Brief History


Exchange Server 2010 RTM is the first version of Exchange that allows integration between Outlook Web App and Office Communications Server's instant message capabilities. The RTM steps to configure the Instant Messenger integration between Office Communications Server and Exchange were as follows:

1. Configure Office Communication Server 2007 R2

  • Add Exchange Server's name(s) and its certificate info to the Host Authorization tab

2. Configure Exchange Server 2010  Client Access Server

  • a) Configure certificate
  • b) Install Office Communications Server components on to Exchange Server
    • Run  CWAOWASSPMain.msi file to expand the below files:
      • Double-click on vcredist_x64.exe (Visual C++ Redistributable Setup)
      • Double-click on UcmaRedist.msi (Unified Communication Managed API 2.0 Core Redistribution 64-bit package)
      • Open a CMD window with elevated privileges (using an administrator password) and run CWAOWASSP.msi
  • c) Edit web.config file so Exchange Server 2010 Client Access server knows how to communicate with Office Communications Server 2007 R2 server.

3. Office Communication Server 2007 R2 User configuration to confirm that all users are enabled for Instant Messaging.

Problems with Method of Configuring Integration in Exchange Server 2010 RTM

In Exchange Server 2010 RTM, one of the steps (2.c as noted above) to configure the Client Access server requires the editing of the web.config file in the /owa subdirectory and make changes to a specific section of the file:

<add key="IMPoolName" value="" />
<add key="IMCertificateIssuer" value="" />
<add key="IMCertificateSerialNumber" value=""/>

Those values contain the necessary information to allow the Exchange Server 2010 RM Client Access server to connect to the Office Communications Server 2007 R2 server:

<add key="IMPoolName" value="naocs.contoso.com" />
<add key="IMCertificateIssuer" value="CN=ContosoCA, DC=contoso, DC=com" />
<add key="IMCertificateSerialNumber" value="1F 5E DD 03 00 00 00 00 00 05"/>

There are multiple problems with this method:

  1. It was very tedious and not very administrator friendly.
  2. Whenever an upgrade (incl. build to build) occurs, the web.config file is wiped and the administrator must reconfigure all web.config files in the environment. This step is often forgotten so help desk calls come in stating the Instant Messenger functionality is no longer present.
  3. Generally speaking, we want the configuration of components to be as easy as possible and certainly to not involve the editing of configuration files. This can lead to other problems if the edits are not done correctly and no backups of the file are made.

The Improvement

To improve on these areas, Exchange Server 2010 SP1 no longer requires the editing of the web.config file as shown in Step 2.c. above. The step was:

2. c. Edit web.config file so Exchange Server 2010 Client Access server knows how to communicate with Office Communications Server 2007 R2 server.

Now the step is to configure those settings using the Set-OwaVirtualDirectory cmdlet:

2. c. Use Set-OwaVirtualDirectory on the Client Access server(s) to configure the Office Communications Server name (or pool name) and the Client Access server's certificate thumbprint.

Below we discuss the new method of configuring the information formerly stored in the web.config file.

Important: All other steps are the same as they are in Exchange Server 2010 RTM.

Settings to Configure Instant Messenger integration with Office Communications Server 2007 R2

To simplify the configuration of Instant Messenger integration with Office Communications Server, Exchange Server 2010 SP1 no longer requires the editing of the web.config file.

The information that is stored in the web.config file in Exchange Server 2010 RTM is now stored in Active Directory on the Outlook Web App virtual directory (owa) and can easily be changed by using the, Set-OwaVirtualDirectory cmdlet. The settings can be retrieved by using the Get-OwaVirtualDirectory cmdlet.

The settings are stored in the InstantMessaging* properties.

Default Settings

Before configuring any of the settings on the Outlook Web App virtual directory (owa), the four InstantMessaging settings look as follows in their default configuration:

Get-OwaVirtualDirectory | fl InstantMessage*

Two of the parameters are already familiar to you and have not changed. The InstantMessagingType and InstantMessagingEnabled parameters are the same as they are in Exchange Server 2010 RTM. The two new ones that replace those in the web.config file are InstantMessagingCertificateThumbprint and InstantMessagingServerName.

