Post on 21-May-2015
description
transcript
Integrating Lync Server 2013 with Exchange 2013MUCUGN
Ståle HansenTechnical Evangelist @AteaV-TSP @ MicrosoftLync MVP
Blog: http://msunified.netTwitter: @StaleHansen
Agena
• What?
• Why?
• How?
• Endresult Demo
• QA
• Contacts with Unified Contact Store (UCS)• High Resolution Photos• Scheduling Online meetings through OWA• Archiving using Microsoft Exchange
integration• SharePoint eDiscovery Console
• Existing integration features• OWA IM Integration• Exchange UM
What is shared?
Use Exchange for what it is doing very well• Single platform for Contact storage and manipulation. • Common experience for administrators around compliance and
eDiscovery• The need for high resolution photos • require a more advanced storage platform than what AD can provide
Why change?
How the integrations are accessed
New Lync and SharePoint Clients
Lync 2013 and Lync MX
HR PhotoUCS
Client credentialsS2SOAuth
UCS Archiving
Lync 2013 Server
HR Photo
UCWA
LWA and Lync Mobile V2
Exchange Web Services
Exchange 2013 Mailbox
S2SOAuth
SharePoint 2013 Server
HR Photo
eDiscovery Console
MySite
Legacy Lync Clients
S2SOAuth
UCS Archiving
Lync 2013 Server
Lync 2010, Lync for Mac 2011, Lync Mobile V1
Exchange Web Services
Exchange 2013 Mailbox
READ ONLY
Scheduling of Online meetings from OWA
S2SOAuth
Lync 2013 Server
UCWA
Outlook Web App
Lync Autodiscover
Service
Exchange 2013 CU1 Mailbox
How the existing Exchange integration works
UCMA 4.0
Exchange UM
OWA IM
Lync 201x Server
Lync 2010 Server & Client
Lync 2013 Server & Client
Lync 2010 Server and Lync 2013 Client
Lync 2013 Server and Lync 2010 Client
Exchange 2010 mbx
Legacy Legacy Legacy Legacy
Exchange 2013 mbx
Legacy New Legacy Legacy1,2
Exchange 2013 CU1 mbx
Online meeting scheduling in OWA
Online meeting
scheduling in OWA
Feature Matrix
Legacy• OWA IM• UM• Missed Call• Visual Voice Mail• Outlook
Contacts• SharePoint Skill
Search
New• UCS• HR Photo• Archiving into Exchange• OWA IM• UM• Missed Call• Visual Voice Mail• Outlook Contacts• SharePoint Skill Search
1) UCS Contacts are read-only2) Archiving into Exchange
works
Prerequisites for new server integration features
• For integration two basic things needs to be in place• Trust• Permissions
• Server to Server OAuth (S2SOAuth) is the trust method used across the Office family of servers Exchange, Lync and SharePoint.• http://oauth.net/2/
• Works both on-premises, in the cloud and hybrid• Use Azure Access Control Server (ACS) for cloud components and it acts as a
OAuth Server
Trust and Permissions
• Trust is established using certificates (no news here )
• Trust needs to be established between all Lync 2013 FE and Exchange 2013 servers in the deployment• Certificate distribution challenge
• Solution• Exchange use one self-signed certificate and distributes it during setup of a server• Microsoft Exchange Server Auth Certificate
• Lync can use enterprise or self-signed certificates and use CMS to distribute it to all servers• OAuthTokenIssuer certificate type
• Certificate distribution between Lync and Exchange via auth metadata document• Metadata/json/1
Trust
• Permissions are given to configuration entities called Partner Applications representing the other system
• You create one Part Application per system, i.e. 1 for Lync no matter the number of pools
• Application Identifier defined to represent system type
• POST /ews/exchange.asmx - 443 P~00000004-0000-0ff1-ce00-000000000000 LYNC/5.0.8308.0/Storage 200 0 0 500
Permissions
System Application Identifier
Exchange
00000002-0000-0ff1-ce00-000000000000
SharePoint
00000003-0000-0ff1-ce00-000000000000
Lync 00000004-0000-0ff1-ce00-000000000000
• Partner Applications linked to disabled user accounts in Exchange and assigned appropriate ManagementRole
• Exchange provides a script to configure the partner application, create the disabled user and assign the management roles• Reference the auth metadata document Url on other system
• Lync & SharePoint have cmdlets to create the partner application• Reference the auth metadata document Url on other system
Permissions
• Lync Server Storage Service (LYSS) is a storage framework intended to be used by different LYSS consumers for accessing storage platforms in the overall LYNC system• Archiving using Microsoft Exchange integration• UCS
• Currently the design is allowing for using Exchange Web Services (EWS) and SQL Server as the two storage platforms
• LYSS use S2SOAuth to talk to Exchange 2013• No configuration needed outside of S2SOAuth
Lync Server Storage Service (LYSS)
• Scheduling Online meetings in OWA use the Lync Autodiscover service to locate the UCWA url for the user
Lync Autodiscover Service
