Ilse Van Criekinge's Weblog

Addicted to Microsoft Unified Communications

Configuring Lync RC and Exchange 2010 Sp1 to Enable OWA as a Lync Endpoint

Configuring Lync RC and Exchange 2010 Sp1 to Enable OWA as a Lync Endpoint

  • Comments 32
  • Likes


While configuring my demo environment with Exchange 2010 Sp1, and Lync RC, I was triggered to find out how one can configure Exchange 2010 Sp1 to configure OWA to enable a mailbox-enabled user to chat using OWA, as is configured in our Microsoft working environment :-)

Demo Environment

I have an Exchange 2010 Sp1 CAS-HUB-MBX, called cs14ex.lync.local, and one Lync RC Enterprise Ed pool, called Pool.lync.local. My two test users, user1 and user2 have been enabled for Lync, and are able to sign-in to Lync. Logging into OWA shows no Lync integration at all…


A closer look using the Exchange Management Shell, reveals there is no InstantMessaging integration configured!


Step 1. Deploy Web Service Provider

You will need to download and install the OCS R2 Web Service Provider on your Exchange Client Access server. Since I’m running my Exchange 2010 Sp1 on a Windows 2008 R2, I need to install not only the Web Service Provider, and its hotfix, but also a specific hotfix when running it on a Windows 2008 R2.

In the picture below you can see the files I installed, and in which order!



Step 2. Configure your Exchange 2010 Sp1 Client Access server

Using the Shell, you can configure your Client Access server OWA-virtual directory for InstantMessaging integration with OCS.

Important here are the parameters:

  • InstantMessagingCertificateThumbprint = the thumbprint of the certificate which is enabled for the service IIS on your CAS!
  • InstantMessagingServerName = the Lync pool name
  • InstantMessagingType = OCS
  • InstantMessagingEnabled = $True :-)



Step 3. Configure your Lync RC

Step 3.1 Use Topology Builder to add a new Trusted Application Pool




You should disable the replication of configuration data to this pool, to prevent CMS from trying to replicate to your Exchange server!


After creating this new trusted application pool, don’t forget to publish the topology!


After publishing the topology, a look in the Lync Shell, reveals that the cstrustedapplicationpool has been created :-)


And since I used a single computer, there will be also a csTrustedApplicationComputer


Step 3.2 Use the CS Shell to add a New-CsTrustedApplication

Using the Lync Shell, you need to add ExchangeOutlookWebAccess as a CsTrustedApplication! Make sure you define:

  • TrustedApplicationPoolFqdn = FQDN of your OWA server
  • Port = any un-used port



Step 4. Check :-)

Logging into OWA as User2, things look different than they did before my actions!


And User2 can start a chat with User 1…


Who can decide to respond….



Lync RC and Exchange 2010 Sp1 rock :-)

And special thanks to Jens & Edwin for helping me find missing pieces :-)

Update: Jens has posted a follow-up on what you need to keep in mind when you have a CAS in your Exchange 2010 Sp1 environment, which is also running the UM server role, and where you have configured the link between Lync RC and Exchange already! Check it out here:


  • Hi Ilse,

    i have downloaded the required files (according Step1) but I have only 6 files. There must be one ucmaredist Hotfix missing. Could you help ? Running E2010 SP1 on W2008R2 and Lync 2010

    Regards Max

  • Max, the update you need when running on Windows 2008 R2, can be found here:


  • Fix for problems installing UcmaRedist.msi on Windows Server 2008 or R2:

  • Hi,  I seem to have gotten the Communicator boxes to pop up in OWA and everything, but I can't chat and on the left hand side under contact list it spins for a while and then says

    "Instant Messaging isn't available right now.  The Contact List will appear when the service becomes available."

    Any ideas on what I might have done wrong?  I'm running Exchange 2010 SP1, Lync, and 2008R2 so it should be exactly the same for me.


  • @Dustin: i had the same problem - my solution: the issued name of the exchange certificate should be the internal fqdn not the external name - maybe a bug

  • Dustin,

    Start the logging tool on Lync, check all the SiP stack, and use the Snooper tool from the resource kit OCS R2, and see what it tells you.

    It might be possible that there is something wrong with the Exchange server name, the certificate, or anything else...

    If it states that the server is unknown, it might be possible you need to check trustedapplications and so on, also check if your replication is working…


  • I'm definitely thinking it's a cert issue.  Would the fact that I have a internal cert for my Lync Server and a Digicert Wildcard for my Exchange server cause this?  I'm pretty tired, but any insight is greatly appreciated and I thank you guys for the quick responses.

    @Max - I hate to sound like such a novice, but I'm not quite sure what you mean.  


  • One other thing I find interesting is that OWA correctly shows the presence of Lync users when I initially log into it, but disappears shortly after the error shows.  This further leads me to believe that it is seeing stuff correctly just not authenticating completely.

  • Dustin,

    my guess is that it is a certificate error. Enable logging for the SIP stack, use the resource kit tools of OCS R2, to analyze the log files (this will fire up the snooper tool), log into OWA, and see what the Snooper tool tells you when analyzing the generated log files...

    Be aware that wildcard certificates were not supported in previous releases, check, you might want to try using a non-wildcard cert...


  • Ilse, I have ran the logging tool for several short stints and analyzed the data.  I can't seem to find anything relating to OWA, or even so much as the Exchange server.  No traffic over port 4789, or anything :( The Cert still seems like a likely culprit to me, but I find it strange that nothing appears in the log files.

    Thanks a bunch!

  • any news on this? I have the same issue

  • Maybe this can help:


  • Thanks for this blog Ilse, it helped quite a lot! We just managed to integrate OWA and Lync, and only had two issues:

    - We also have an external and internal FQDN. However, when I set the internal one as a Trusted Application Pool name, no errors were received but OCS integration wouldn't work. When I sent (the external FQDN), I got an error from Lync saying that this couldn't be found in AD, but on OWA integration worked like a charm despite the error.

    - We use an wildcard certificate. Halfway down the tutorial we decided to enable IIS on this certificate, but set the lync pool on the internal cert thumbprint. Voila, I am now using OWA with wildcard certificate and Lync integration as well. Could it be that the internal cert is still being used between exchange and lync, but OWA is using the wildcard cert on top of that?

    Hope this might help anyone who came in contact with these problems


  • Anyone got wildcard certificates to work?

  • I sorted the wildcard problem.

    If you installed and configured everything with a wildcard certificate.

    You have to go back and reconfigure a few steps.

    1. Request a new sertificate to your exchange server.(from local domain CA is ok)

    2. Assign certificate yo iis and owa using exchange 2010 manager.

    3. redoo step 2 in this guid, assigning certificate to a pool.

    4. restart iis or excahnge or server.

    5  Logon to outlook webapp to see if everthing is working  with the lync integration.

    6. Go back to exchange 2010 mananger and assing the wildcard certificate to your iis/owa site.

    Then everything is working perfectly with your wildcard certificate assign to exchange 2010 and lync server.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment