This entry is to show you how to integrate OCS 2007 R2 into your Exchange 2010 OWA experience. This is based on the following Technet article:
First, download and extract OCS 2007 R2 Web Trust Tool from http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ca107ab1-63c8-4c6a-816d-17961393d2b8 Running and installing this will only extract these additional files. Each of these will need to be installed on each CAS server in your environment that you are enabling OCS Messaging on. Remember, there is no right click run as Administrator for MSI's - so run from an elevated command prompt if needed!
- Install the vc_redistx64
- Install UCMAredist.msi
- Install CWAOWASSP.msi
On your Exchange 2010 CAS server(s), edit c:\program files\Microsoft\Exchange\V14\ClientAccess\Owa\web.config - look for the IMPoolName field. Update the webconfig file as follows:
|Field||Insert Value From||Example|
|IMPoolName||FQDN of OCS R2 Pool||ocsr2pool.domain.local|
|IMCertificateIssuer||DN of Issuer||CN=DigiCert Global CA, OU=http://www.digicert.com/, O=DigiCert Inc,C=US|
01 F9 4E 46 AA 3C 4C 9E BD 8F 2C
(include spaces between octets!)
Look for this:
And based on this (where thumbprint is the certificate your CAS server uses for IIS)
Get-ExchangeCertificate -Thumbprint BJBHDS78FG6D8GFYH49SDF34TH9 | ft Issuer, SerialNumber, subject
Change to this:
The "subject" gives us the common name that we use in a bit to configure OCS.
Additionally, if your Issuer has funky characters, you need to replace them as they will break your web.config file, causing generic IIS errors. Just removing those characters will make for application event log errors that the certificate was not found in your certificate store.
Since the web.config is an XML file, and you need to use XML character special escapes
|"||(double) quotation mark|
|'||apostrophe (= apostrophe-quote|
So if your SSL provider's issuer field causes you a problem here, this should help you work around it.
In Powershell, configure OCS:
Get-OWAVirtualDirectory -server SERVER | set-owaVirtualDirectory -InstantMessagingType 1
(The above line *did* say -InstantMessagingType OCS, but RTM documentation says 1 for OCS - thanks to Brian Day for this!)
Restart IIS (IISreset is fine)
On your OCS R2 Pool server, under the server properties of your pool, on the Hosts Authorization tab, you need to add the Client Access server. This can be FQDN or IP. If you use FQDN, OCS will additionally authenticate the FQDN against the certificate names - the FQDN here has to match the "subject" we found above (NOTE: Not the whole string, just the FQDN common name given in the subject) Additionally, you can choose to use FQDN and then use a hosts file to ensure that OCS is communicating with the correct server/IP.
Now I am able to log into OWA 2010 and get the light CWA client as well:
Upper right allows me to see and update my presence, as well as see how many IM conversations I have active and switch between them as well.