Tuesday, July 15, 2014

Lync 2010 and 2013 IM integration into Exchange 2013

Recently I was working with one project Exchange Server 2013, after complete implementation need to integrated with Lync Server 2010.

Exchange 2013 has two roles. The Front End proxy, and the Back End. The Back End co-locates all roles which are: Mailbox, Client Access, Hub Transport and Unified Messaging.

In Exchange 2010 you configured the IM integration entirely on the server that had the Client Access role. This could be a standalone server all co-located role server depending on the infrastructure needed. This was a config file at Exchange 2010 RTM and later moved to Powershell and settings on OWA virtual directories with SP1+.

In Exchange 2013 configuration is necessary on both the Front End and Back End roles. In my case both roles installed on single server.

Exchange 2013 Server
    1. The first component to install is the Microsoft Office Communications Server 2007 R2 Web Service Provider which contains the necessary components to add basic IM and presence features into Outlook Web App.

2. The initial step is identify the certificate currently assigned to the IIS service in Exchange and record the thumbprint value.
  • Display a list of installed certificates and their enabled services by using the following cmdlet.  Copy the Thumbprint value for the certificate enabled for the IIS service. 

   3.    Perform in Powershell use “Get-OWAVirtualDirectory –identity “Exchange2013FrontEnd\owa (default web site)” |select inst*” to immediately get the necessary information.
 4.      Use PowerShell command to set the OWA Virtual directory
“Set-OwaVirtualDirectory –identity “Ex.tech.com\owa (default web site)” –InstantMessagingEnabled $true –InstantMessagingType OCS”

 5.   If you have more Exchange servers on in your environment, perform the above command against ALL your Exchange 2013 servers.

   6.  Once this has been set we need to configure certificates. Generate a new Certificate using New-ExchangeCertificate against the internal CA that Lync uses.
          Use the following two commands:

$Data = New-ExchangeCertificate –GenerateRequest –SubjectName “CN = Tech-DC-CA, DC = Tech, DC = Com” –DomainName “DC.Tech.com” –PrivateKeyExportable $true –FriendlyName “Desired Cert Name”


Set-Content –Path “c:\your desired location” –Value $Data

7.     Once this is done we need to complete the signing request against your internal certificate authority. Use the same internal CA as what you used for SSL procurement for your Lync platform.

8        We now need to complete the signing request using Import-ExchangeCertificate

       Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path ‘c:\cert location’ -Encoding byte -ReadCount 0))

We need to ensure we have done for all Exchanges servers.

9.  We are now in a place where all our Exchange 2013 have had the necessary configuration via Powershell and ‘Set-OWAVirtualDirectory’, and we have installed Certificates on all our Exchange 2013. We now need to edit a web config file on each Exchange 2013.

The file we want to modify is the web.config file in the following location “C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa”.

10.    Open the Web Config file and perform a search for “
”. This takes you to the end of all App Settings configuration. Add these two lines in:


11.  It is important to note that the thumbprint you enter in each web.config file is the thumbprint of the Certificate you have created on each Exchange Servers.

  12.   Once you have performed this on all Exchange Servers we need to open the Lync Topology Builder and enter each Exchange Servers as a Trusted Application

     13.  Add each Exchange 2013 server separately, matching the FQDN of the server and the certificate published for the Exchange as the Trusted Application. Add all required Exchange 2013 Servers.

    14.  Once created you can edit them and remove ‘Enable replication of configuration data to this pool’ as this is not needed for Lync IM integration.

Once done, publish the Lync topology.

15.  To verify the changes are seen by the Lync Server use the Get-CsTrustedApplicationPool cmdlet with the Lync Server Management Shell to display the trusted application pool configuration. 
16. The Get-CsTrustedApplicationComputer cmdlet will also show the defined computer object when the Single Computer Pool option is selected in the Topology Builder.
17.  We now need to open a Lync Powershell session and perform the following:

       New-CsTrustedApplication –ApplicationID “Ex.tech.com” –TrustedApplicationPoolFqdn “Ex.tech.com” –Port 5070

     18.  Perform an iisreset on the Exchange Server where the changes where applied to force and update of the IIS metbase and service.  If this is a live environment then the /noforce option should be added to prevent dropping any active client connections.

19.  As instructed by the previous command issue the Enable-CsTopology cmdlet to apply the latest configuration changes.  The -v switch (for verbose) can be used to display the command progress as well as the location of the output log file. 
20.  At this point the integration should be fully functional and can be verified by logging into OutlookWeb App with a Lync-enabled and mailbox-enabled user account.  The presence chiclets will be visible next to user’s names in the email header fields and are also drop-down menu activated to display the available communications modalities.