Configuring

Configuration is only possible by using the Exchange Management Shell. There is not a way to configure these settings by using the Exchange Management Console or the Exchange Control Panel.

To see what the old settings in Exchange Server 2010 RTM's web.config file map to in the Set-OwaVirtualDirectory cmdlet please view the following table:

Web.config setting

Set-OwaVirtualDirectory Parameter replacement

IMPool

InstantMessagingServerName

IMCertificateIssuer

None/Not required

IMCertificateSerialNumber

InstantMessagingCertificateThumbprint

Note: This parameter now requires the thumbprint of the certificate and not the serial number.

Note: This parameter now requires the thumbprint of the certificate and not the serial number.

Important: After changing any of the InstantMessage parameters, it is important to always remember to reset IIS by using the following cmdlet:

Iisreset /noforce

After upgrading to Exchange Server 2010 SP1, these parameters must be modified by the administrator. The settings are not transferred from the RTM web.config file. Below we take a look at each of the Instant Message related parameters in detail:

InstantMessagingServerName

Use the InstantMessagingServerName parameter to configure the name of the Office Communications Server 2007 R2 server, or server pool name that the Exchange Server 2010 SP1 server(s) will communicate with. To set this parameter, use the Set-OwaVirtualDirectory cmdlet and use the FQDN of the Office Communications Server (or pool name of servers) as the value for the InstantMessagingServerName parameter.

Example:

Set-OwaVirtualDirectory "owa (default web site)" -InstantMessagingServerName ocs.contoso.com

InstantMessagingCertificateThumbprint

When you are ready to configure the new values using the Set-OwaVirtualDirectory cmdlet you only have to retrieve the thumbprint value from the certificate on your Exchange Server 2010 SP1 Client Access server. To do this, you can run the following cmdlet on your Client Access server:

Get-ExchangeCertificate | fl thumbprint

If you have more than one certificate and need more information to determine which certificate currently being used for IIS, include the Services field which shows you which certificate is currently set to use IIS.

Get- ExchangeCertificate | fl services,thumbprint

Example result:

Then, copy the thumbprint value onto the clipboard and run the Set-OwaVirtualDirectory cmdlet to configure the thumbprint number on the owa virtual directory. See an example:

Set-OwaVirtualDirectory "owa (default web site)" -InstantMessagingCertificateThumbprint 8210E17393B6E81AD0B3A75DD9161ABE1A93B695

Please note that you do not have to enter any spaces between two digit sets of the number like you have to in Exchange Server 2010 RTM for the certificate serial number stored in the web.config file.

InstantMessagingEnabled

Just like in Exchange Server 2010 RTM you must enable Instant Messaging by setting this parameter on the /owa virtual directory to $True:

Set-OwaVirtualDirectory "owa (default web site)" -InstantMessagingEnabled $True

Reminder: This setting is only applied to users who do not have the InstantMessagingEnabled setting set to $False in an Outlook Web App policy on their mailbox.  The owa mailbox policy always overrides the /owa virtual directory setting.

InstantMessagingType

This setting is also the same as it is in Exchange Server 2010 RTM. This value must be set to ocs to allow Instant Messenger integration to function with Office Communications Server 2007 R2.

To set this parameter, run the following cmdlet on the Client Access server:

Set-OwaVirtualDirectory "owa (default web site)" -InstantMessagingType ocs

Applying settings to all /owa virtual directories on multiple servers

In some environments you may want apply all of the settings to all /owa virtual directories on your Exchange Server 2010 SP1 Client Access servers in your environment. To do that you simply pipe the Get-OwaVirtualDirectory cmdlet into the Set-OwaVirtualDirectory cmdlet and include the appropriate syntax as below:

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory
-InstantMessagingServerName <OCS Pool FQDN>
-InstantMessagingCertificateThumbprint <Thumbprint>
-InstantMessagingEnabled $true
-InstantMessagingType OCS

Running this type of cmdlet ensures all settings are applied to all Client Access servers. This is critical if you are load balancing your Client Access servers because users may log on to a different server each time they log in to an Outlook Web App session.

Resetting IIS

Always remember to reset IIS after making changes to any of the parameters mentioned in this lesson. To reset IIS run the following command in a regular command shell:

iisreset /noforce

- Perry Newman