[tweetmeme source=”stalehansen” only_single=false]I recently integrated Exchange 2010 RTM OWA with OCS 2007 R2 for chat and presence. Having read some blog posts about how to implement the feature I decided to blog how I got this feature working based on these blogs and my own findings. I will cover the steps for both the Exchange 2010 RTM and SP1 versions since the steps are different.

Prerequisites

1. Download and install OCS 2007 R2 Web Trust Tool on the Exchange 2010 server
   1. http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ca107ab1-63c8-4c6a-816d-17961393d2b8 
   2. Locate and install the following files in elevated mode by running cmd.exe as administrator
      • vc_redistx64
      • UCMAredist.msi
      • CWAOWASSP.msi
2. If the Exchange 2010 server is running on Server 2008 R2 you also need to install the latest cumulative hotfix update for OCS 2007 R2 on the Exchange server
   1. http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b3b02475-150c-41fa-844a-c10a517040f4
   2. Download and run ServerUpdateInstaller.exe
   3. Also download the latest update for UCMAredist that is not included in CU5
      • http://support.microsoft.com/?kbid=982614
   4. Reboot the server

Configuring Exchange 2010 RTM

NOTE: The below steps need to be done on all Exchange 2010 CAS servers in you deployment

1. Download and run the PowerShell Script found in the below link
   1. https://msunified.net/exchange-downloads/script-imexintegration-ps1/
   2. The script will not configure anything
   3. It takes backup of web.conf and  generates the configuration you manually need to add the web.conf file
   4. The script makes it easy to generate the correct syntax for populating the below keys 
2. Navigate to the web.conf file
   1. C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\web.conf
   2. Edit the file and search for the string IMPoolName
   3. Replace the three “add key” strings with the ones provided with the script
3. In Exchange Management Shell run the following command to configure OWA Virtual Directory

   • Get-OwaVirtualDirectory -Server "CasServer" | Set-OwaVirtualDirectory -InstantMessagingType 1

     • NOTE: The RTM documentation states OCS, but that don’t work. Use 1 as InstantMessagingType
4. Run IISreset in PowerShell

Configuring Exchange 2010 SP1

The Exchange 2010 SP1 guide is based on this great post written by Martin Sundström: http://msundis.wordpress.com/2010/06/21/integrate-ocs-2007-r2-with-exchange-server-2010-sp1-owa/ The configuration on Exchange is now moved from web.conf to the per server OWA Virtual Directory. I will definitely create a script automating the below process when I get more hands on :)

NOTE: The below steps need to be done on all Exchange 2010 CAS servers in you deployment 

1. Get the active Exchange 2010 certificate using this command in Exchange Management Shell 

   • Get-ExchangeCertificate | Where-Object {$_.Services -match "IIS"} | Get-ExchangeCertificate | fl thumbprint,subject

     • This command gets the active certificate on the local server, because only one certificate can have IIS as service at a time
2. Use the thumbprint and OCS pool FQDN in the command below

   • Get-OwaVirtualDirectory -Server "CasServer" | Set-OwaVirtualDirectory -InstantMessagingCertificateThumbprint 4DC1EE3506E06E971FF82AC8DD60015EAC11B21E -InstantMessagingServerName ocspool01.domain.local -InstantMessagingType OCS -InstantMessagingEnabled $true

     • NOTE: This time we use OCS as InstantMessagingType
3. Run iisreset

Configuring OCS 2007 R2

In order to allow the Exchange 2010 server to communicate with OCS using SIP containing presence and chat you need to add every Exchange 2010 CAS servers as authorized hosts on OCS.

1. On your OCS R2 Pool server configure authorized host
   • NOTE: Your user needs to be member of the RTCUniversalServerAdmins group
2. Open Office Communications Server R2 under Administrative Tool
3. Expand forest and Enterprise pool or Standard Edition Servers depending on you deployment
4. Right click your pool and choose properties->Front End Properties
5. On the Hosts Authorization tab
6. You need to add the Client Access server FQDN and configure as the below image 
   • NOTE: This is the FQDN of your subject name (CN) on the certificate used on the CAS server

 

• On OCS Front End you need to install the same cumulative update as we installed on the Exchange server if you have not already done it
  1. http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b3b02475-150c-41fa-844a-c10a517040f4
  2. Download and run ServerUpdateInstaller.exe
  3. NOTE: It is good practice to have all OCS servers on the same hotfix level
  4. Reboot the server

Troubleshooting the Installation (RTM)

Next are a few troubleshooting steps that can assist with some of the more common problems encountered with Exchange/OCS integration. I found these valid troubleshooting steps on Rand Morimoto’s post: http://www.networkworld.com/community/node/47348

Configuring the Firewall on the CAS Server

If the Client Access Server has the Windows Firewall enabled, it might need an exception to enable OCS 2007 R2 to communicate with it. To create the exception, perform the following steps:

1. From the Control Panel, open Windows Firewall 
2. On the left side of the Windows Firewall window, click .“Allow a Program Through Windows Firewall.
3. Click Add Program; then click Browse.
4. Browse to C:\Windows\System32\inetsrv and select w3wp.exe.
5. Click Open and then click OK twice to apply changes and close the window. Be sure to perform this step on all CAS servers with IM integration enabled.

User Configuration

• Before the user community can utilize the IM features, they must be “provisioned” for Office Communications Server R2 and must be enabled for Enhance Presence. When the user is initially enabled on OCS 2007 R2, he will automatically be enabled for Enhanced Presence.
• Users must also have a valid SIP proxy address for the OWA IM integration component to enable the IM Integration UI.
• When attempting to view the Instant Messaging contact list, a user might receive a notification that states
  • Instant Messaging Isn’t Available Right Now. The Contact List Will Appear When the Service Becomes Available.
• If this occurs, perform the following steps:
  1. Using the same user account, confirm that you can access the IM services using the Office Communicator 2007 R2 client.
  2. If functional, confirm that the OCS Server name is properly entered in the Web.Config file of the CAS server.
  3. Also confirm the configuration of the Authorized Hosts option on the OCS pool contains all IM Integrated Client Access Servers.

OWA Certificate Error

If OWA cannot locate the certificate, an error stating The Local Certificate Specified Was Not Found in the Store for the Local Computer appears.

In this case, confirm that the value of the OCSCertificateIssuer and OCSCertificateSerialNumber fields in the Web.Config file are correct. Also ensure that there are blank spaces between every two characters in the serial number to separate octets in the string.

References

TechNet: http://technet.microsoft.com/en-us/library/ee633458%28EXCHG.140%29.aspx
Chris and Robin’s Technology blog: http://chrislehr.com/2009/11/implementing-integrated-ocs-in-owa-2010.htm
Martin Sundström: http://msundis.wordpress.com/2010/06/21/integrate-ocs-2007-r2-with-exchange-server-2010-sp1-owa/
Rand Morimoto: http://www.networkworld.com/community/node/47348