Integrating Exchange Server 2013 and Skype for Business Server 2015 (Part 3)

By /

If you would like to read the other parts of this article series please go to:

In our current environment, we have the following certificates deployed on our Exchange Server (Figure 01), and we are going to use the internal PKI to request a new certificate that will be used only for this integration.

Image
Figure 01

These are the steps that can be used to create a new certificate from Exchange Admin Center (EAC).

  1. Click on create a request for a certificate from a certification authority and click next
  2. Define the friendly name for the certificate, we are going to use torex01.patricio.ca which is the FQDN of the server. The goal here is to use this certificate just for the integration. After typing in all the information, click on Next.
  3. Leave the option to create a wildcard unchecked, and click Next.
  4. Select the Exchange Server to host the request and click on Next (in our article series we will use TOREX01)
  5. In the next page just click Next, for this task we do not want to go to the trouble of selecting names for specific services since this certificate will not be used by any services on this server. Just click Next.
  6. In the next page we will define only the FQDN of the local Exchange server and then click Next (Figure 02)

Image
Figure 02

  1. In the following page provide the additional information required by the certificate (Organization Name, Department, City, State and Region) and click Next.
  2. In the location use the Exchange Share location (in our series is \\torex01\EXUtil\int-req.req) and click on Finish

The next step is to use the internal Certification Authority to complete the certificate request.

  1. Open the file \\torex01\exutil\<file>.req using notepad and copy the content
  2. Open the web page of Internal Certification Authority (in our series https:\\tordc01\certsrv)
  3. Click on Request a certificate
  4. Click on advanced certificate request
  5. Click on Submit a certificate request by using a base-64-encoded link (Figure 03)

Image
Figure 03

  1. Paste the content of the int-req.req file that we retrieved on the first step, and select Web Server, and then click on Submit. A new dialog box may show up, click on Yes. (Figure 04)

Image
Figure 04

  1. In the new page, if the process was successful, the administrator will have the option to download the certificate, click on Download Certificate and save it on the EXUtil shared folder (in our series \\torex01\EXUtil\cernew.cer)

Time to go back to the Exchange Admin Center (EAC), and select the entry that has the certificate that was just requested and click on Complete (Figure 05)

Image
Figure 05

In the new page, type in the location of the file (in our case \\torex01\EXUtil\certnew.cer) and click on OK, that will complete the process. The next step is to copy the thumbprint of the certificate, in order to do that double-click on the certificate that we have just completed the request for. In the properties page of the certificate, copy the Thumbprint information (Figure 06).

Image
Figure 06

The next step is to open the web.config file using notepad. The file is located in the folder C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa (Figure 07).
Note:
If you have installed Exchange in a different path, use the defined installation location to locate the file (although the ending of the path will be the same V15\ClientAccess\OWA).

Image
Figure 07

Look for the string <appSettings> and add these two lines highlighted on Figure 08 underneath <appSetings>. Replace the information below with the Thumbprint of your certificate and the FQDN of your Skype for Business Server.

<add key=”IMCertificateThumbprint” value=”ThumbPrint-Here” />

<add key=”IMServerName” value=”S4B-FQDN-Here” />

Image
Figure 08

The final steps in the Exchange Server side is to configure the integration at the OWA Virtual Directory and OWA Mailbox Policy level. The first step is to make sure that the current Exchange Server has the Unified Communications Managed API 4.0 installed, and that is an easy task running the following PowerShell cmdlet and the results should be a path similar to the one shown in Figure 09.

Get-Item “hklm:\system\CurrentControlSet\Services\MSExchange OWA\InstantMessaging”

Image
Figure 09

The next step is to configure the OWA Virtual Directory using the Set-OWAVirtualDirectory cmdlet. By default in Exchange Server 2013 the InstantMessagingEnabled is automatically set to True, and we just need to configure the InstantMessagingType attribute to OCS.

In Figure 10, we can see the default values on a brand new Exchange Server 2013. In Figure 11, we configure the integration and list the new configuration afterwards.

