This article covers the Instant Messaging (IM) integration configuration between Lync Server 2010 and Exchange Server 2010 SP1.  How this differs from my previous article on Lync and Exchange UM Integration is that focused on integrating Unified Messaging features like Voice Mail and the Outlook Voice Access attendant while this article covers IM/Presence related features of the Lync client which are baked directly into Outlook Web App.

Lync Server does not include a Web Access client like what was available in Office Communications Server.  The Lync Server’s web client now only provides conferencing services for authenticated and anonymous attendees via a web-browser.  The IM/Presence features are now only available in a web-browser-based embedded client from within Outlook Web App in Exchange Server 2010.

The lab environment used as examples was built using the same processes discussed in these three previous articles for Lync Server.  A single consolidated Exchange 2010 SP1 server was also added in the recent UM integration article.

This process has been covered in various other articles online but I chose to include this in my series of deployment articles so that anyone using them for their own deployment can follow along just the same.  Also the selection and order of prerequisite software is different in this article as it is the most current and reflects the latest changes in hotfix availability.

Overview

The following steps completed in this order in a greenfield deployment should yield a working UM environment in little time.

  1. Install the prerequisite software and associated hotfixes on the Exchange server.
  2. Enable various instant messaging settings on the Exchange Client Access service.
  3. Define a new Trusted Application Pool and configure the Trusted Application in Lync Server.
  4. Enjoy.

Configuration

These steps begin right where the UM integration article left off, although the UM configuration is not required to setup the following IM integration.  These integrations (UM or IM)  can be performed in either order.  Both the Exchange and Lync server hosts are running Windows Server 2008 R2, so the specific hotfixes and download in this article only address that specific server version.

1.  Install Prerequisite Software

The first component to install is the Microsoft Office Communications Server 2007 R2 Web Service Provider which contains the necessary components to add basic IM and presence features into Outlook Web App.

  • Download and install the CWAOWASSPMain.msi installation package on the Exchange Server where the Client Access Server role is running (e.g. lab1exch.csmvp.net).  Select the default installation location as this package will only unpack the installation files and then drop them in the directory shown, it does not perform any component installation.

image

  • Browse to the newly created directory (e.g. “c:web service provider installer package”) and run the vcredist_x64.exe package to install Visual C++2008.  This component may already be installed if the UM integration was previously configured on this Exchange Server.

Next is the Unified Communications Managed API 2.0 Hotfix (KB 2400399) which installs the latest updates for the UC Managed API.  Although this component is included in the unpacked Web Service Provider install directory a newer version needs to be used.

  • Download and install the UcmaRedist.msp patch on the Exchange Server.  Using the Programs and Features control panel verify the installed version is at least 3.5.6907.215.  This component may also already be installed if UM integration is already configured.

image

Now the Web Service Provider components can be installed.

  • Browse to the newly created directory (e.g. “c:web service provider installer package”) and execute the CWAOWASSP.msi package on the Exchange Server.  The installation is nearly silent and only a brief status window will appear.  Since no confirmation window appears the installation should be validated by using the Programs and Features control panel verify the installed version is at least 3.5.6907.57.  (Make sure not to mistake the Installer Package as it also appears in the list with the same version; there should be two similar lines.)

 

image

The next component needed is the OCS 2007 R2 Web Service Provider Hotfix (KB 981256) which updates the Web Service Provider with the latest hotfixes. Take note that although the file name of this patch appears identical to the original installation file extracted in an early step the patch is not all-inclusive (notice .msi versus .msp).

  • Download and install the CWAOWASSP.msp patch on the Exchange Server.  The version number should now be incremented to 3.5.6907.202.

image

 

2. Configure Exchange Server

The Client Access Server configuration is performed using the Exchange Management Shell with a set of PowerShell cmdlets used to identify the current certificate and then populate the various InstantMessaging parameters.

The initial step is identify the certificate currently assigned to the IIS service in Exchange and record the thumbprint value.

  • Display a list of installed certificates and their enabled services by using the following cmdlet.  Copy the Thumbprint value for the certificate enabled for the IIS service.