Prerequisites for existing server integration featuresUM and IM in OWA
• UCMA 4.0 Runtime is required to be installed on Exchange 2013 to support• OWA IM• Exchange UM
• Installing it makes the DLL Microsoft.Rtc.Internal.Ucweb.dll available in C:\Program Files\Microsoft UCMA 4.0\Runtime\SSP
UCMA 4.0 Runtime on Exchange 2013
Unified Contact Store
• The ability to use Exchange 2013 as the storage platform for Lync Contacts• Require Exchange 2013 mailbox• Require Lync 2013 client
• Why use UCS?• Allow contact managemet outside of Lync• Local cache used in case of connectivity issue with Exchange 2013
Unified Contact Store
• Enable UCS in the User Services Policy• Global, Site, Service, Tag• Set-CsUserServicesPolicy -UcsAllowed $true
Unified Contact Store
• Lync 2013 client ”nudge” the server• Supported: ms-ucs-ready
• Server migrates Contacts to Exchange 2013 using LYSS
• Client then use EWS to get Contacts
Unified Contact Store
Lync 2013 Client Lync 2013 Server response
SUBSCRIBE roaming contact with the header Supported:ms-ucs ucsMode=”disabled”
SUBSCRIBE roaming contacts with the header Supported: ms-ucs-ready
ucsMode=”allowed”
BENOTIFY with a termination on the subscription on roaming contacts with ms-diagnostics-public = 2186 and reason "Contact subscription has been terminated as the user migrated to ucs mode." and the roaming contacts data has ucsMode="migrated"
• Use Test-CsUnifiedContactStore• Lync Client Configuration Information
• CTRL + right click Lync Icon in system tray-> Configuration Information• Contact List Provider = UCS
• Lync 2013 sets a value in registry• HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Lync\<SIP URI>\UCS and
value is InUCSMode• InUCSMode will have the value 2165 (decimal)
How to see if a user has been UCS migrated?
How to see if a user has been UCS migrated?
Test-CsUnifiedContactStore -UserSipAddress tu14@contoso.dk -TargetFqdn lync.contoso.dk
Target Fqdn : lync.contoso.dkResult : SuccessLatency : 00:00:00.0593965Error Message :Diagnosis :
• Contacts folder in the mailbox• Hidden folder <GUID> of folder class IPF.Contact.MOC.ImContactList
has any groups, favorites, other contacts and tagged• The visible folder ”Lync Contacts” has the contacts themselves
Where are the Contacts stored?
• You can rollback a user from UCS by using Invoke-CsUcsRollBack
• Will rollback contacts to Lync Server and the user is prevented from migrating to UCS for a period of 7 days
How to rollback the user?
Invoke-CsUcsRollback -Identity tu14@contoso.dkConfirmInvoke-CsUcsRollback[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
UCS Demo
High Resolution Photos
• Lync 2013 and Exchange 2013 supports photos with a larger resolution than Lync 2010
• The implementation supports 9 different pixel resolutions from 48x48 to 648x648, but the three used are 64x64, 96x96 and 648x648.• 64x64 is for the AD thumbnailPhoto version1
• 96x96 is for OWA, Outlook, LWA and Lync 2013• 648x648 is for LWA and Lync 2013
1) Exchange 2013 RTM used 48x48 for the AD photo
High Resolution Photo
• You can upload the photo using Exchange 2013 OWA Options (ECP) or using the PowerShell cmdlet Set-UserPhoto.
High Resolution Photo
• The photo is stored in the Exchange 2013 mailbox
• The upload process will automatically update the AD thumbnailPhoto
• The uploaded photo is stored in an internal format to support the different resolutions
• The typically size of the item, representing a photo with resolution equal to 648x648 and 24 bits depth, is 241 Kb
High Resolution Photo
• The photo is stored in the root of the Exchange 2013 mailbox as an item• Message Class IPM.UserPhoto.Preview or IPM.UserPhoto• The preview item stores the photo from the time it has been uploaded
till it has been saved. The item then becomes IPM.UserPhoto.
High Resolution Photo
• Access to the photo is provided through EWS API’s including GetUserPhoto
• GET /ews/exchange.asmx/s/GetUserPhoto email=tu26@contoso.dk&size=HR96x96 443 - OC/15.0.4420.1017+(Microsoft+Lync) 200 0 64 78
• GET /ews/exchange.asmx/s/GetUserPhoto email=tu26@contoso.dk&size=HR648X648&trace=1 443 P~00000004-0000-0ff1-ce00-000000000000 LYNC/5.0.8308.276/Storage 200 0 0 46
High Resolution Photo
• SharePoint is able to use the high resolution photos• The SharePoint-Exchange photo sync feature implements this
• SharePoint treats Exchange 2013 as the master photo store• SharePoint's local photo store becomes a cache
• SharePoint requests photos from Exchange 2013 automatically• When a user performs an operation that causes a request for their own photo• That means that the user needs to have requested his/her own photo, before other users will be able to see it.
