Lync and Exchange 2013 OWA integration

#en, #exchange, #lync, #skype4b edit this page

I configured Lync 2013 to work with Exchange 2013 these days, as it took me a while to get the ‘Online Meeting request’ up and running, I thought I’d post a quick post here.


The first thing to consider when thinking about integration between Exchange 2013 and Lync is certificates. The servers use OAuth and TLS connections and we need the certificate common names to match the names that the servers use to access the resource. In my simple environment I do have the CN ly14.ntsystems.local on my Lync server’s certificate, the Exchange server’s certificate has a CN of ex14.ntsystems.local.

Exchange 2013 - Enterprise Partner Application

The first thing we configure, if it’s not already set up, is Exchange Autodiscover service. What we actually care about is the internal URI used:

Get-ClientAccessServer | fl AutoDiscoverServiceInternalUri

If it looks good, we go ahead and use the following script shipped with Exchange to set up an Enterprise Partner Application.

& $exInstall\Scripts\Configure-EnterprisePartnerApplication.ps1 –AuthMetaDataUrl https://ly15.ntsystems.local/metadata/json/1 -ApplicationType Lync

The “&” sign tells PowerShell to start the script located at the Scripts folder in the Exchange 2013 installation directory. With the AuthMetaDataUrl we specify the Lync 2013 Pool’s Auth Metadata document, this includes public key information for the Partner Application.

Lync 2013 - Trusted Application Pool

So next up we have to configure Lync to trust the Exchange Server 2013.

New-CsTrustedApplicationPool -Identity ex15.ntsystems.local -Registrar -Site Bolzano -RequiresReplication $False

New-CsTrustedApplication -ApplicationId OutlookWebApp -TrustedApplicationPoolFqdn ex15.ntsystems.local -Port 5199</p>

New-CsPartnerApplication -Identity Exchange -ApplicationTrustLevel Full -MetadataUrl https://autodiscover.ntsystems.local/autodiscover/metadata/json/1

Set-CsOAuthConfiguration –Realm ntsystems.local


Ok, so first we create a new Trusted Application Pool withing Lync, the Identity of the application pool is the Exchange 2013 server, the registrar is the Lync standard edition server. Then we create a Trusted Application and assign it to the trusted application pool configured before. The third thing we configure is a Partner Application and set the OAuth configuration, we need those last steps for the Online Meeting request in OWA, make sure that you actually use the Autodiscover URL, this didn’t work if I used the server name instead.

Ok, once the configuration is done, publish the topology.

Exchange 2013 - Enable Instant Messaging

Back on the Exchange side of things we need to configure the OwaVirtualDirectory to enable Instant Messaging.

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –InstantMessagingEnabled $True -InstantMessagingType OCS

Now comes the nasty part, we have to update OWA’s web.config file to include the Exchange Servers certificate thumbprint. So first, we use the following cmdlet to get the certificate’s thumbprint:


Copy the thumbprint of the certificate that is assigned to the IIS service and fire up notepad to open the web.config file of the Owa virtual directory, located here:

C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\OWA\web.config

No we need to Include the following Lines underneath the <AppSettings> node:

<add key="IMCertificateThumbprint" value="Exchange Cert Thumbprint"/>
<add key="IMServerName" value="ly15.tomt.local"/>

So, after updating that web.config file, there is one step left, we need to actually allow users to use instant messaging in OWA. This is controlled in the Owa mailbox policy, to keep it simple I’ll just update the default policy which will enable IM for everybody. 

Set-OwaMailboxPolicy -Identity "Default" -InstantMessagingEnabled $True -InstantMessagingType "OCS"

Wow, now that all configuration is done, I like to do a quick iisreset to make sure all the configuration changes are picked up, obviously this should not be done on production machines…

If users sign in to webmail, they will be able to sign into Lync, set their state and participate in IM chats.


And, as a nice little addon, we can now also create Online Meeting requests from OWA:


Note, Exchange 2013 CU1 is required for Online Meeting requests and Lyncdiscover has to be set up, too.