Get-ExchangeCertificate|fl Services,Thumbprint

image

  • To make sure that only a single OWA Virtual Directory is currently configured on the Exchange Server (which is the default) execute the Get-OWaVirtualDirectory cmdlet and verify that the only returned result is owa (Default Web site).

Get-OWAVirtualDirectory

image

If more than one entry is returned then either additional directories have been defined for the single CAS or there are multiple CAS hosts in the organization, each with it’s own OWA virtual directory.  In the case of the latter the next step is the same as the cmdlet will place the same configuration on each virtual directory.  But if only a single virtual directory or single CAS is to be targeted then drop the initial cmdlet in the example and add the -Identity switch to target only the desired virtual directory to configure.

  • To select the single default OWA virtual directory and then configure the various InstantMessaging parameters use the following cmdlet with the discovered certificate thumbprint and the desired Lync Server FQDN (e.g. lab1ls.csmvp.net).

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InstantMessagingType OCS -InstantMessagingEnabled:$true –InstantMessagingCertificateThumbprint 851588624951A8181DAB0CB6A52C19AC4C15DFA4 -InstantMessagingServerName lab1ls.csmvp.net

  • Perform an iisreset on the Exchange Server where the changes where applied to force and update of the IIS metbase and service.  If this is a live environment then the /noforce option should be added to prevent dropping any active client connections.

image

3. Configure Lync Server

In this section the Topology Builder will be used to define a trusted application pool with the Exchange Server, followed by a PowerShell cmdlet used to enable the application connection and select a static port for communications with Exchange.  Some additional cmdlets will also be used to display the configuration changes for verification purposes.

  • Open up the Lync Server Topology Builder on the Lync Server and select the option to Download topology from existing deployment.  Save the imported data to a local .tbxml file for editing.
  • Expand the site and create a new Trusted Application Pool under Trusted Application Servers.  Enter the FQDN of the Exchange Server with the CAS role which was just configured (e.g. lab1exch.csmvp.net) and select Single Computer Pool.  (Alternatively use the virtual FQDN of the load balanced CAS array the Multiple Computer Pool setting in a large deployment.)

image

  • Select the Next Hop Pool which will be the FQDN and Site name of the Lync Server. In this scenario there is a single server in a single site so there will not be any other choice to select from on this portion of the wizard.

image

  • Complete the wizard and publish the topology changes to the Central Management Store.

image

  • To verify the changes are seen by the Lync Server use the Get-CsTrustedApplicationPool cmdlet with the Lync Server Management Shell to display the trusted application pool configuration.

Get-CsTrustedApplicationPool

image

  • The Get-CsTrustedApplicationComputer cmdlet will also show the defined computer object when the Single Computer Pool option is selected in the Topology Builder.

Get-CsTrustedApplicationComputer

image

The next step in the configuration is to use the New-CsTrustedApplication cmdlet to define a trusted application and associate it to the new trusted application pool.

Before configuring the trusted application an open listening port on the Lync Server must be selected.  Any unused port can be selected and in this example 5059 was chosen in an effort to keep it mathematically close to the other Lync Server related ports.  If no output is shown in the command then that indicates the port is not currently used as a source listening port, nor are any connections established to foreign hosts using that as a destination port either.

  • Enter the following command on the Lync Server to search for any current usage of the desired TCP port.

netstat -a | findstr 5059

  • Use the following New-CsTrustedApplication cmdlet to create the trusted application and associate it with the new trusted application pool.  (The ApplicationID value can be any desired string such as it is unique to the trusted application pool.)

New-CsTrustedApplication -ApplicationId ExchangeOWA -TrustedApplicationPoolFqdn lab1exch.csmvp.net -Port 5059

image

  • As instructed by the previous command issue the Enable-CsTopology cmdlet to apply the latest configuration changes.  The –v switch (for verbose) can be used to display the command progress as well as the location of the output log file.

