R2 and Exchange 2010 SP1 with all latest updates. Anyone have a similar problem?
Pingback: Anyone get BES 5.0.3 to work with OCS 2007 R2? - Port3101.org : Your BES Connection
Hello everyone, i follow all steps, everything looks ok!, but when i logged in to de OWA i can´t see the owa integration previously thats works but i have a crash server i was reinstall my CAS server anybody can help me??
Hi, is it possible for you do describe your environment a bit more please? Have you changed any names etc on your CAS server?
Of course, when my CAS and Hub Server gone crash this server have name EXCAS, i try to recover but with recoverymode /-m command but thas give me any errors and i have to install on another serve and rename EXCAS2 and my exchange works again but since when i login to my OWA i cant see my Chat working again. I investigate and find your post follow every steps and never send me a message of erro just warning like this: WARNING: The command completed successfully but no settings of ‘EXCAS2\owa (Default Web Site)’ have been modified.
and when i login into my OWA i can see the change works i have Exchange 2010 SP1 Rollup 4
waitin for you reply
Have you checked if you have a host specific certificate in Host Authorization that points to the old server?
You shouldn’t have to change any settings on the Exchange server, thats why you receive the “no change” warning message…
Finally i can recover my old CAS server and follow all steps but in my public OWA i can´t see de OCS connection but if i log into the old CAS server FQDN to acces OWA i can see this message: Currently unavailable IM. The contact list will appear when the service is available.
When i run this command
Set-OwaVirtualDirectory -Identity “EX-MAIL\owa (Default Web Site)” -InstantMessagingEnabled $true
result is :
WARNING: The command completed successfully but no settings of ‘EX-MAIL\owa(Default Web Site)’ have been modified.
even i am not able to restart iis from command :
iisreset /noforce
as you given…
tell is this okay i perform further steps….
every thing is perfect but this warning is coming and i think just because of this i am not able to perform integration with exchange 2010 (owa)
do you have any way to out …
Hi, and thanks for reading!
The warning message you see is just telling you that the configuration is already done. The attributes you are trying to change does already have the setting you are applying. So everything should work fine even if you receive that message.
Have you completed the configuration and been able to test your configuration?
Thanks for the reply
when i login to OWa messages shows:
instant messaging isn’t available right now. the contact list will apper when service become available.
and i am not able to go online throught OWA… when i clicked …sign in to IM .. nothing will happen..
i completed all setting but still not able to sign in throught OWA
and i can give access
to my owa so you can understand it well with the test user… i am doing this in my home lab and its online on www
The most common error when configuring integration for owa is certificates, have you used a trusted certificate for this solution?
can you please explain how i can do this … if you raise any link or tell me the step for trustes ceritificate
so things will help me more …
Prerequisites
You must have:
1 Deployed Microsoft Exchange Server 2010 in your organization.
2 Deployed Lync Server 2010.
3 Obtained a certificate that’s trusted by the Lync Server 2010 server and the Client Access server and is issued by the same authority. The certificate must have the Client Access server namespace as the subject on the Subject line. The namespace may be the name of a particular Client Access server, or it may be a DNS name that’s used for load balancing across multiple Client Access servers.
4 Recorded the fully qualified domain name (FQDN) of the Lync Server 2010 server or the Lync Server 2010 pool that the Client Access server will connect to. The server or pool should be geographically close to the Client Access server.
5 Enabled your users to use Lync Server 2010 via the Lync Server 2010 user administration tools.
AND I THINK SO I HAVEN’T DONE THE THIRD PRE-REQUSITES BUT I ALSO DONT KNOW HOW TO MANAGE BOTH CERTIFICATE FROM SAME CA.
AS I HAVE ONLY TWO CERTIFICATES IN My CA.. ONE FOR ROOTCA AND SECOND MY LYNC 2010 SERVER… BUT I NEED TO CONFIGURE EXCHANGE CERTI.. IN CA … BUT I DONT KNOW THE EXCATE WAY TO CONFIGURE IT
use a trusted certificate for this solution?
To configure and request a certificate from an internal CA look at the following link: http://www.lynclog.com/2011/04/integrating-exchange-um-with-lync-2010.html
It will give you the information you need on how to use a internal CA to secure your Exchange 2010. Note that the site describes the process of generating a certificate for the UM role, but the process looks the same for OWA certificates.
Hi, how i can erase all this configuration for do it again since 0 because doesn´t work and i 2 times the same canfiguration!!! :(
Thanks a million. This post works for Exchange 2010 SP2 as well. Ours was done in a matter of 20 minutes.
Great, I am glad it helped you! Thanks for commenting!
I think the admin of this site is really working hard
in favor of his website, because here every stuff is quality based data.