I configured Lync 2013 to work with Exchange 2013 these days, as it took me a while to get the ‘Online Meeting request’ up and running, I thought I’d post a quick post here.
Certificates
The first thing to consider when thinking about integration between Exchange 2013 and Lync is certificates. The servers use OAuth and TLS connections and we need the certificate common names to match the names that the servers use to access the resource. In my simple environment I do have the CN ly14.ntsystems.local on my Lync server’s certificate, the Exchange server’s certificate has a CN of ex14.ntsystems.local.
Exchange 2013 - Enterprise Partner Application
The first thing we configure, if it’s not already set up, is Exchange Autodiscover service. What we actually care about is the internal URI used:
Get-ClientAccessServer | fl AutoDiscoverServiceInternalUri
If it looks good, we go ahead and use the following script shipped with Exchange to set up an Enterprise Partner Application.
& $exInstall\Scripts\Configure-EnterprisePartnerApplication.ps1 –AuthMetaDataUrl https://ly15.ntsystems.local/metadata/json/1 -ApplicationType Lync
The “&” sign tells PowerShell to start the script located at the Scripts folder in the Exchange 2013 installation directory. With the AuthMetaDataUrl we specify the Lync 2013 Pool’s Auth Metadata document, this includes public key information for the Partner Application.
Lync 2013 - Trusted Application Pool
So next up we have to configure Lync to trust the Exchange Server 2013.
New-CsTrustedApplicationPool -Identity ex15.ntsystems.local -Registrar ly15.network.local -Site Bolzano -RequiresReplication $False
New-CsPartnerApplication -Identity Exchange -ApplicationTrustLevel Full -MetadataUrl https://autodiscover.ntsystems.local/autodiscover/metadata/json/1 Set-CsOAuthConfiguration –Realm ntsystems.local Enable-CsTopology</code> Ok, so first we create a new Trusted Application Pool withing Lync, the Identity of the application pool is the Exchange 2013 server, the registrar is the Lync standard edition server. Then we create a Trusted Application and assign it to the trusted application pool configured before. The third thing we configure is a Partner Application and set the OAuth configuration, we need those last steps for the Online Meeting request in OWA, make sure that you actually use the Autodiscover URL, this didn’t work if I used the server name instead. Ok, once the configuration is done, publish the topology. Back on the Exchange side of things we need to configure the OwaVirtualDirectory to enable Instant Messaging. Now comes the nasty part, we have to update OWA’s web.config file to include the Exchange Servers certificate thumbprint. So first, we use the following cmdlet to get the certificate’s thumbprint: Copy the thumbprint of the certificate that is assigned to the IIS service and fire up notepad to open the web.config file of the Owa virtual directory, located here: No we need to Include the following Lines underneath the <AppSettings> node: So, after updating that web.config file, there is one step left, we need to actually allow users to use instant messaging in OWA. This is controlled in the Owa mailbox policy, to keep it simple I’ll just update the default policy which will enable IM for everybody. Wow, now that all configuration is done, I like to do a quick iisreset to make sure all the configuration changes are picked up, obviously this should not be done on production machines… If users sign in to webmail, they will be able to sign into Lync, set their state and participate in IM chats. And, as a nice little addon, we can now also create Online Meeting requests from OWA: Note, Exchange 2013 CU1 is required for Online Meeting requests and Lyncdiscover has to be set up, too. Enjoy, tomNew-CsTrustedApplication -ApplicationId OutlookWebApp -TrustedApplicationPoolFqdn ex15.ntsystems.local -Port 5199</p>
Exchange 2013 - Enable Instant Messaging
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –InstantMessagingEnabled $True -InstantMessagingType OCSGet-ExchangeCertificateC:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\OWA\web.config<add key="IMCertificateThumbprint" value="Exchange Cert Thumbprint"/>
<add key="IMServerName" value="ly15.tomt.local"/>Set-OwaMailboxPolicy -Identity "Default" -InstantMessagingEnabled $True -InstantMessagingType "OCS"