Enable-CsTopology –v

image

  • Open the referenced Enable-CsTopology-<GUID>.html file in the %TEMP% directory and search it for the ApplicationID provided (e.g. exchangeowa) to verify a successful activation.

image

4. Verify Integration

At this point the integration should be fully functional and can be verified by logging into Outlook Web App with a Lync-enabled and mailbox-enabled user account.  The presence chiclets will be visible next to user’s names in the email header fields and are also drop-down menu activated to display the available communications modalities.

image

image

By Jeff Schertz

Site Administrator

99 thoughts on “Lync and Exchange IM Integration”
  1. Hi Jeff, great post as usual… I used this with success in my Lync RC lab, but now I am setting up RTM in my production environment and the difference there is that I have a two-node cas array running WNLB instead of just a single CAS server.

    My two CAS servers have a single-name GoDaddy cert used to publish OWA (secure.mydomain.com), which causes OWA/IM integration to fail since the FQDN of the cert doesn't match the server name. In the lab I solved this by creating a self-signed cert matching the server FQDN and adding that thumbprint to the owavdirectory. However, I'm not quite sure how to go about this for the array since there are two hosts with unique FQDNs. If I create a self-signed cert with the FQDN of the cas array (outlook.domain.local) will that work?

    Thanks!

    Wes

    1. Update: got it to work… created a cert on my DC/CA for each of the CAS servers (cas1.domain.local and cas2.domain.local) and set each cert on the respective server's owavdirectory…

      1. Wes, the proper approach when dealing with NLB and Exchange CAS is to use a single certificate which is imported on both servers (with the private key). Typically the Common Name would be the client facing name (e.g. secure.mydomain.com) and then the SAN field would include the individual server names when TLS connections for mail transport or UM/IM functionality is required. Self-signed certificates will not work for TLS communications with an OCS/Lync server.

        Make sure to check the Exchange Server documentation for guidance on how to configure the virtual directory names when using NLB.

        1. Jeff,

          Got a similar(ish) issue in my lab. I have a single Ex2010 server running all roles. OWA/Lync integration is working fine for internal users. Hwoever, when a user signs into OWA externally, there is no contact list display (only the heading), presence is greyed out everywhere except for their own in the To: field.

          Looking at SIP traces I see the REGISTER and SUBSCRIBE events coming into Lync from Exchange. It just appears that OWA is not displaying the info correctly when published externally.

          Any suggestions on where to hunt ?

          -Dave

          1. Are you using a CAS array with different internal and external URLs for client access? If so, see my other reply in this section.

      2. Hi,

        Can you please describe the steps you have followed to solve the above issue,I'm having the same setup and fould this below errorr in Lync logging

        Exit$CryptFailure – error validating the certificate with SN=[exch.domain.local]. Returned HRESULT=800B010F

        1. That error code indicates a name mismatch between the FQDN used to connect to the server and what is populated in the SN or SAN fields.

  2. If got a non-internet facing cas array (excl01.domain.info) I'm trying to IM integrate with a hardware load-balanced Lync Server pool (pool1.domain.info).

    CAS – Each CAS node has a cert (SN=servername.domain.info, SAN=excl01.domain.info). Assigned that cert to the OWA virtual directory and used that cert for InstantMessaging. Switching the SAN and SN arround does not appear to make any difference.

    Pool1 – Created a multiple computer trusted application pool called excl01.domain.info that contains each of the CAS servers in that array. Published the topology, created an trusted application and associated it with excl01.domain.info. Bounced all the servers and still nothing. Not even SIP showing up in the Lync Logger.

    I can log into Lync communicator without a hitch. Share docs and download the addressbook no problem.

    This smells like a cert issue so please confirm:

    1. the internal webservice name on each CAS node (CAS server FQDN OR the CAS array-name)?
    2. CAS server certificate SN and SAN names?
    3. I've set exchange eventlog level to expert for all OWA objects but the event log is empty. Where else can I check / trace?

    1. Since writing this article the Lync documentation has been updated to indicate that a different process is used between environments where the Exchange UM server roles is either dedicated or collocated with the CAS role(s). Take a look at the 'Important' note in this document: http://technet.microsoft.com/en-us/library/gg4130

      I have not configured this with a CAS array yet but I would guess that the Trusted Application might be defined using the load-balanced CAS pool FQDN while a unique Trusted Application entry would need to be added for each server in the array, using the server FQDN instead. I'll try to find out what the direction is and update this discussion with my findings.

