Exchange 2010 Outlook Web Access now offers integration with OCS R2 in much the same way as Office 2010 (for those of you that have used it), in that you can now see your OCS buddy list. Whilst this can be really useful in Outlook Web Access some of the steps to get this working can be a little tricky and need to be done in a particular order.
Quick note, each of the following steps will need to be completed on all Exchange 2010 CAS Servers in your organisation.
Firstly, download the Microsoft Office Communications Server 2007 R2 Web Service Provider:
Secondly, if you are running your CAS Servers on Windows 2008 R2 you will need the ‘UcmaRedist.msp’ patch:
Run the CWAOWASSPMain.msi and install it (default location is C:Web Services Provider Installer).
Copy UcmaRedist.msp to the C:Web Services Provider Installer folder.
You will now need to install the files in that folder in the following order:
(run an elevated Command prompt (run as Admin))
Browse to C:Web Services Provider Installer folder and install the following:
You can now confirm that the installation has completed correctly by browsing to and checking for the following registry key:
HKLMSystemCurrentControlSetServicesMS Exchange OWAInstantMessaging.
If the InstantMessaging key does not exist under MS Exchange OWA then ensure you ran the CWAOWASSP.msi from an elevated command prompt.
Hopefully by this point you will have installed a FQDN Certificate off your internal CA for your CAS Server(s), if not, you will need to. OCS works entirely on Certs and checks the FQDN of the Server(s) you add against the cert that it is operating with – basically, the self-signed certificated that Exchange installs with will not with OCS.
Once you have a cert from your internal CA that matches the FQDN of your Server you will need to launch Exchange Powershell and run the following command:
Get-ExchangeCertificate | fl
Details you will require:
|Issuer||CN=Server Root CA, O=Company Limited etc.|
|Services||IIS (only needs IIS but can have others)|
(Keep this screen open as you will need the information from the certificate registered for IIS in the next step.)
Now browse to C:Program FilesMicrosoftExchange ServerV14ClientAccessOWA and edit the ‘web.config’ file with notepad.
You will need to complete the following sections:
IMCertificateSerialNumber (this needs to in two octet sets as per below)
Now you need to enable the CAS Server to use OCS for IM, to do this run the following from the Exchange Powershell:
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –InstantMessagingType OCS
Once the command has completed you will need to perform an ‘IISReset’
Now, connect to your OCS R2 Server and bring up the Front-End properties of the pool and select the Host Authorisation tab. Click Add.
Add the host name as the FQDN of the CAS Server(s) that are being configured for IM (this will be need to be the same as the FQDN certificate registered on the CAS servers for IIS). Tick the boxes for ‘Throttle as Server’ and ‘Treat as Authenticated’.
Once you have restart the OCS R2 Front-End Service it should all be working.