Exchange 2010

13 years of blogging and 2 000 000 views

Ståle Hansen Leave a comment

Today, January 26th 2023, I hit a huge milestone. 2 000 000 views since I started blogging in 2009. msunified.net has been the home for me to share technical nuggets about Exchange, OCS, Lync, Skype for Business, Teams and Microsoft 365 for over 13 years. I have even shared productivity tips which has culminated in to my Digital Wellbeing thinking. I want to reflect and share my 10 all time most visited blogposts, my 5 favorited blogposts, some external articles I have written and share what I am working on these days.

If you have found any of my articles useful at some point, give this article or the social media post you found this through a like 👍 :)

10 all time most viewed blogposts

My 5 favorite blogposts which I often use today

External articles I have written for other sites and Tech Community

Office 365 for IT Pros

For four years, between 2018 and 2022, I contributed to the calling and meetings chapter for Office 365 for IT Pros. I strongly believe in that format, because it gets updated monthly😱 Tony Redmond heads up that book and the author team does a fantastic job of keeping you up do date on best practices and technical facts in Office 365. Blogposts are seldom kept up to date and that is why you have seen less blogposts here these years, since they get outdated faster than you can type :) I recommend you go and buy a subscribtion to Office 365 for IT Pros right now👍

msunified.net moving forward and what I am currently working on

Do I think blogposts are still worth it today? yes and no. No for “how to” blogposts because learn.microsoft.com is so much better than Microsoft documentation has ever been. Maybe you would rather suggest a change to the learn article if you find information missing. Yes when you want to share a routine, script, your understanding and design principles. I would say no to opinion pieces on a personal blog, maybe you want to share those on LinkedIn or a third party blogsite

These days I work mainly in two areas

  • Digital Wellbeing and working smart with Microsoft 365 combined with Microsoft Viva
    • I published 8 hours of deep dive training for free on YouTube which are indexed here
    • I recently rebranded as a Digital Wellbeing coach delivering inspiration talks, keynotes, leadership training and organizational training based on my Digital Wellbeing thinking :)
    • I run workshops, proof of concepts and talk at conferences about Microsoft Viva
    • I am part of the #VivaExplorers an enthusiastic gang of over 60 MVPs who bring their own angle in to the broad world of Microsoft Viva thought leadership and understanding.
  • Complex hybrid deployment for Exchange/Skype for Business/Teams
    • I see larger more complex and risk averse companies stretching or migrating to Microsoft 365
    • In those more locked down environments we need to be more precise in knowing what works and how
    • These past years i have spent a lot of time as advisor and hands-on with hybrid Exchange solving problems like free/busy, Autodiscover, oauth, hybrid modern auth, Outlook Mobile and making sure nothing is more open than it should be, some of it resulted in this blogpost and I might blog more about troubleshooting these scenarios
    • Same for hybrid Skype for Business, but that is easier than hybrid Exchange, if you have gone down the route and set up a proper Edge server topology :)
  • Make sure you check out my YouTube channel to get my latest videos and talks I do that other channels shares

Thanks to everyone who visits my blog on a daily basis and I think I struck a nerve when blogging about Set the custom Focusing status in Microsoft Teams from PowerShell using Power Automate which is daily the most visited blogpost on my site :)

Want to work with Lync and Exchange and be a part of the best UC team in Norway?

Ståle Hansen Leave a comment

Microsoft Lync and Microsoft Exchange consultants from Atea are in big demand these days and we need to add more skillful hands. In Norway Atea seeks consultants, architects and advisors that want to work with Lync and Exchange in the Oslo area, Drammen area and Bodø area

Why work with Lync and Exchange in Atea?

  • Atea strive to always deliver best practice deployments
  • There are about thirty active consultants with Lync and Exchange as their primary focus placed all over the country
  • Some of the consultants have worked with Microsoft UC as their primary focus since Live Communications Server 2005
  • We have an active internal community that share knowledge internally using SharePoint 2010 and strive to help each other as best we can
  • Atea encourage consultants to be active within the global Microsoft community through forums, blogging, presenting and user groups

Who should apply?

  • You want to deep dive and focus on becoming a valuable resource within Lync and Exchange
  • You are always looking for new challenges and want to work with a variety of deployments from simple to complex
  • You want to learn from some of the best Lync consultants in Norway
  • You aim for Certified Master within Lync or Exchange
  • You are familiar with PowerShell scripting

Where to apply?

