This article provides information on How to set up Exchange 2013 Unified Messaging Integration with Lync 2013. This includes OAUTH, JSON, and Enterprise Applications Setup.
The following is a quick deploy for Exchange 2013 out of the box. Below is the Exchange setup for 2013 Unified Messaging (UM) and the Lync 2013 Integration. This is not the entire deployment, but can be helpful to understand the the com ponents needed to work with Lync and Exchange UM. I use the term Exchange Management Console (EMC) to refer to the Exchange Administration Center in this article, reminiscent of older Exchange versions.
So this begins with Exchange Mailbox (MBX) installed on one server and the Client Access Server (CAS) on another. All commands are run from the CAS server. Lets get started
First, Set up Exchange for your email domain:
1. Get-EmailAddressPolicy | Set-EmailAddressPolicy –EnabledEmailAddressTemplates “SMTP:%firstname.lastname@example.org”
2. Set-EmailAddressPolicy –identity “Default Policy” –EnabledEmailAddressTemplates “SMTP: %email@example.com”
3. Set-ReceiveConnector –Identity “yourcas\Default Frontend yourcas” –MaxMessageSize 30MB
4. New-SendConnector –Name “Outbound” –AddressSpaces ‘*’ –SourceTransportServers yourMBX –MaxMessageSize 30MB –DNSRoutingEnabled:$true
Second, set up your certificates. This does not cover the complete steps. If you have a third party certificate, see the product documentation for more information:
5. Get-ExchangeCertificate | fl
6. New-ExchangeCertificate –Server yourcas –FriendlyName 2013test –PrivateKeyExportable $true –SubjectName “c=US, s=OK, l=EXCH, o=yourorg, ou=exch, cn=mail.yourdomain.com” –DomainName mail.urdomain.com,autodiscover.yourdomain.com
7 Export the PFX and import to other exchange servers (use get-exchangecertificate for next step)
8. Enable-ExchangeCertificate –Thumbprint BAE4BF881AE78A80266DEAB31EBA870B6F793EC5 –Services “IIS, SMTP, POP, IMAP” –Server CAS1
9. to create a CSR – New-ExchangeCertificate –Server 2013cas –FriendlyName 2013test –PrivateKeyExportable $true –SubjectName c=US,s=OK, l=EXCH, o=yourorg, ou=exch, cn=mail.yourdomain.com” –DomainName mail.urdomain.com,autodiscover.yourdomain.com –RequestFile “\\DC\c$\req.req”
Third, Setup your External Access
10 At this time, rather then use the shell- you can set access virtual directories with the EMC. Go to servers section (on the left column) of the CAS server, and choose virtual directories across the top. Select the wrench icon. then add the certificate name for your mail organization. For example mail.domain.com. This will add the correct access names to the virtual directories.
11. Internal virtual directories can be set like this:
Get-EcpVirtualDirectory -Server cas1 -ADPropertiesOnly | Set-EcpVirtualdirectory -InternalUrl https://mail.yourdomain.com/ecp Get-OwaVirtualDirectory -Server cas1 -ADPropertiesOnly | Set-OwaVirtualdirectory -InternalUrl https://mail.yourdomain.com/owa
- Get-WebServicesVirtualDirectory -Server cas1 -ADPropertiesOnly | Set-WebServicesVirtualDirectory -InternalUrl https://mail.yourdomain.com/EWS/Exchange.asmx
- GetOabVirtualDirectory -Server cas1 -ADPropertiesOnly | Set-OabVirtualDirectory -InternalUrl https://mail.yourdomain.com/OAB
- Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://mail.yourdomain.com/Autodiscover/Autodiscover.xml
- Get-ActiveSyncVirtualDirectory -Server cas1 -ADPropertiesOnly | Set-ActiveSyncVirtualDirectory -InternalUrl https://mail.yourdomain.com/Microsoft-Server-ActiveSync
- Get-OutlookAnywhere -Server cas1 ADPropertiesOnly | Set-OutlookAnywhere -InternalHostName “mail.yourdomain.com” -InternalClientsRequireSsl:$true
12. The above are not required under most circumstances for exchange to work. the only one you really need for external access is: Get-ClientAccessServer | Set-ClientAccessServer –AutoDiscoverServiceInternalUri https://mail..yourdomain.com/Autodiscover/Autodiscover.xml
Unified Messaging Settings
13. Once (1-12) is complete, you should be able to see that your auto discover URL has a JSON token which is viewable through https://mail.yourdomain.com/autodiscover/metadata/json/1. If you don’t see it, try IISRESET or go back though the steps above.