      Also, hostname entries included in either the SN or SAN field are treated the same, so order does not matter (unless dealing with pre-SP1 ISA Server 2006).

  3. Hi Jeff,

    Thanks for the great resource.

    My IIS cert on the Exchange machine used my external FQDN as the subject name, and even though the internal machine's name (.local) was a SAN, that wasn't good enough to get the two servers to play together.

    Tracing a failed OWA login in Lync gave me "CONNECTION: The peer is not a configured server on this network interface", and "Data: fqdn="<my external FQDN>".

    I was able to resolve this simply by creating a new cert in Exchange (against my internal CA) with the subject as the machine's internal FQDN. I didn't need to allocate any services to it, and all it took to get it working was to re-issue the "Get-OwaVirtualDirectory | Set-OwaVirtualDirectory…" command above with the new thumbprint, followed by an IISreset. Voila!

    – Greig.

    1. Thank you Jeff for the great blog and thank you Greig for the feedback that just fixed the same issue I was having.

      1. "me too" Great blog Jeff, very helpful – and Greig – awesome mate! your solution has got me past the completely weird Multi-SAN Certificate issue I was having getting this working.

    2. Same issue I had. Just that the internal cert I used hat just the domain name as CN, but not the FQDN of the Exchange server name. I changed the cert, made an iisreset and it started working at once.

  4. Hello. I am stuck with this integration. On OWA there is no signs of it. I did all the steps described here. I cant even see any errors anywhere. Only thing i get is information event log "Instant Messaging Endpoint Manager was initialized successfully". I have Lync pool from two FE server, and CAS array. They are DNS load balanced.

    Lync pool: lync2010entpool.mydomain.lt
    Lync fe: fe-1.mydomain.lt, fe-2.mydomain.lt
    CAS array: owa.mydomain.lt
    cas: ex-cas-1.mydomain.lt, ex-cas-2.mydomain.lt

    Certificate on cas servers is with subject owa.mydomain.lt and SANs of server FQDNs.

    1. Arturas, with a load balanced pool you'll need to configure a multiple-computer Application Pool so you cannot follow these direction verbatim as this example is for a single server scenario.

      1. Thank you Jeff. We have Exchange Multi-Tenant deployment and we figured out that IM integration is not working only for Hosted organization users, but we have more issues with these users, so i will come back to IM integration later.

  5. Thanks for taking the time on the thorough guide Jeff, especially around versioning of the CWA components. Helped me troubleshoot my installation and get it going.

  6. Hey Jeff,

    I followed this article exactly as it was written; however, when I open OWA and expand the Contact List I see the following message:

    "Instant Messaging isn't available right now. The Contact List will appear when the service becomes available."

    We have a mixed 2003/2007/2010 SP1 environment (upgrading everyone to 2010). Any idea's? At this time, we only have 1 2010 CAS.

    1. Tucker, has this issue cleared up with time by chance? Wondering if a reboot or replication interval has resolved this or if it is a configuration issue.

      1. Hi!

        I have the same issue and same environment as Tucker above. Is there perhaps an integration issue when you have 2007 CAS/MBX servers along with 2010 SP1 Cas/MBX servers?

        1. I haven't tested this fully in mix-version environments, so I supposed it's possible, but I'm not aware of anything.

  7. –InstantMessagingCertificateThumbprint This parameter is not found in Set-OwaVirtualDirectory , can u help plz…
    it shows this error:

    A positional parameter cannot be found that accepts argument '0C1625FEA0AD2730503BB5ABA88594E1C97139DE'.
    + CategoryInfo : InvalidArgument: (:) [Set-OwaVirtualDirectory], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Set-OwaVirtualDirectory

  8. Hi Jeff,

    This is a fantastic article for gettig this stuf set up. However, in my case, I am getting the same results as Tucker above (instant messaging unavailable…etc.. on the OWA page). I have a very simple setup – single Exchange 2010 SP1 machine and a single Lync server with an Edge server configured (not sure if that makes a difference). The certificate I am using defintely has the internal FQDN as part of the SAN list on the cert. Do you have any advice on which logging options to select to try and pin down the issue I am having? Any advice is much appreciated!!