Why is Atea the best UC team in Norway?

Change the default Calendar AccessRight on all mailboxes to Reviewer

Ståle Hansen 2 Comments

Back in july 2010 I created a script to set the default AccessRight to Reviewer for Exchange 2010. This was a new feature for Exchange 2010 that we could use the command Set-MailboxFoldersPermission to change AccessRights on specific folders on the server level. As the calendar is a folder we now could do this organization wide using PowerShell.

The reason for creating this script is when migrating customers in Norway most of them want to allow everyone to use side by side calendaring in Outlook and Oulook Web App. In Exchange 2003/2007 we needed to instruct users how to set Default to Reviewer. This script sets it for all users. The script works for both Exchange Online and Exchange Server 2010. For Exchange 2007 check out this post on how to do it: http://exchangeshare.wordpress.com/2008/05/27/faq-give-calendar-read-permission-on-all-mailboxes-pfdavadmin/

Get the script here: https://msunified.net/exchange-downloads/script-set-calendarpermissions-ps1/

What the script does

As the picture shows you get three menu items.

  1. Will set the permission on all users and resources
  2. Will set the permission on all users and reources created the last 30 days
  3. Will give a user you specify Editor access to a mailbox you specify
    • This is good for switchboard or secretary functions

How to run the script against an Exchange Online environment

  • Connect to Exchange Online through PowerShell Remoting
$cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $Session
  • Set Execution Policy to unrestricted
Set-ExecutionPolicy Unrestricted
  • Run the script by copying the script, saving it as a ps1 file, navigate to it in PowerShell and start typing set-Cal and hit TAB to use TAB completion
.\Set-CalendarPremissions.ps1

Resources

Administering Microsoft Office 365 using Windows PowerShell: http://blog.powershell.no/2011/05/09/administering-microsoft-office-365-using-windows-powershell/

Lync Server 2010 features and how to configure them

Ståle Hansen 6 Comments

UPDATE: This blog post has moved to the TechNet Wiki for open editing: http://social.technet.microsoft.com/wiki/contents/articles/10119.wiki-lync-server-2010-features-and-how-to-configure-them.aspx

Now that Lync has gone RTM and Virtual Launch is done we need to get down to business and deploy Lync to the general masses. During the time of Beta, RC and early RTM a lot of great blog articles were published about features and how to configure them. I wanted to collect the posts I find interesting here so I have them all in one place when I deploy Lync Server to my customers. I will update this article with new posts as I find them or when they get published.

Last updated: 16.10.2011

Archiving in Exchange Server 2010 vs Symantec Enterprise Vault

Ståle Hansen 7 Comments

When Exchange 2010 was released in RTM it introduced a new feature called Archive Mailbox. In RTM this Archive Mailbox had to be collocated in the same database as the main mailbox of the users. In Exchange Server 2010 SP1 the Archiving Mailbox feature was updated with the ability to have the Archive Mailbox located in a different database than the main mailbox.

When designing solutions for customers on Exchange Server 2010 I often get asked why they need archiving in the first place and is Exchange 2010 archiving good enough compared to Enterprise Information Archiving solutions such as Symantec Enterprise Vault. The answer is complicated, and it depends greatly on the customer needs and their users. To answer this you need to understand what Exchange archiving really is and how it differs from Enterprise Information Archiving. to answer this we look to Gartner.

Gartner has been publishing a Magic Quadrant for E-Mail Active Archiving since 2002 featuring products that does Enterprise level archiving of emails. They now see an increase in end-user demand of same type of archiving for additional content types such as files shares, Sharepoint and IM. That is the reason for Gartner in 2010 to release a new Magic Quadrant replacing the old. They now call it Enterprise Information Archiving. Vendors featured in this version need to be able to archive e-mail, file, Sharepoint and IM. Below is the latest Magic Quadrant for Enterprise Information Archiving (EIA):

We see in this quadrant that Symantec is a leader with its Enterprise Vault product. These are the key points for the reason of why EV is in the leader quadrant

  • It’s a mature product with the largest worldwide base of enterprise customers
  • It archives mail, Windows file systems, Sharepoint and IM
  • Virtual Vault enables users to manage and view their archive data using a familiar GUI experience
  • Tight integration with is backup products
  • Enterprise level E-Discovery
  • Support for Exchange 2010 SP1 and Microsoft BPOS

Microsoft Exchange Server 2010 is not part of the EIA Magic Quadrant. Gartner gives the following statement about why:

