As you know Exchange 2013 has two roles. The Front End proxy, and the Back End. The Back End co-locates all roles which are: Mailbox, Client Access, Hub Transport and Unified Messaging.
In Exchange 2010 we configured the IM integration entirely on the server that had the Client Access role. This could be a standalone server all co-located role server depending on the infrastructure needed. This was a config file at Exchange 2010 RTM and later moved to PowerShell and settings on OWA virtual directories with SP1+.
In Exchange 2013 configuration is necessary on both the Front End and Back End roles. In my case both roles installed on single server.
Exchange 2013 Server
- First of all install is the Microsoft Office Communications Server 2007 R2 Web Service Provider which contains the necessary components to add basic IM and presence features into Outlook Web App.
- Perform in Powershell use “Get-OWAVirtualDirectory –identity “Exchange2013FrontEnd\owa (default web site)” |select inst*” to immediately get the necessary information.
- Use PowerShell command to set the OWA Virtual directory
“Set-OwaVirtualDirectory –identity “Ex.tech.com\owa (default web site)” –InstantMessagingEnabled $true –InstantMessagingType OCS”
- If you have more Exchange servers on in your environment, perform the above command against ALL your Exchange 2013 Front End servers.
- Once this has been set we need to configure certificates. Generate a new Certificate using New-ExchangeCertificate against the internal CA that Lync uses.
Use the following two commands:
$Data = New-ExchangeCertificate –GenerateRequest –SubjectName “CN = Tech-DC-CA, DC = Tech, DC = Com” –DomainName “DC.Tech.com” –PrivateKeyExportable $true –FriendlyName “Desired Cert Name”
Set-Content –Path “c:\your desired location” –Value $Data
- Once this is done we need to complete the signing request against your internal certificate authority. Use the same internal CA as what you used for SSL procurement for your Lync platform.
- We now need to complete the signing request using Import-ExchangeCertificate
“Import-ExchangeCertificate -FileData ([Byte]$(Get-Content -Path ‘c:\cert location’ -Encoding byte -ReadCount 0))
We need to ensure we have done for all Exchanges servers.
- We are now in a place where all our Exchange 2013 have had the necessary configuration via Powershell and ‘Set-OWAVirtualDirectory’, and we have installed Certificates on all our Exchange 2013. We now need to edit a web config file on each Exchange 2013.
The file we want to modify is the web.config file in the following location “C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa”.
- Open the Web Config file and perform a search for “
It is important to note that the thumbprint you enter in each web.config file is the thumbprint of the Certificate you have created on each Exchange Servers.
- Once you have performed this on all Exchange Servers we need to open the Lync Topology Builder and enter each Exchange Servers as a Trusted Application
Add each Exchange 2013 server separately, matching the FQDN of the server and the certificate published for the Exchange as the Trusted Application. Add all required Exchange 2013 Servers.
- Once created you can edit them and remove ‘Enable replication of configuration data to this pool’ as this is not needed for Lync IM integration.
- Once done, publish the Lync topology.
- We now need to open a Lync Powershell session and perform the following:
New-CsTrustedApplication –ApplicationID “Ex.tech.com” – TrustedApplicationPoolFqdn “Ex.tech.com” –Port 5070
- Perform an iisreset on the Exchange Server where the changes where applied to force and update of the IIS metbase and service. If this is a live environment then the /noforce option should be added to prevent dropping any active client connections.
Hope this will help, glad to have feedback.