    -Rich

  9. Jeff,
    I had the same problem as Tucker and I manage to fix it. The problem was with the certificate on the exchange that was used for Lync integration. In my deployment I used an exchange cert that wasn't assigned to IIS but to the UC role of exchange. That fixed it.
    Hope this will help others.
    Kind regards,
    Alex.

  10. Hi jeff
    I rrecently discover that, when you assign an OWA mailbox policy (include the Default Owa mailbox policy), don't forget to to set the "InstantMessagingType" parameter to "1" in your policy… otherwise the Lync integration in OWA will not work anymore for this user. Even if you have set the "InstantMessagingEnabled" to TRUE !!
    the "InstantMessagingType" parameter is only accessible through the PS cmdlet set-OwaMailboxPolicy !

    1. I tried Fred's solution and I have one user that cannot setup the voicemail in OWA. ME! Microsoft thought it might because my account had some type of administrative rights. I have confirmed that the account does not have any admin rights to the domain. And the groups match other users that can setup up their voice mail through OWA

      Looking for and all ideas.

  11. 3.5.6907.202 of CWAOWASSP.msp fails to install, yet I have the previous version installed. I get the message-__"The upgrade patch cannot be installed by the Windows Installer service because the program to be upgraded may be missing, or the upgrade patch may update a different version of the program. Verify the program to be ugpraded exists on your computer and that you have the correct upgrade patch."__I've followed the steps several times, yet continue to get this error.

    1. Jeremy I havne't run into this issue but it may be related to the version and edition of the OS you are using. I'd suggest posting on the Exchange TechNet forums for additional help.

  12. Hi.

    i follow all mention steps, but now working, my enviorment

    one exchange server fqdn: abc.domain.com

    lync server fqdn: xyz.domain.com

    owa internal and external url: mail.domain.com/owa—–this is a mail certificate name also mail.domain.com

    on exchange side i follow all steps.

    now lync side i try both name for my exchange server. in trusted group when i add mail.domain.com and publich its warning me then Local AD can,t located the fqdn.

    what can i do please help.

    Regards.

    1. If you are using an FQDN other than the server name itself then that is normal, and it's just a warning; you can ignore and continue on. It's just the ommand teling you that it doesn't see the supplied pool name FQDN as a currently known computer object in Active Directory, but that is not a requirement for the integration.

      1. hi,
        thanks for reply, jeff i follow all upper mention instructions. but web owa user not show online. the owa internal and external name is mail.contoso.com and my exchange server fqdn is exchange.contoso.com
        and ad name is contoso.com. and lync server fqdn is lync.contoso.com. in lync i add trusted pool mail.contoso.com.
        now where is am wrong

  13. Hi,
    i am not using the local FQDN (xchange.contaso.com)—i am using the my CAS certificate name. mail.contaso.com. and when i publish my CAS name in lync server the AD name error. i ignore this error and follow your all steps and login my owa web client but the exchange and link owa intgration not working. mean i am not appear online.

  14. Hi,

    Is it possible for you to post an example of the following. We have 5 Virtual directories and I only need to add to one of them. I have tried different combinations of the -identity but cannot seem to get it work,

    But if only a single virtual directory or single CAS is to be targeted then drop the initial cmdlet in the example and add the -Identity switch to target only the desired virtual directory to configure.

    Thanks
    Paul.

  15. Hi Jeff,
    thanks for this wonderful post,
    i am having some issue, i have upgraded my exchange 2010 to SP1, my admin display version id 14.1 when i do get-exchangeserver.
    when i run the command that you specified get-owavirtualdirectory | set-owavirtualdirectory …..
    i get the following error
    A positional parameter cannot be found that accepts "pool/standard edition lync server name".
    * category info : InvalidArgument: (:) [Set-owavirtualdirectory],
    ParameterBindingException
    * FullyqualifiederrorID : PositionalParameter not found, set-owavirtualdirectory

  16. HI to all.
    Thanks Jeff for this Post. It worked but as i am using policies only with Fred's solution (InstantMessagingType:OCS) i get it working for all my users.
    Thanks
    Marco

  17. Hi fellow post readers.

    I had the following issues.
    First of all after some reading I found out Wildcard certs are not supported. Changed that and it still did not work.
    After some more reading I found that the Cert subject name needs to be (in my case) the server FQDN.

