Deploying Office Online Server (OOS) (Part 2)

If you would like to read the other parts in this article series please go to:

Introduction

In the previous article we defined a DNS name for the Office Online Server (OOS), and we defined it as oos.montreallab.info.  In this article series, we are going to use a simple scenario (Figure 01) where the Active Directory FQDN is an invalid FQDN and the Public Domain is montreallab.info. The Exchange Server is using the names webmail.montreallab.info and autodiscover.montreallab.info, and on the same certificate we will be adding the additional name oos.montreallab.info.

Figure 01

Public Certificate to support Exchange and Office Online Server (OOS)

In this section we will cover the basic steps using Exchange Admin Center (EAC) to create a new certificate request for Exchange Server 2016 including the Office Online Server name.

  1. Open Exchange Admin Center (EAC)
  2. Click on servers and then certificates
  3. Click on + to start a new certificate request
  4. On the initial page, select Create a request for a certificate from a certificate authority and click Next
  5. Define a friendly name for the certificate, we will use MontrealLAB – Public Certificate, click next
  6. In the next page (wildcard certificate), just click next. We will use a SAN (Subject Alternative Name) certificate and define up to four (4) names instead of a wildcard certificate.
  7. In the next page define the Exchange Server that will host the certificate request, and click Next.
  8. In the page listing Access and URLs, just click Next
  9. Define the names that will be used by the new certificate and we are going to use a name for webmail/Outlook Anywhere (webmail), autodiscover services (autodiscover), Active Directory Federation Services (adfs), and the role that we are covering on this article which is Office Online Server (oos), as shown in Figure 02. After that click next.
  10. Fill out the information about the company, and click next.
  11. In the last page of the wizard, type in the UNC location to save the new exchange certificate request file.
    If the shared folder hasn’t been created yet, the following MSExchange.org Article describes the entire process and the additional steps to complete the certificate: http://www.msexchange.org/articles-tutorials/exchange-server-2013/management-administration/managing-certificates-exchange-server-2013-part3.html

Figure 02

After creating the new certificate, we need to export the Public Certificate from Exchange Server to the new Office Online Server (OOS), these following steps can be used when logged on Exchange Server:

  1. Open Exchange Admin Center (EAC)
  2. Click on servers and then certificates
  3. Select the server that has the Public Certificate from Select Server field, and then select the certificate from the list. Click on and then Export Exchange Certificate item
  4. In the page provide the UNC path to the certificate (Figure 03) that we are exporting and a password that will be used during the import process on the Office Online Server.

Figure 03

The final step is to move the exported certificate (in this Article, the name used was cert-export.pfx) to a folder on the Office Online Server (OOS). Logged on Office Online Server (OOS), right-click on windows button and click on Run, type mmc.

  1. Click on File, and then Add/Remove snap-ins, select Certificates and click on Add. In the new window, select Computer account and click Next, and Finish. Back to the Add or Remove Snap-ins window, just click on OK.
  2. Expand Certificates, right-click on Personal, click on All Tasks and then Import…
  3. In the Welcome to the Certificate Import Wizard page, click Next.
  4. In the File to Import page, click on Browse… select the certificate that we copied over to the server (Figure 04).
    Note: Make sure to select All Files (*.*) to find the file exported on the Exchange Server.

Figure 04

 

  • In the Private Key protection Type in the password defined during the export process in Exchange, leave default settings under Import options and click Next.
  • In the Certificate Store Leave default settings which is Place all certificates in the following store and Personal is listed underneath, click on Next.
  • In the final page of the wizard just click on Finish, a new dialog box saying The import was successful will be displayed, just click OK.

 

Just to make sure that the proper certificate was installed (Figure 05), double click on the new certificate (2) listed under Certificates \ Personal (1), click on Details tab (3), and then click on Subject Alternative Names (4) and the OOS name that we defined for this article series oos.montreallab.info should be listed there.

Figure 05

OOS Server – Initial configuration

The Office Online Server was deployed on the previous article, and now it is time to configure it and start performing the initial tests. The cmdlet to configure the Office Online Server accepts several properties to be configured, however we will start simple with just a few parameters and we will be configuring the server as part of this series.

For starters, there is no Graphical User Interface (GUI) to configure the Office Online Server (OOS) at this point, and all management is done through PowerShell.

The first step is to identify the Certificate Friendly name and that information can be retrieved using either the properties of the certificate and looking for the Friendly Name field, as shown on the right side of Figure 06, or using the following PowerShell cmdlet also shown on the same figure 06.

Get-ChildItem cert:\localmachine\My\ | FL FriendlyName,Subject,NotBefore,NotAfter

Figure 06

The initial configuration to get Office Online Server running requires the definition of the internal, external URLS, and the certificate that is going to be used by the server. The simplest way to configure Office Online Server is using the following cmdlet (Figure 07).

Note: The Friendly Name will require “” when defining it on PowerShell.

New-OfficeWebAppsFarm –InternalURL https://URLInterna –ExternalURLhttps://URLExterna –CertificateName <Nome>

Figure 07

By default, if we try to test the Office Online Server by typing in the URL we will get a 404 error, as shown in Figure 08.

Figure 08

The 404 error above is not a misconfiguration during the installation, just standard settings, in order to display an initial page for Office Online Server the OpenFromURLEnabled must be changed to $True, and we can do that using the following cmdlet. In the Figure 09, we list the current settings before changing it.

Set-OfficeWebAppFarm –OpenFromURLEnabled:$True

Figure 09

After that change, an user can try to access the Office Online Server and the initial page will be displayed (Figure 10), and from that point on a link can be created for an Internet location or UNC.

Figure 10

A simple test is to provide a UNC path of a document on a file share, for this exercise we downloaded the first .docx document that we could find at Microsoft website (the document name was Microsoft Access 2010 Product Guide.docx) and we placed the file on a shared folder (\\mtloos01\share). In order to test, just enter the UNC path (including the document) on the first field of the Office Online Server main page, and then click on Create link (Figure 11), and as result an URL will be created and that can be send to another user that does not have office installed to test it.

Figure 11

The administrator can click on Test this link on the same page, and the Word Online will show the contents of the file, as shown in Figure 12.

Figure 12

Conclusion

In this second article we worked on the Certificate configuration on both Exchange and Office Online Server sides, and configured the Office Online Server initial page and some testing using UNC.

If you would like to read the other parts in this article series please go to:

About The Author

3 thoughts on “Deploying Office Online Server (OOS) (Part 2)”

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top