14 Once Json is verified, Check your Lync JSON with https://lyncFEPOOL.yourdomain.com/metadata/json/1. If you have both come up, then you are ready to integrate Lync and Exchange.
15. Before you go on, Verify your IIS permissions from TechNet KB232171
Verify your Certificate is set up for Exchange Unified Messaging (16)
- IN EMC go to Unified messaging and IP Gateway -choose the + and add the Lync server IP and FQDN of the Lync Enterprise pool
- Click UM dial Plans tab and enter a new dial plan- (see MS documentation) (create a secured dialplan)
- Run Set-UMIPGateway -port 5061
- Run get-Umipgateway | fl to verify that setting are not yet populated entirely. (alos see get-umdialplan) move to step 5
- Run the Exchange script from cd ‘C:\Program Files\Microsoft\Exchange Server\V15\Scripts’ .\ExchUCUtil.ps1 Run it two or three time to make sure the changes take effect. go to step 4 to make sure all looks correct
- Go to Lync 2013 – c:\program files\common files\Microsoft Lync 2013\support and run OCSUMUTIL.exe. Select load data and add the AA and SA phone numbers. Make sure to chose a unique name for each Go back to EMC and choose servers on the left and servers on the top. Click the pencil for each server and choose unified messaging. add the dial plan to each server.
- Get-UMService | fl
- (step 10) Go to servers and certificates in the EMC and create or import a certificate for the MBX and CAS. the MBX cert is for the MBX FQDN. the CAS cert will be the CAS FQDN. They should not be self signed but requested from the enterprise CA
- Set-UMService -Identity 2013mb -UMStartupMode dual
- Set-UMCallRouterSettings -Server 2013cas -UMStartupMode dual
- Go to servers/certificates in the EMC and choose the exchange certificates created in step 10. Enable the CAS cert for UM and the MBX certificate for UM. Find this in the services property of the certificate. Check the “UM” box. You will see that the UM-service on the mailbox server will need to be restarted. In addition, the UM call router service will need to be restarted on the CAS
Finally, complete the Lync Exchange OAUTH configuration. This step enables each to access the OAUTH of the other.
17. (on Exchange Server) Configure-EnterprisePartnerApplication.ps1 –AuthMetadataUrl “https://lyncpool.1reeves.com/metadata/json/1” -ApplicationType Lync . Verify you can reach the URL above; then enable Lync to reach exchange
17.5 – SO i just went though this setup today, doing a lab. I found that if you are using self signed certificates (your not supposed to),then you have to install the exchange UM private key cert on Lync and Lync Oauth Cert on Exchange. – Just thought i would add this if you were having trouble becased you used self signed certificates. Likely not much guidance online if you did use those. CA assigned is what you want to use.
18. (on Lync Server) New-CsPartnerApplication -ApplicationTrustLevel Full -MetadataUrl https://mail.1reeves.com/autodiscover/metadata/json/1″ -applicationtype “exchange”
If you get an error, it is likely because the metadata url does not match the certificate. In my case the URL in the commands I ran were mail.domain.com. The IIS certificate was exchange.domain.local. Once I bound the certificate to the IIS site to match mail.domain.com, the OAUTH url’s worked from both machines.
Once that command completes, you are ready to add Exchange users and enable them for UM. then go to Lync and add your Enterprise voice users and you’ll be ready to go
Below are a few other syntax examples:
Set-CsPartnerApplication -Identity Exchange -ApplicationTrustLevel Full -MetadataUrl https://mail..domain.com/autodiscover/metadata/json/1 Configure-EnterprisePartnerApplication.ps1 –AuthMetadataUrl “https://lyncFEpool.domain.com/metadata/json/1” -ApplicationType Lync New-CsPartnerApplication -identity Exchange -ApplicationTrustLevel Full -MetadataUrl https://mail.domain.com/autodiscover/metadata/json/1