    After I changed that everything started working.

    Hope this helps someone else as well.

    Regards

    Johanvdm

  18. I also had the problem of greyed out contacts trying to use a wildcard cert. Using the sip stack trace in my Lync server I confirmed the issue was in fact due to a host name mismatch (was looking for host name: server.domain.com but the cert was showing *.domain.com). Importing a new private cert from my internal CA into the CAS server (but not assigning it to any exchange resources) fixed the issue.

    However – another note on this problem of greyed out contacts. When testing this across multiple browsers, I am finding that it DOES NOT work in IE9 – but it does work in Firefox and Chrome. Has anyone else found this to be the case?

    If you are getting greyed out contacts and are using IE9 – try a different browser to see if that fixes your issue?

  19. Hi Jeff

    I'm trying to install CWA integration with Exchange 2010 SP2 CAS Servers. I've installed all the required updates in order and verified version details in Add/Remove Programs.

    I've also viewed the required policy's are enabled etc via get-owavirtualdirectory and get-mailboxpolicy. Yet I still can't see any CWA features in OWA.

    I've attempted this a few times but with no luck

    Is there any known issues that you have come across with SP2?

  20. lync 2010 enterprise install notes:
    -InstantMessagingServerName = pool1.consco.com (pool name, not sever name since it's enterprise install)

    Created and assigned no services to internal cert for fqdn of exchange server since public cert was mail.consco.com. (exchange.consco.com = server name) SANs entry didn't work.

    generate certificate request thru iis on exchange server. on interna CA, run as elevated admin the following
    certreq -submit -attrib "CertificateTemplate: WebServer" exchangecertrequested.txt

    follow the directions above to assign thumbprint to new cert and get everything working

    Additional settings to check
    Set-OWAMailboxPolicy -Identity [Your Policy's Identity] -InstantMessagingType 1

  21. As a side note to this FANTASTIC post, I use a SAN cert with over 12 names in it. For this to work properly with that type of environment, in Step 3 when creating an Application Pool, create it for multiple hosts. Set the FQDN of the pool to the first name in the SAN cert, add the CAS server as one of the servers in the pool (even if you only have one CAS server) and then finish the remaining steps. This will get it working perfectly.

    I beat my head against a wall for about half a day trying to figure out what was going on until I used the Lync tracing tool and found out what URL was being passed to Lync by the CAS server.

    Hope this tip helps others out there.

  22. Hi Jeff,

    Thanks for the Blog u made. its helping me to deploy Lync integration with Exchange OWA. but when user login from OWA, Lync client automatically sign out just because the multi session. when user close the OWA, Lync Client doesnt login automatically. do u know how to make it to be multisession ? so user can still online ?

  23. Wonderful Article,

    No question here just wanted to thank you for this great walkthrough 🙂 I managed to integrate Lync with OWA successfully with this.

  24. Hi Jeff.

    Thanks for thhe great post. A quick question, I followed your steps and intigration is fine, except on OWA I get an error 'instant messaging isn't available right now'?

    I ran the logging tool on Lync and didn't come across any red lines. Any ideas?

    Both my Exchange 2010 and Lync 2010 are single server deplyments.

  25. The Technet instructions say to install the UCMA runtime in addition to the redistributable. What is the difference and is this required?

  26. Hello

    Nice article, though i Have a question? If I use CAS Array, do I need to install all things on each CAS Server?

    Thanks you!

    1. Yes, all CAS nodes require the same configuration assuming that you are configuring the integration to support connectivity all all nodes in the array.