“Exchange 2010 archiving is a good choice for organizations that have never implemented archiving and are struggling with rapid, unmanageable growth of historical e-mail, or are looking for organizations that are looking to replace PST files with a more efficient and secure archiving capability. Because there is no support for files or other content types beyond e-mail, Microsoft’s archiving capabilities are not rated in this Magic Quadrant for EIA”

This is the essence of the Exchange Server 2010 archiving feature, it is an online PST archive with entry level archiving features. Knowing this, it boils down to the following questions:

  1. When is Exchange 2010 archiving good enough?
  2. When does the need for Enterprise Information Archiving like Symantec Enterprise Vault arise?

Koen Vermoesen has created a feature comparison between Exchange 2010 and Enterprise Vault in this article: http://blog.koenvermoesen.be/2010/06/03/symantec-enterprise-vault-vs-microsoft-exchange-server-archiving/

The feature Comparison between Exchange 2010 SP1 and Enterprise Vault 9.0 should be a good starting point to decide what solution to choose. I have updated it with some additional information. The conclusion in the feature comparison is noteworthy.

 

Microsoft Exchange
Server 2010

Symantec Enterprise
Vault 9.0

Archiving Targets

Exchange Server

Exchange Server

Lotus Domino

Sharepoint Server

File Servers

Prerequisites

SP1 to store primary and secondary mailboxes in separate databases

Support for E2K10 from SP1 onwards

OWA or Outlook 2010/2007 to access the archives

Outlook 2003/2007/2010

 

Additional client software required

Integration

Seamless integration, both client and server-side; pst-like

Training required for both the Administrator and the end-user

Mailbox search and conversation view work across both mailboxes

Additional technology

 

“Stubs”, Archive Explorer look “different” to the end-user

Virtual Vault looks just like a pst and mailbox search work across mailbox and Virtual Vault

 

Offline Archive Support

None

Offline Vault

Storage

Exchange databases

SIS

No SIS

Special options like WORM, lots of choice

PST Migration

Gathering of PST is manual. Need to be imported using Outlook or Powershell

PST files can be added both from local computers and NFS with limited user interaction using collector tools

Legal Position

Weak

Strong

Migration

Easy (?)

Hard (?)

 

 

In place upgrades not supported, need to do swing migrations

Cannot skip major versions. Full reinstall even for SP’s

 

Need to pay attention to compatibility both for client and server-side software

Cost

Enterprise CAL’s (Client Access Licenses) required

Additional software to license

Possibly additional server licenses

Additional hardware, can be virtualized with less than 1000 users, or low mailflow.

 

 

Separate SQL server in large deployments

Training

 

Conclusion

Low end alternative for pst-files for the first time ever

If you want to archive…

… for seamless PST import

… for legal reasons

… multiple targets

… to specific storage solutions

 

 

 

References:
Gartner Magic Quadrant EIA october 2010: http://www.symantec.com/content/en/us/about/media/industryanalysts/Gartner_MQ_EIA_03Nov10.pdf 

Solved: OCS 2007 R2 integration with Exchange UM when mobile phone is primary number

Ståle Hansen Leave a comment

I am proud to announce that we have solved a problem we had with Exchange UM integration with OCS 2007 R2 when the users mobile phone is the primary number.

Background information

In Norway and Scandinavia it is normal for end users to have a mobile phone as work and private phone. A lot of companies in Norway have adopted mobile phone number as their primary phone numbers and can only be reached using this types of numbers. Traditionally the operators have offered their customers net centric logic for their call handling and switchboards and using only mobile phones as terminals. Since the users use the same phone at work and privately they only have their mobile number and the numbers follow the users and not the company. When we started deploying OCS 2007 R2 for these companies they wanted the solution to be built with using mobile phone numbers as primary number when calling from Communicator. Operators in Norway such as Telenor and Netcom are therefore offering IP Trunks that can integrate with OCS 2007 R2. With these IP Trunks they can rewrite the callers number from a PSTN number to mobile phone number before the call reaches the PSTN network and by that realizing single number reach. And when the called party calls back to the mobile phone number the OCS PSTN number is called at the same time using Dual Forking provided by the operator. This is how single number reach is realized when mobile phone is the main number and it works great. The end user do not have a clue what their real number in OCS is.

