Integrating OCS Instant Messaging into Outlook Web App (Part 1)

If you would like to be notified of when Anderson Patricio releases the next part in this article series please sign up to our Real-Time Article Update newsletter.


I will start by mentioning that Exchange Server 2010 has in fact improved the integration between OCS and Outlook Web App. In this new version we can have the Instant Messaging component in an OWA session, which is great! The integration process has several steps and we will cover them in this two-part article series. The main steps to integrate both products can be summarized in the following list of tasks:

Settings to be done in Exchange Server:

  1. Install software components on the CAS Server
  2. Configure the web.config file for the integration
  3. Configure the OWA to allow Instant Messaging integration

Settings to be done in OCS

  1. Configure OCS Host Authorization pointing out to Exchange Server

Before you start playing with the technical steps, let’s go over some of the key points that can save you some time during the integration process, as follows:

  • A certificate installed on the CAS Server must be trusted and valid by OCS Front End/Pool. It is not essential to have the same certificate used by OWA, however, it must still be installed and specified in the web.config file.
  • If you use multiple certificates, make sure that the certificate information entered on the web.config is from the certificate that is trusted by the OCS server
  • Don’t even try using Self-signed certificates; If you don’t have a Public certificate use an Internal CA.
  • Keep your OCS and Exchange Server environments up to date with the latest Microsoft Updates.
  • Office Communications Server 2007 R2 is supported on Windows Server 2008 (This article was written before the launch of Windows Server 2008 R2) which means that if you want to test those features on Windows Server 2008 R2 you may need to install additional software and updates for some of the components. Make sure that Windows Server 2008 R2 is supported before starting the integration process.
  • You can achieve the integration using the minimum of two servers: a single Exchange Server and just one Front-End Server
  • Communicator Web Access is not required to enable the integration
  • Enabling IM integration does not mean that CWA (Communicator Web Access) can be removed from your network. CWA offers a bunch of features that are not found in the IM integration in OWA. You can control the Instant Messaging feature to the end users using OWA Mailbox Policies
  • Just to make sure: the user must be Mailbox enabled and also OCS enabled!

If you don’t have OCS installed on your environment and you would like to do some testing in your lab, you can follow the OCS installation procedures of this article series to bring you up to speed with the OCS deployment.

Installing Web Service Provider on Exchange Server 2010 CAS Server

A software component is required on Exchange Server side to integrate OWA and OCS properly. The package name that contains all components is the Web Service Provider Installation Package and it can be found here. Please download it and then these following steps can be reproduced:

  1. Logged as administrator on your Exchange Server that has the CAS role
    If you are not sure about the server, you can run Get-ExchangeServer | select Name,ServerRole cmdlet and it will list all Exchange Servers of your organization and their respective roles.
  2. Let’s double click on CWAOWASSPMain.msi
  3. In the initial wizard page, just click on Next
  4. In the License agreement page. Click on I accept the terms in the license agreement and click Next
  5. In the following page, we can define where all the files will be extracted, by default the path is C:\Web Service Provider Installer Package and click on Next, as shown in Figure 01.

Figure 01

  1. In the Confirm Installation page. Just click on Next to start the installation process
  2. In the Installation Complete page. Just click on Finish

The process described above will extract the Microsoft Office Communications Server 2007 R2 Web Service Provider files and we will have 4 (four) files in the path defined during the installation. We are going to use them to finish the software portion of our integration. A list of all files can be seen in the Figure 02.

Figure 02

There is a specific order to install the files listed in the figure above. The proper order is listed below and the explanation to install each one of them is described afterwards.

  1. Microsoft Visual C++ 2008 (vcredist_x64.exe)
  2. Microsoft Office Communications Server 2007 R2, Microsoft Unified Communications Managed API 2.0 Core Redist 64 bit (ucmaredist.msi)
  3. CWAOWASSP.msi

The first one to be installed is the vcredist_x64.exe which is the Microsoft Visual C++ 2008 Redistributable package. Let’s double click on it and leave all default settings to install this component.