  27. Hi Jeff

    I'm having a hard time confirming weather or not this statement is correct:

    Your article doesn't touch on this matter. These lines are from the otherwise excellent Mastering Lync Server 2010:

    "You should be operational if your CA server also has the UM role and the UM server is
    confi gured to integrate via a SIP URI dial plan with Lync. If UM is not installed on the CAs
    server or is not set up as previously discussed, then you must create a Trusted application as indicated in the “If Your CAS Is Not Also Your Lync UM Server” sidebar."

    On page 573

    In other words – if the CAS and UM server are collocated – The New-CsTrustedApplication should not be necessary – can you confirm or deny this?

    I'm having trouble setting this up, but will not try adding the CsTrustedApplication part to a non-functioning setup..

    -Jonas, Denmark

  28. Hi again Jeff.. Just to follow up on the comment I just put up.. I added the CsTrustedApplication into the non-working setup and now IM integration works! (the OWA can sign in)

    I'll try and get a hold of the authors of the Mastering Lync Server 2010 and get their comments on this..

    -Jonas

  29. Jeff,
    Thanks for the great info. This actually helped me solve a trusted application issue with my Lync deployment and a video integration with the Polycom solution. I can now land calls on the RMX from my Lync clients

  30. Hi Jeff, thanks a lot for the post. I just navigated to your site instead of Google. 😉 Result: everything's fine with "Lync Web App".. 🙂

    Greetings from Germany, Matthias.

  31. I have an enterprise pool with a CAS array, the CAS array name is outlook2010.doamain.com and the subject name on the SAN cert is outlook.doamin.com. I followed all these steps, created the trusted app pool with the outlook.doamin.com name as it is the subject on the SAN cert (the individual CAS server names are also on the SAN cert). I added the individual CAS servers to the trusted pool, published the topology, and enabled the topology with no errors. I also enabled IM in the OWA and virtual directory policies in exchange and set the type to 1.

    In OWA everything is greyed out and the contact list is unavailable. My SIPSTACK log shows nothing from the CAS servers, and when I do a nestat on the FE servers i don't show them listening on 5059. What else should I look at??

  32. Hello Jeff,

    I we have just integrated Lync in OWA as you show, but now we see a problem. Apparently, new Lync user will see the following message “Your privacy settings have been changed. Please sign in to IM on your desktop to complete the changes. If your are already signed in, please sign out, and then sign back in”.
    Do you know any way to avoid signing in with the stand-alone Lync application? We have many users that work on Linux and it would be very bothering for them to get a windows machine and use Lync just once in order to be able to use it with OWA.

    Thank you very much in advance.

    Best,
    Fernando.

  33. Jeff,

    Thanks for this great article. Wanted to know if you have a updated install instructions on Lync 2010.
    thanks, Jerry

    1. These are for Lync 2010; did you mean 2013? After 2013 is released I will start to write articles focused on that version.

  34. I have 2 IIS virtual directories that show up when I perform the get-owavirtualdirectory. We have 2 sites one in the US and one in the UK but for now I only want to get this working in the US. How can I apply the powershell to only that server?
    Is this the correct powershell for this?:

    Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -identity mailserver.domain.com -InstantMessagingType OCS -InstantMessagingEnabled:$true –InstantMessagingCertificateThumbprint XXXXXXXXXXXXXXXXXXX -InstantMessagingServerName Pool.domain.com

    1. No that approach would retrieve all defined OWA Virtual Directories. You simply need to set them individually.

  35. Hi Jeff,

    I have 1 query. In my topology i have 3 CAS servers. In CAS servers we have used Public SSL certificate for internal as wellas the external use.

    I have integrated CAS virtual directory (Say:- mail.example.com) with Lync 2010.

    The subject name of the public certificate is same as the virtual directory name(mail.example.com).

    In Lync 2010 I have created internal certificate

    I have created Trusted application name in Lync 2010 as mail.example.com.

    After integration:-

    1) I can see the presence of Lync contacts in OWA

    2) From OWA I can initiate a chat to Lync but lync user can’t reply

    3) From Lync I am not able to Initate a chat to those who are log in to OWA.

