One of the new features of Outlook Web App (OWA) in Exchange 2010 is the ability for OWA to act as an IM client if you have Office Communications Server (OCS) in your environment. Once configured, you’ll be able to see and manage your buddy list, manage presence, as well as participate in IM conversations while logged in to OWA. Configuring this integration requires a number of steps on each of your Exchange 2010 Client Access Servers (CAS’). Many of the changes discussed in this blog post will cause brief service interruptions so it is highly recommended that you perform this work during a maintenance window where these interruptions are tolerable.
You’ll need to download two packages in order to proceed:
- The web service provider
- The latest ucmaredist.msp rollup package (currently January 2010)
You can simply run the first download on one machine as it will extract the contents to C:\WebService Provider Installer Package (by default). Inside of this folder will be a number of installers which you’ll need to execute (in order) on each of your CAS servers:
- Visual C++ Redistributable (vcredist_x64.exe)
- Unified Communications Managed API (ucmaredist.msi)
- OCS Service Provider (cwaowassp.msi)
Finally, you’ll need to patch the UC Managed API by installing ucmaredist.msp.
Once these packages are installed, you’re ready to configure OWA for integration with OCS. You’ll need to have the name of the OCS Pool which you plan to have your CAS servers connect to on hand as well as some information about the certificate on each CAS server which will be used to secure communications between the CAS server and OCS. Specifically, you’ll need to collect the certificate issuer string as well as the certificate’s serial number. You can do this using the following PowerShell command:
Get-ExchangeCertificate | fl Subject,Issuer,SerialNumber
You should get text returned back similar to the following:
Subject : CN=mail14.briandesmond.net, OU=IT, O=“Brian Desmond Consulting, LLC”, L=Chicago, S=Illinois, C=US
Issuer : CN="DigiCert Global CA", OU=www.digicert.com, O=DigiCert Inc, C=US
SerialNumber : 478C52B6B53E467F9331BB8CB4B2BDB8
Make note of the issuer and serial number values for the certificate. You’ll need to tell OWA to use this certificate for communications with OCS. To do this, browse to C:\Program Files\Microsoft\Exchange\V14\ClientAccess\Owa and open the web.config file with notepad. Scroll down and find the following section:
<add key="IMPoolName" value="" />
<add key="IMCertificateIssuer" value="" />
<add key="IMCertificateSerialNumber" value="" />
These are the three values you’ll need to populate for OWA to make the connection to OCS. The first value should be the FQDN of the OCS pool you want to connect to, and the following two values should be copied out of the Get-ExchangeCertificate spew collected earlier as shown below:
<add key="IMPoolName" value="ocspool01.briandesmond.net" />
<add key="IMCertificateIssuer" value='CN="DigiCert Global CA", OU=www.digicert.com, O=DigiCert Inc, C=US ' />
<add key="IMCertificateSerialNumber" value="47 8C 52 B6 B5 3E 46 7F 93 31 BB 8C B4 B2 BD B8" />
- If your certificate’s issuer includes any double quotes (as mine does), you must enclose the data in single quotes instead of the default double quotes as shown above.
- You must insert the spaces in between each octet in the serial number as shown above.
- You must remember to update these values when you renew or replace the certificate on a CAS server.
Once OWA is configured, you’ll need to configure your OCS pool to trust the CAS servers. To do this, access the OCS Administration Pool, and open the Front End Properties of the pool (right click the pool, Properties>Front End Properties). On the Host Authorization tab, add an entry reflecting the certificate you configured in the web.config file in the previous step. You’ll also want to check the “Treat As Authenticated” and “Throttle As Server” checkboxes as shown below:
In order for this change to take effect immediately, you may need to restart the services on your OCS Front Ends. Doing this will disconnect any currently connected clients so it may instead be advantageous to wait for caches to refresh. The final step is to enable OCS IM integration for the OWA virtual directory. To do this, run the following PowerShell command:
Get-OwaVirtualDirectory -Server YourCasServer | Set-OwaVirtualDirectory -InstantMessagingType OCS
Users who are enabled for OCS should see their buddy list as well as a jelly bean to manage presence next time they login:
 |
 |
In summary, there are four key steps you’ll need to take in order to enable OCS integration with Outlook Web App in Exchange 2010. First, you’ll need to download the service provider and latest rollup for the components in the service provider download. Next, you’ll need to install the components downloaded on each Client Access Server. You’ll then collect certificate information from each CAS server and configure that information along with your OCS pool information in the OWA web.config file. Finally, you’ll add the CAS certificate to the list of trusted hosts in OCS and enable OCS integration on the OWA virtual directory.
Since writing this post, I’ve added a couple additional posts which may be worth reviewing: Firewall Requirements for Integrating OCS and OWA.
Comments, Trackbacks, & Pingbacks
#1 re: How to Integrate Office Communications Server 2007 R2 with Exchange 2010
Friday, April 16 2010 8:46 AM by Hunter Coleman#3 re: How to Integrate Office Communications Server 2007 R2 with Exchange 2010
Tuesday, June 15 2010 9:36 AM by Italian translationExcellent instructions and very easy to follow.
#4 re: How to Integrate Office Communications Server 2007 R2 with Exchange 2010
Monday, June 21 2010 10:22 AM by SteveNice write up.
I am having few problems getting this to work. Let me explain my set up.
I have two cas servers 01 and 02 in a NLB and resolve to CAS and Webmail alias
I have done host authentication for all address Cas01,cas02,cas and webmail
Made the change owa-VirtualDirectory change and checked the setting to make sure they have applied.
But I am still unable to see the IM settings in OWA
Any ideas where I might gone wrong?
Thanks
Steve
#5 re: How to Integrate Office Communications Server 2007 R2 with Exchange 2010
Wednesday, July 07 2010 2:30 PM by business intelligenceThis is some helpful tutorial,nice
#6 re: How to Integrate Office Communications Server 2007 R2 with Exchange 2010
Thursday, July 22 2010 5:35 AM by MaziarHi,
I followed your instructions exactly... But I get the "Instant Messaging isn't available..." in OWA... I checked, I rechecked, and I checked again, everything done exactly as you mentioned, where do you think I should check?
I don't have any firewalls protecting my servers from each other and my certificate authority is self signed, meaning I'm not using commercial certs.
Thanx in advance.
#7 re: How to Integrate Office Communications Server 2007 R2 with Exchange 2010
July 4, 2010 7:17 PM by Firewall Requirements for Integrating OCS and OWAIf you follow my directions for integrating Office Communications Server 2007 R2 with Exchange Server
#8 re: How to Integrate Office Communications Server 2007 R2 with Exchange 2010
July 6, 2010 4:16 PM by Firewall Requirements for Integrating OCS and OWA : Brian Desmond's BlogPingback from Firewall Requirements for Integrating OCS and OWA : Brian Desmond's Blog
Brian-
Thanks for the post...very helpful in getting it going for our environment. I'm unclear on one part: for the IMCertificateIssuer section of the web.config file, for your example should that be "CN=DigiCert Global CA, OU=www.digicert.com, O=DigiCert Inc, C=US "?