Get-OWAVirtualDirectory | Ft Name,InstantMessagingEnabled,InstantMessagingType –AutoSize

Get-OWAVirtualDirectory | Set-OWAVirtualDirectory –InstantMessagingType OCS

Get-OWAVirtualDirectory | Ft Name,InstantMessagingEnabled,InstantMessagingType –AutoSize

Image
Figure 10

Image
Figure 11

The last piece of configuration required is the OWA Mailbox Policy. For environments that have more than one OWA Mailbox Policy, the configuration has to be done on all OWA Mailbox Policies that require the integration (Figure 12 shows the process to enable on all policies).

Get-OWAMailboxPolicy | ft Name,InstantMessagingEnabled,InstantMessagingType -AutoSize

Image
Figure 12

Note:
In order to identify how many OWA Mailbox Policies there are, the administrator can run the following cmdlet on an Exchange Management Shell session write-host (Get-OWAMailboxPolicy).count and that will provide the total number of OWA Mailbox Policies in the organization.

If there are no OWA Mailbox Policies other than the default and a single Exchange Server, then you can safely skip the OWA Mailbox Policy configuration.

The Microsoft documentation says to perform a recycle of the pool to refresh the settings, and if you have time, you can always iisreset /noforce to refresh everything.

Cd \Windows\system32\inetsrv

Appcmd.exe recycle apppool /apppool.name:”MSExchangeOWAAppPool”

OWA Integration – Configuring Skype for Business Server side

Now that the configuration on the Exchange side is complete, the Skype for Business fun begins. The first step is to identify the Skype for Business Site (Figure 13), and we can do that using the cmdlet listed below. The administrator must make sure to get the string after Site: from the Identity attribute.

Get-CSSite

Image
Figure 13

A Trusted Application Pool must be created and the information required to run this cmdlet are: the Exchange Server FQDN, the Skype for Business Server FQDN, the site name (the information that we gathered in the previous step). Having all that information, the following cmdlet can be used (Figure 14):

New-CSTrustedApplicationPool –Identity <Exchange-FQDN> -Registrar <Skye-for-Business-FQDN> -Site <Site-Name> -RequiresReplication $False

Image
Figure 14

Note:
The Trusted Application Pool can be configured using the Skype for Business Server Topology Builder, by expanding Skype for Business Server 2015, and then click on Trusted Application servers.

The second step is the Trusted Application creation, the information required to be created using the New-CSTrustedApplication cmdlet is: a name for the application, Exchange Server FQDN and a port (any higher number, in our example is 5666), as shown in Figure 15.

New-CSTrustedApplication –ApplicationID EXOWA –TrustedApplicationPoolFQDN <Exchange-FQDN> -Port <Random-Port>

Image
Figure 15

The final step is to publish the changes in the Skype for Business Topology, and that can be done running the Enable-CSTopology in the Skype for Business Management Shell.

OWA Integration – Testing the results…

After configuring both sides of the fence, the administrator can start the testing phase. In order to make sure that test is successful these following items must be in place: a mailbox in Exchange Server 2013, and the same user must be enabled on Skype for Business Server.

When the test user logs on the Outlook Web App, the default behaviour is to log on to Skype for Business automatically and the presence will be shown automatically as shown in Figure 16. If the user clicks on their name, then she/he can change their presence status and sign out from the integration during the current Outlook Web App session.

Image
Figure 16

When using Outlook Web App, the user can at any time click on another user that has Skype for Business enabled and an icon to start a conversation will be displayed (Figure 17), also an option to send IM will be shown.

Image
Figure 17

When starting a conversation to any given user a new page will be displayed. In Figure 18 we can see a user sending messages back and forth. The Outlook Web App is just another regular endpoint for Skype for Business.

Image
Figure 18

The user that receives the Instant Messaging (IM) for the first time will receive an alert on Outlook Web App (Figure 19).

Image
Figure 19

Conclusion

In this article, we went through the process to configure the integration to support Skype for Business presence and limited IM capabilities in an Outlook Web App session.

If you would like to read the other parts of this article series please go to:

About The Author

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides of the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange, CISSP and several other certifications. Anderson contributes to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at Techgenix.com, MSExchange.org, ITPROCentral.com and Anderson Patricio.org (Portuguese).

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top