    Please help to resolve this issue

    Regards,

    Anish Sebastian

  36. Thanks for another great walk-through. Had it working fine on Exchange 2010 sp2, but does not seem to be after installing sp3. Any ideas on why? Should we rerun it all again? The we service providers are still listed. Thanks a lot.

  37. The web.config file is replaced with the default system file when applying a SP updates, so you'll need to add the we.config changes back in again. In the future backup the customized web.config file prior to installing an Exchange service pack.

  38. However – another note on this problem of greyed out contacts. When testing this across multiple browsers, I am finding that it DOES NOT work in IE9 – but it does work in Firefox and Chrome. Has anyone else found this to be the case?

  39. Hi jeff
    I recently discover that, after you assign an OWA mailbox policy (include the Default Owa mailbox policy), do not forget to to line the "InstantMessagingType" parameter to "1" in your policy… otherwise the Lync integration in OWA won't work any longer for this user. Even if you have set the "InstantMessagingEnabled" to TRUE !!
    the "InstantMessagingType" parameter is only accessible through the PS cmdlet set-OwaMailboxPolicy !

  40. Hi Jeff,

    I want to understand about the additional load on the CAS and Lync front end servers. DO you have any references for this. We have 3 internet facing CAS servers behind hardware load balancer.

    Thank you
    Rajeev

  41. Hi Jeff,

    I have an issue while integrating Lync 2010 with exchange online, i am getting multiple contacts while searching the users , one is normal contact from gal another contact for the same user showing as(RECIPIENT CACHE),

    If we remove the Lync –>options–> and change the "personal information manager option as none , it will display only the original contact .

    Regards,
    Anoob

    1. You are rocking…I was trying to fix this issue and your solution really worked for me….this is for Outlook 2013 Server and Lync Client 2010.

    2. Sorry if we use this option it will disable the ability of integration with outlook like the meeting presence.
      Instead of that we can exclude that folder using the policy while search.
      Either create a new policy or use existing policy
      New-CsClientPolicy –Identity “ExcludeContactSearching” –ExcludedContactFolders “Recipient Cache”

      And assign this policy to the required users, it will not show the recipient cached item in lync search.

  42. I'm getting below error while runing COWAOWAASSP.msp

    " the upgrade patch cannot be installed by the windows installer service because the program to upgraded may be missing, or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch"

    Any thoughts?

    1. I’ve never seen that but as this article is quite old it is possible that something has changed in those prerequisite installer packages. At minimum I’d delete and re-download that specific package.

  43. I hate to "bump" an old post, but I wondered if you had any advice for getting this to work for users homed on a SBA registrar pool? I'm finding that users housed in such a pool can only see presence information for other users in their branch pool, but no one else. We are running Lync 2013 and Exchange 2010…thanks for any advice you can give!

    1. I would imagine that it should work across all pools but I can't say I've tested that scenario before with the IM integration.

  44. I'v got Exchange Server 2010 and Lync Server 2013 Standart.
    It can't work together because certificate CN of Exchange server not equal it's name in local network.
    Look. Name of Exchange Server internal – exch.lala.lan and external – mail.baba.biz
    IIS certificate CN of course mail.baba.biz. Because it need work with clients who external. ActiveSync and so on.
    But in topology of Lync Server 2013 I must use name exch.lala.lan. Because Active Directory.
    How I can make they work?

    1. Your Exchange server should have its local FQDN. The workaround I already explain ed in the article is to assign a separate certificate to the UM service with the server’s FQDN as the Common Name.

  45. Hi Jeff, Im trying to integrate Lync 2013 with Owa 2010 Sp1, but my problema is my Cert in OWA IIS directory is *.mydomain.com, SSL GeoTrust, How i can to woks If II need Still using my Cert secure paid?

    1. You’ll need to update that certificate to include the required FQDN in additional to retaining a wildcard entry (in the SAN, not the CN) in order for this to work.

  46. Hi,

    I am able to IM but when they respond from Lync desktop client it fails also IM only reaches desktop client it doesn’t reach OWA.

    Please suggest what would be the issue. Presence is working.

Leave a Reply

Your email address will not be published. Required fields are marked *