The Problem

If you throw Exchange UM into this mix with single number reach and mobile phone as primary number you get an issue. The integration itself works fine and as expected. The problem occurs when the users log off their computers and go to meetings, drive home or are generally not logged in. What happens is that when you are not logged in to Communicator and someone calls you. OCS will answer the call after under a second, ignoring the users call forwarding settings in Communicator,  and forward it to Exchange UM resulting in users loosing the call on the mobile phone. Exchange UM therefore breaks the solution. This is by design and we have not been able to implement Exchange UM in the UC mix in these scenarios until now.

Why Exchange Unified Messaging in conjunction with OCS

So why are we so eager to implement Exchange UM in these scenarios? When using the operators own net centric voice mail features we loose some technology and integration. By default the users get an SMS telling them they have a new message, and they can call in and hear the message. A lot of users set up their voice mail settings so that it sends an email with a wav file of the message to their inbox. After listening to the wav file and archive it or delete it, they still get the sms with the unheard message and there is no integration with their inbox and that they have already possessed it. Resulting that the SMS can tell them they have several unheard messages and that not being true. That is why we want to have Exchange UM deployed to have a complete UC solution.

Exchange UM has a couple of advantages to name a few:

  • Integration with Exchange inbox, messages that are heard/read from Outlook, Outlook Web App or mobile phone through ActiveSync, are also read when calling the Exchange UM service
  • Call back functionality directly for outlook Web App, you can have Exchange UM call you and play the message on the phone of your choosing
  • Note field integrated in Outlook and Outlook Web App, gives you the ability take notes in outlook while listening to the message, save them and have them indexed
  • You can call Exchange UM and rearrange you calendar, a good thing when you are late for a meeting and in a car travelling
  • Read more about the Exchange UM server role here: http://technet.microsoft.com/en-us/library/bb125141.aspx

The solution

I have spent the most part of a year to find someone to help med with this. After some research I found out that it was possible to work around this using Front End Scripts and a program to put the call on hold for a given period of time. This summer I came in touch with a Scandinavian developer company called Competella. They develop application based on the UCMA (Unified Communications Managed API) and are currently developing an switchboard attendants that integrate call control with an advanced directory search tool, access to presence, calendar, e-mail and IM. The system adds attendant call control functionality to the Microsoft OCS beyond the level found in legacy PBXs. They developed a script and a program that checks the status of the user. If the user is offline it will put the call on hold for 20 seconds before forwarding it to the Exchange UM and by that solving the problem we have with single number reach using mobile phones and Exchange UM. This also works if the user has the status “in a mobile call” set by third party programs that get free/busy status from the operators on the users mobile phones.

Conclusion

By using the script and program from Competella we are now able to complete our UC deployments with Exchange UM when mobile phone is the primary number in a single number reach scenario. With this we can realise enterprise voice mail for mobile phones as well as OCS/Lync.

How to check SRV records for OCS and Exchange

Ståle Hansen 2 Comments

A critical part of an OCS deployment is SRV records for automatic sign in. It is critical that these are present and configured correct. An easy way to check them is using nslookup. Below are how to check SRV records and what SRV records need to be present.

  1. Open cmd
  2. Type: nslookup
  3. Type: set type=all
  4. Type the SRV record to list its content

For OCS 2007 R2

  • External
    • _sip._tls.domain.com
      • Usually points to Access EDGE FQDN on port 443
    • _sipfederationtls._tcp.domain.com
      • Usually points to Access EDGE FQDN on port 5061
  • Internal
    • _sipinternaltls._tcp.domain.com
      • Usually points to Pool name with correct sip domain on port 5061

For Exchange 2007/2010

  • External autodiscover
    • _autodiscover._tcp.domain.com
      • Usually points to owa FQDN listener with NTLM negotiate on port 443

Error Opening EMC in Exchange 2010

Ståle Hansen Leave a comment

[tweetmeme source=”stalehansen” only_single=false]This post is a note to self to remember this the next time I encounter a similar problem. Article first published: http://telnet25.wordpress.com/2010/02/22/an-error-caused-a-change-in-the-current-set-of-domain-controllers-it-was-running-command-get-federationtrust/

Problem: Receiving following error on Exchange 2010 server after opening EMC and expending Mailbox tab under organization configuration. An error caused a change in the current set of domain controllers. It was running command ‘Get-FederationTrust”

image

Possible causes:

To be honest first thing I checked was to make sure Exchange server is able to talk to all domain controllers as its configured on its TCP/IP properties.Also as always check to see anything catches your attention under application logs. Fair enough I was able to locate the event log “2080” MsExchangeADAccess” was showing me one DC only, however the TCP/IP stack was configured to talk to secondary DC.

image

Make sure Exchange is able to talk to all DC’s within its “Site”. Above example the second DC was not even discovered by MSExchange AD access, due to replication problems existed among the DC’s in the  site where exchange is residing. After fixing the relocation issues and restarting MSExchangeADTopology service took care of the error.

