Sunday, February 5, 2017

Exchange 2016 and Skype for Business Integration-OWA

In Skype for Business IM integration with OWA enable the user to publish the presence and view the presence of the other without having a local Skype for the Business client running. By default, the integration between exchange 2016 and skype for a business server for this feature is not enabled.

In previous Exchange versions, we simply need to edit the web.config file with Exchange certificate thumbprint. Also if Microsoft Exchange Unified Messaging Call Router service and the Microsoft Exchange Unified Messaging service runs on the same box then there was no need to create an application pool for OWA integration. However, these two steps have been replaced with Exchange 2016 because of all roles in the same box. For deep dive Exchange 2016 click here

You can also check Integrating Lync 2013 with Exchange 2013 in my old post.


Exchange 2016 and Skype for Business Integration

Before starting the configuration part we have to make sure Server to Server authentication are working and Exchange Autodiscover services are configured correctly.

Self-signed SSL certificate (Microsoft Exchange Auth Certificate) is installed on the each Exchange servers, this will for the server to server authentication on Exchange side.

We can verify on Exchange Server with Power Shell

Get-ExchangeCertificate



In Skype for Business server, we have to request a certificate for SkypeFB web services which can also use for the OAuthTokenIssuer for the server to server communication as long as you use this SSL certificate on all your front end servers.

We can verify with Power Shell command

Get-CsCertificate –Type OAuthTokenIssuer


we can verify the IM presence to open the OWA.

as we can see there is no presence available now, we will verify once our configuration complete.


Configure Auto discover

We need to make sure that Autodiscover services configured/running correctly, if it is not configured correctly integration with Skype for Business will not work.
We can use Power Shell command to verify the configuration 

Get-ClientAccessService | Select-Object Name, AutoDiscoverServiceInternalUri | Format-List


Get-ClientAccessServer -Identity MX1 | Select-Object AutoD*

you can get for other exchange servers also.


Create the DNS Records

We have to create two DNS record before modifying the Exchange configuration, which is mostly autodiscover aware clients will query when attempting to locate an Exchange Server.

Create a new Alias (CNAME) record in the under forward lookup zone, pointing to the Exchange Server FQDN



Second, create the new Service Location (SRV) record using the following parameters pointing this record to the CNAME record.


We can verify DNS records with help of nslookup command



Update the Autodiscover URL

If the AutodiscoverServiceInternalUri has not correct then we must have configured with the following command:

Set-ClientAccessService –Identity MX1 –AutoDiscoverServiceInternalUri https://autodiscover.tech.com/autodiscover/autodiscover.xml



Configure OAuth

OAuth is the server to server authentication mechanism used between the Skype for business and Exchange servers to establish secure communications. During the skype for business server deployment SSL certificate specified the OAuth. We need to make sure that OAuth is configured to the Skype for Business FE servers, we can user Power Shell command to verify the OAuth

Get-CsOAuthConfiguration



Before the integration with Skype for Business partner application we need to know about the Exchange Autodiscover configuration with following Power Shell command:

Get-ClientAccessServer -Identity MX1 | Select-Object AutoDiscoverServiceI*

AutoDiscoverServiceInternalUri 
—————————— 
https://autodiscover.tech.com/autodiscover/autodiscover.xml



Now we have to configure the OAuth from SfB front end server

Set-CsOAuthConfiguration -Identity global -ExchangeAutodiscoverUrl https://autodiscover.tech.com/autodiscover/autodiscover.svc


Here is the point we are using .svc not .xml in autodiscover URL.

Now run again Get-CsOAuthConfiguration command for complete details


We are now ready for integration and everything we already configured on both sides.


Configure Exchange 2016 server 

Now in Exchange server side, we need to configure the metadata authentication URL, we can complete the pairing a new partner application will also need to be defined on the Skype for Business side. We need the metadata URL for SfB authentication.

This URL should be identical to the following format, utilizing the SfB Front End server FQDN.

https://autodiscover.tech.com/autodiscover/metadata/json/1

Connect to this URL in a web browser from the Skype for Business Server to validate connectivity, which will give you more details.

Now configure the Configure-EnterprisePartnerAppliation with the following command

.\Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl “https://autodiscover.tech.com/autodiscover/metadata/json/1″ -ApplicationType Lync

Once command executes successfully restart the IIS.



Configure Skype for Business 

For complete the pairing we need to configure Skype for Business side also, we need to configure metadata authentication URL of the Exchange server which will be the following format:

https://autodiscover.tech.com/autodiscover/metadata/json/1

We can test this URL on Skype for Business server will give you the more details.
Once you get the all details now time to add the partner application with help of Skype for Business management Shell


New-CsPartnerApplication –Identity Exchange –ApplicationTrustLevel Full –MetadataUrl hrrps://autodiscover.tech.com/autodiscover/metadata/json/1

Test the Connectivity

Now time to validate the configuration partner application relationship has been successfully established with help of the following command:

Test-CsExStorageConnectivity –SipUri sip:dinesh.singh@tech.com –verbose

The test cmdlet returns a successful result of “Test Passed”.


Enabling Skype for Business for OWA


On Exchange Server 2016

First, run the command on Exchange Management Shell

Get-ExchangeCertificate

Copy the thumbprint on the notepad which we require in next steps.
From Exchange Management Shell specify the IM server and certificate thumbprint with help of the following command:

New-SettingOverride –Name “OwaOverride” –Component OwaServer –Section IMSettings –Parameters @(“IMServerName=” –Reason “Configure IM” –Server MX1

If you want to make change all Exchange servers, you can remove the MX1 from above cmd.

Now refresh the IM settings on the Exchange servers, you have to do on every Exchange 2016 server which used for Outlook Web App, run following command on Exchange management Shell

Get-ExchangeDiagnosticInfo –Server MBX1 Process Microsoft.Exchange.Directory.TopologyService –ComponentVariantConfiguation –Argument Refresh

Next, we have to Restart outlook web app application pool with help of the following command 

Restart-WebAppPoolMSExchnageOWAAppPool

Once complete verify the OWA virtual directory with help of below cmdlet

Get-Owavirtualdirectory

Now enable IM on Owa with help of the following command:

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –InstantmessagingEnabled $true –InstantMessagingType OCS

Now you can run the  cmdlet

Get-OwaVirtualDirectory | fl command for checking the two properties “InstantMessagingEnabled-true & InstantMessagingType-ocs”

Now it's time to allow IM on the OWA web policy with using Power Shell command line

Set-OwaMailboxPolicy –identity “default” –InstantMessagingEnabled $True –InstantMessagingType “OCS”

From Skype for business Server

We completed configuration from Exchange side now it’s time to configure on Skype for business server 

First get the site id with help of following command
Get-CsSite | Select-object DisplayName, SiteID

Note down the result 

Now time to configure trusted application pool with help of cmdlet

New-CsTrustedApplicationPool –Identity “mx1.tech.com” –Registrar “fe1.tech.com” –Site “techUSA” –RequiresReplication $False


Once you hit the command and it will ask to confirm then type A and hit enter

Now time to create a trusted application and map it to the pool which we created with help of following cmd

New-CsTrustedApplication –Application OutlookWebApp –trustedApplicationPoolFqdn mx1.tech.com –Port 5199

Finally, we have to need the publish the topology

Enable-CsTopology


Now, time to check the IM presence is in OWA is available.



Thank you!

Happy Learning!




No comments:

Post a Comment