The second component is the ucmaRedist.msi, let’s double click on it and the installation process will not require any input from us. You can check out if the software was installed properly looking at the Uninstall or change a program item in the Control Panel, an item named Microsoft Office Communications Server 2007 R2, Microsoft Unified Communications Managed API 2.0 Core Redist 64-bit will appear on the list of installed software, as shown in the Figure 03.

Figure 03

The last component to be installed is the CWAOWASSP.msi. In order to install this one we need to open a prompt as administrator (Figure 04), and go to the folder where the files are located and start the installation from there. If you are using the default installation path, these are the required steps:

Cd \

cd “Web Service Provider Installer Package”


Figure 04

That’s all for the software component of our integration.

Changing the web.config File

Now it’s time to configure the web.config file on the CAS Server and this process will enable a trust relationship between OCS and Exchange Server 2010. The configuration is simple and requires a change in just three parameters of the configuration file. We need to be able to answer three questions before opening the web.config file, as follows:

  1. What’s the name of the OCS Front-End or Pool?
  2. What’s the value of the serial number attribute in the certificate?
  3. What’s the value of the Issuer attribute in the certificate?

Well, those are tough questions to remember from the top of your head however we can retrieve such information using Exchange Management Shell.

The first question is not so bad, because is the name of your OCS Pool or Front-End Server. If you are not sure or you want to confirm, then you can run the script Get-UCPool.ps1 from the Scripts folder of you exchange Server installation folder. The script will list all pools in your environment. You can also open the OCS 2007 R2 Administration tool and list the Pool/Front End names from there.

The answers for the second and third questions can be found in the same place. We need to find out the current certificate that is being used by OWA and list the Issuer and Serial Number. We can accomplish this task using the following cmdlet:

Get-ExchangeCertificate –Thumbprint <Thumbprint> | Select Issuer,SerialNumber

In Figure 05 you can see how to find out which is the correct certificate and also confirm the cmdlet above is executed.

In the current scenario we had only two certificates and one of them is Self-signed. If your company has multiple certificates make sure that the certificates that you are going to retrieve the information are valid and trusted by OCS.

Figure 05

Now that we have the answers let’s create a backup of our current web.config file and let’s edit it and let’s change three values: IMPoolName, IMCertificateIssue, and IMCertificateSerialNumber. The following table can be used to identify the attributes to be changed, new values and the third column explains how to retrieve the values.

Parameter Name

Value (examples)




Result of the Get-UCPool.ps1 script. The Pool name of your OCS Server.


CN=apatricio-TOR-DC-01-CA, DC=apatricio, DC=local

Value of the column Issuer listed in the figure above.


15 41 ae 62 00 00 00 00 00 0e

Value of the Serial Number. Note: a space is required every two characters, as shown in this example.

By default the web.config location is X:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OWA, and the file after changes will look like the Figure 06.

Figure 06

Enabling integration on Outlook Web Access Virtual Directory

The next step is to enable Instant Messaging on the Outlook Web App (formerly; OWA), we can retrieve our current settings using Get-OWAVirtualDirectory | Select Identity,Server,InstantMessagingType and the possible values are either None, OCS or MSN.

In order to configure the OWA Virtual Directory to use OCS, we can approach it in two different ways: by server or all the current Client Access Servers. To do a single server that syntax can be used:

Set-OWAVirtualDirectory –Identity ‘<Server-Name>\owa (Default Web Site)’-InstantMessagingType OCS

If you want to enable all OWA Virtual directories of your organization to use OCS, then you can use this cmdlet:

Get-OWAVirtualDirectory | Set-OWAVirtualDirectory –InstantMessagingType OCS

The process to list and change a single server is depicted in Figure 07.

Make sure that all previous steps have been completed on all servers that you enable the integration otherwise it won’t work.

Figure 07

The final step is to restart the IIS services, you can accomplish that task running the following command to recycle the services and apply the new changes that we have just done:

IISreset /noforce


In this first article we covered the steps required to be done on Exchange Server side. In the next article we will cover OCS side. We will also with a Script to help to automate the process and avoid some common errors during the integration.

If you would like to be notified of when Anderson Patricio releases the next part in this article series please sign up to our Real-Time Article Update newsletter.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top