Note:

Some other people who had same error assumed to fix this issue by deleting the local profile ( corrupted profile) for the user account they logged into Exchange server. So if the above solution does not work, try this:

This error is actually a false error, and is caused by GUI caching, more specifically MMC caching. This occurs when a DC (domain controller) that is either unreachable or has changed in some way is still cached by the MMC applet. To fix this issue by removing the cache and basically resetting the MMC applet do this:

 Delete this file: “c:\users\<specific user>\appdata\roaming\microsoft\mmc\Exchange Management Console

Source: http://trycatch.be/blogs/pdtit/archive/2010/02/04/an-error-caused-a-change-in-the-current-set-of-domain-controllers-exchange-2010.aspx

New Features in Exchange 2010 SP1 and How to Configure Them

Ståle Hansen 2 Comments

[tweetmeme source=”stalehansen” only_single=false]Lately I have seen a lot of good articles about what the new and improved features of Exchange 2010 SP1 are and also a lot about how to configure these features. This post is written while Exchange 2010 SP1 is still in Beta so the information provided may be a little off from the released version later this year. I wanted to collect the posts I find interesting here so I have them all in one place when I will deploy SP1 to my customers.

Here is the main new features in Exchange 2010 SP1 and how to configure them

 Some minor changes in how to configure some features

You can find a longer list of new features here: http://exchangepedia.com/2010/06/released-exchange-sever-2010-sp1-beta.html
TechEd 2010 Interviews with folks from the Exchange Product group about SP1: http://blogs.msexchange.org/walther/2010/06/16/teched-2010-interviews-with-folks-from-the-exchange-product-group/

Exchange 2010 RTM and SP1 OWA Integration With OCS 2007 R2

Ståle Hansen 18 Comments

[tweetmeme source=”stalehansen” only_single=false]I recently integrated Exchange 2010 RTM OWA with OCS 2007 R2 for chat and presence. Having read some blog posts about how to implement the feature I decided to blog how I got this feature working based on these blogs and my own findings. I will cover the steps for both the Exchange 2010 RTM and SP1 versions since the steps are different.

Prerequisites

  1. Download and install OCS 2007 R2 Web Trust Tool on the Exchange 2010 server
    1. http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ca107ab1-63c8-4c6a-816d-17961393d2b8 
    2. Locate and install the following files in elevated mode by running cmd.exe as administrator
      • vc_redistx64
      • UCMAredist.msi
      • CWAOWASSP.msi
  2. If the Exchange 2010 server is running on Server 2008 R2 you also need to install the latest cumulative hotfix update for OCS 2007 R2 on the Exchange server
    1. http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b3b02475-150c-41fa-844a-c10a517040f4
    2. Download and run ServerUpdateInstaller.exe
    3. Also download the latest update for UCMAredist that is not included in CU5
    4. Reboot the server

Configuring Exchange 2010 RTM

NOTE: The below steps need to be done on all Exchange 2010 CAS servers in you deployment

  1. Download and run the PowerShell Script found in the below link
    1. https://msunified.net/exchange-downloads/script-imexintegration-ps1/
    2. The script will not configure anything
    3. It takes backup of web.conf and  generates the configuration you manually need to add the web.conf file
    4. The script makes it easy to generate the correct syntax for populating the below keys 
  2. Navigate to the web.conf file
    1. C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\web.conf
    2. Edit the file and search for the string IMPoolName
    3. Replace the three “add key” strings with the ones provided with the script
  3. In Exchange Management Shell run the following command to configure OWA Virtual Directory 
    • Get-OwaVirtualDirectory -Server "CasServer" | Set-OwaVirtualDirectory -InstantMessagingType 1
      • NOTE: The RTM documentation states OCS, but that don’t work. Use 1 as InstantMessagingType
  4. Run IISreset in PowerShell

