Lync and Exchange IM Integration with Multiple Exchange Servers
This article covers the Instant Messaging (IM) integration configuration between Lync Server 2010 and Exchange Server 2010 SP2. I have 2 Exchange Servers one in the US and the other in EMEA and only wanted to implement in the US. I could not find a tutorial on how to only publish to one site so I hope this can help.
- Install the prerequisite software and associated hotfixes on the Exchange server.
- Enable various instant messaging settings on the Exchange Client Access service.
- Define a new Trusted Application Pool and configure the Trusted Application in Lync Server.
1. Install Prerequisite Software (MUST BE INSTALLED IN THE ORDER BELOW)
The first component to install is the Microsoft Office Communications Server 2007 R2 Web Service Provider which contains the necessary components to add basic IM and presence features into Outlook Web App.
- Download and install the CWAOWASSPMain.msi installation package on the Exchange Server where the Client Access Server role is running (e.g. mailserver.domain.com). Select the default installation location as this package will only unpack the installation files and then drop them in the directory shown, it does not perform any component installation.
- Browse to the newly created directory (e.g. “c:web service provider installer package”) and run the vcredist_x64.exepackage to install Visual C++2008. This component may already be installed if the UM integration was previously configured on this Exchange Server.
Next is the Unified Communications Managed API 2.0 Hotfix (KB 2400399) which installs the latest updates for the UC Managed API. Although this component is included in the unpacked Web Service Provider install directory a newer version needs to be used.
- Download and install the UcmaRedist.msp patch on the Exchange Server. Using the Programs and Features control panel verify the installed version is at least 3.5.6907.215. This component may also already be installed if UM integration is already configured.
Now the Web Service Provider components can be installed.
- Browse to the newly created directory (e.g. “c:web service provider installer package”) and execute theCWAOWASSP.msi package on the Exchange Server. The installation is nearly silent and only a brief status window will appear. Since no confirmation window appears the installation should be validated by using the Programs and Features control panel verify the installed version is at least 3.5.6907.57. (Make sure not to mistake the Installer Package as it also appears in the list with the same version; there should be two similar lines.)
The next component needed is the OCS 2007 R2 Web Service Provider Hotfix (KB 981256) which updates the Web Service Provider with the latest hotfixes. Take note that although the file name of this patch appears identical to the original installation file extracted in an early step the patch is not all-inclusive (notice .msi versus .msp)
- Download and install the CWAOWASSP.msp patch on the Exchange Server. The version number should now be incremented to 3.5.6907.202.
2. Configure Exchange Server
The Client Access Server configuration is performed using the Exchange Management Shell with a set of PowerShell cmdlets used to identify the current certificate and then populate the various InstantMessaging parameters.
The initial step is identify the certificate currently assigned to the IIS service in Exchange and record the thumbprint value.
- Display a list of installed certificates and their enabled services by using the following cmdlet. Copy the Thumbprintvalue for the certificate enabled for the Internal CAS service.
- You may need to open up the MMC console and look at the computer certificate
- To make sure that only a single OWA Virtual Directory is currently configured on the Exchange Server (which is the default) execute the Get-OWaVirtualDirectory cmdlet and verify that the only returned result is owa (Default Web site).
This is where I could not find a solution on having 2 different Exchange Servers and applying only to 1
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -identity “EXCHANGESERVER\owa (Default Web Site)” -InstantMessagingType OCS -InstantMessagingEnabled:$true –InstantMessagingCertificateThumbprint THIS IS THE CAS SERVER THUMBPRINT -InstantMessagingServerName LYNCPOOL.DOMAIN.com
Perform an iisreset on the Exchange Server where the changes where applied to force and update of the IIS metbase and service. If this is a live environment then the /noforce option should be added to prevent dropping any active client connections.
3. Configure Lync Server
Now we need to configure the Lync 2010 server. Use the Lync Server Topology Builder to add a new Trusted Application Pool, as follows:
Open the existing topology.
Expand your Lync Server 2010 > your sitename.
Right-click Trusted application servers and select New Trusted Application Pool.
Enter your CAS server or CAS array’s FQDN in the Pool FQDN field, select Single Computer Pool and click Next. If you’re using a hardware load balancer with separate VIPs for OWA and MAPI connections, use the FQDN for the OWA (HTTPS) connections.
Select the Front End Pool for the Trusted Application Pool.
Right-click the new Trusted Application Server and select Edit Properties.
Clear the check box for Enable replication of configuration data to this pool
and click OK
Publish the new topology.
The next step in the configuration is to use the New-CsTrustedApplication cmdlet to define a trusted application and associate it to the new trusted application pool.
Before configuring the trusted application an open listening port on the Lync Server must be selected. Any unused port can be selected and in this example 5059 was chosen in an effort to keep it mathematically close to the other Lync Server related ports. If no output is shown in the command then that indicates the port is not currently used as a source listening port, nor are any connections established to foreign hosts using that as a destination port either.
Enter the following command on the Lync Server to search for any current usage of the desired TCP port.
netstat -a | findstr 5058
- Use the following New-CsTrustedApplication cmdlet to create the trusted application and associate it with the new trusted application pool. (The ApplicationID value can be any desired string such as it is unique to the trusted application pool.)
New-CsTrustedApplication -ApplicationId ExchangeOWA -TrustedApplicationPoolFqdn mailserver.domain.com -port 5058
After running this is what you should see
WARNING: The following changes must be made in order for the operation to be complete.
Enable-CsTopology must still be run for all changes to take effect.
Identity : mailserver.domain.com/urn:application:exchangeowa
ComputerGruus : mailserver.domain.com sip:mailserver.domain.com@domain. com;gruu;opaque=srvr:exchangeowa:zluL1yQ-Cw0mk-mSgAA}
ServiceGruu : sip:email@example.com;gruu;opaque=srvr :exchangeowa:zluL1xka0mk-mSgAA
Protocol : Mtls
ApplicationId : urn:application:exchangeowa
TrustedApplicationPoolFqdn : mailserver.domain.com
Port : 5058
LegacyApplicationName : exchangeowa
As instructed by the previous command issue the Enable-CsTopology cmdlet to apply the latest configuration changes. The -v switch (for verbose) can be used to display the command progress as well as the location of the output log file.
VERBOSE: Creating new log file
VERBOSE: Activate new or updated services in the topology.
VERBOSE: No changes were made to the Central Management Store.
VERBOSE: Creating new log file
VERBOSE: “Enable-CsTopology” processing has completed successfully.
VERBOSE: Detailed results can be found at
4. Verify Integration
At this point the integration should be fully functional and can be verified by logging into Outlook Web App with a Lync-enabled and mailbox-enabled user account.