Configuring Exchange 2010 SP1

The Exchange 2010 SP1 guide is based on this great post written by Martin Sundström: http://msundis.wordpress.com/2010/06/21/integrate-ocs-2007-r2-with-exchange-server-2010-sp1-owa/ The configuration on Exchange is now moved from web.conf to the per server OWA Virtual Directory. I will definitely create a script automating the below process when I get more hands on :)

NOTE: The below steps need to be done on all Exchange 2010 CAS servers in you deployment 

  1. Get the active Exchange 2010 certificate using this command in Exchange Management Shell  
    • Get-ExchangeCertificate | Where-Object {$_.Services -match "IIS"} | Get-ExchangeCertificate | fl thumbprint,subject
      • This command gets the active certificate on the local server, because only one certificate can have IIS as service at a time
  2. Use the thumbprint and OCS pool FQDN in the command below 
    • Get-OwaVirtualDirectory -Server "CasServer" | Set-OwaVirtualDirectory -InstantMessagingCertificateThumbprint 4DC1EE3506E06E971FF82AC8DD60015EAC11B21E -InstantMessagingServerName ocspool01.domain.local -InstantMessagingType OCS -InstantMessagingEnabled $true
      • NOTE: This time we use OCS as InstantMessagingType
  3. Run iisreset

Configuring OCS 2007 R2

In order to allow the Exchange 2010 server to communicate with OCS using SIP containing presence and chat you need to add every Exchange 2010 CAS servers as authorized hosts on OCS.

  1. On your OCS R2 Pool server configure authorized host
    • NOTE: Your user needs to be member of the RTCUniversalServerAdmins group
  2. Open Office Communications Server R2 under Administrative Tool
  3. Expand forest and Enterprise pool or Standard Edition Servers depending on you deployment
  4. Right click your pool and choose properties->Front End Properties
  5. On the Hosts Authorization tab
  6. You need to add the Client Access server FQDN and configure as the below image 
    • NOTE: This is the FQDN of your subject name (CN) on the certificate used on the CAS server

 

Troubleshooting the Installation (RTM)

Next are a few troubleshooting steps that can assist with some of the more common problems encountered with Exchange/OCS integration. I found these valid troubleshooting steps on Rand Morimoto’s post: http://www.networkworld.com/community/node/47348

Configuring the Firewall on the CAS Server

If the Client Access Server has the Windows Firewall enabled, it might need an exception to enable OCS 2007 R2 to communicate with it. To create the exception, perform the following steps:

  1. From the Control Panel, open Windows Firewall 
  2. On the left side of the Windows Firewall window, click .“Allow a Program Through Windows Firewall.
  3. Click Add Program; then click Browse.
  4. Browse to C:\Windows\System32\inetsrv and select w3wp.exe.
  5. Click Open and then click OK twice to apply changes and close the window. Be sure to perform this step on all CAS servers with IM integration enabled.

User Configuration

  • Before the user community can utilize the IM features, they must be “provisioned” for Office Communications Server R2 and must be enabled for Enhance Presence. When the user is initially enabled on OCS 2007 R2, he will automatically be enabled for Enhanced Presence.
  • Users must also have a valid SIP proxy address for the OWA IM integration component to enable the IM Integration UI.
  • When attempting to view the Instant Messaging contact list, a user might receive a notification that states
    • Instant Messaging Isn’t Available Right Now. The Contact List Will Appear When the Service Becomes Available.
  • If this occurs, perform the following steps:
    1. Using the same user account, confirm that you can access the IM services using the Office Communicator 2007 R2 client.
    2. If functional, confirm that the OCS Server name is properly entered in the Web.Config file of the CAS server.
    3. Also confirm the configuration of the Authorized Hosts option on the OCS pool contains all IM Integrated Client Access Servers.

OWA Certificate Error

If OWA cannot locate the certificate, an error stating The Local Certificate Specified Was Not Found in the Store for the Local Computer appears.

In this case, confirm that the value of the OCSCertificateIssuer and OCSCertificateSerialNumber fields in the Web.Config file are correct. Also ensure that there are blank spaces between every two characters in the serial number to separate octets in the string.

References

TechNet: http://technet.microsoft.com/en-us/library/ee633458%28EXCHG.140%29.aspx
Chris and Robin’s Technology blog: http://chrislehr.com/2009/11/implementing-integrated-ocs-in-owa-2010.htm
Martin Sundström: http://msundis.wordpress.com/2010/06/21/integrate-ocs-2007-r2-with-exchange-server-2010-sp1-owa/
Rand Morimoto: http://www.networkworld.com/community/node/47348