SharePoint and High Resolution Photo
High Resolution Photo Demo
Scheduling Online meetings in OWA
• Exchange 2013 CU1 includes the ability of on-premises users of OWA to schedule Online meetings
• Require the mailbox to be on Exchange 2013 CU1 and user homed on a Lync 2013 pool
• Use S2SOAuth to communicate between Exchange and Lync via UCWA
• Use Lync Autodiscover to locate UCWA
Schedule Online meetings in OWA
• Honors the appropriate scoped meeting configuration elements from CsMeetingConfiguration in Lync• PstnCallersBypassLobby• LogoUrl1
• LegalUrl2
• HelpUrl• CustomFooterText
• Meeting is created such that all company employees joins as presenters and bypass the lobby
1. In Exchange 2013 CU1 the logo will only be shown, if the CustomFooterText has text in it 2. In Exchange 2013 CU1 the hyper link for the legal URL will always be empty no matter, if it is set or not
Meeting Configuration
• When OWA boots, and whenever you create an event, it checks the UCWA capabilities of the user• GetUcwaUserConfiguration
• If enabled the Online Meeting button is shown in the event
Scheduling Online meetings
Click to insert photo.
• When OWA boots, and whenever you create an event, it checks the UCWA capabilities of the user• GetUcwaUserConfiguration
• If enabled the Online Meeting button is shown in the event
Scheduling Online meetings
Scheduling Online meetings• When Online meeting is clicked OWA creates the Online meeting in Lync and fill in the invite• CreateOnlineMeeting
• You can change an existing event to be an Online meeting
• You can join the Online meeting from the Calendar peek or from the read form
Join Online meetings
Schedule Online meetings Demo
OWA IM Integration
• IM capabilities in OWA• Presence• IM• Reply all by IM
• Use People hub for contact management• Require UCS
• No custom presence states
Exchange 2013 OWA IM Integration
• Install a certificate trusted by same CA as Lync, and have the FQDN of the MBX server in both subject name and one of the subject alternative names
• Edit OWA web.config file (C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa)• Make sure it has the right format, i.e. no space after the hex characters in the certificate thumbprint and
ending /> brackets• <add key="IMCertificateThumbprint" value="EA5A332496CC05DA69B75B66111C0F78A110D22" /> • <add key="IMServerName" value=“<Lync 2013 pool FQDN>" />
• Make sure you add the two lines in the right section of the OWA web.config file (<appSettings>)
• Restart the MSExchangeOWAAppPool after the edit
Exchange Configuration – MBX server
• Configure the OWAVirtualDirectory and OwaMailboxPolicy• InstantMessagingType = Ocs• InstantMessagingEnabled = True
• Make sure users have SIP proxy addresses
Exchange Configuration
• If Exchange 2013 MBX is also running UM and hosting a SipName UM dial plan• No configuration is needed, since ExUmRouting component on Lync FE
loads the Exchange 2013 MBX as a trusted server
• Else• Add Exchange 2013 MBX as a trusted application server in Topology
Builder or New-CsTrustedApplicationPool with same next hop as defined in Exchange
• Add Owa as a trusted application on the trusted application server with random port
Lync Configuration
OWA IM Demo
Exchange UM
• New UM component running on client access server• UM Call Router
• Calls going to Exchange UM will divert to UM Call Router and then be re-directed to Exchange UM on the mailbox server
• Configuration of Exchange UM the same as Exchange 2010 UM, except the addition of UM Call Router• Trust• Mutually trusted certificates• Known Servers in Lync
• Permissions• Allow Lync to read Exchange AD objects
• Existing Exchange 2010 guidance http://technet.microsoft.com/en-us/library/gg398768.aspx
Exchange UM
• Set dual startup mode, dial plan and certificate for UM Call Router on the client access server
• Restart UM Call Router
Exchange UM Call Router Configuration
• Two new Synthetic Transactions:• Test-CsExUMConnectivity• Test-CsExUMVoiceMail
Test Exchange UM Functionality
Test-CsExUMConnectivity -TargetFqdn lync.contoso.dk -UserSipAddress tu14@contoso.dk
$cred=get-credential -username contoso\tu64 -message "voice mail sender is tu64"Test-CsExUMVoiceMail -SenderSipAddress tu64@contoso.dk -ReceiverSipAddress tu14@contoso.dk -sendercredential $cred -wavefile voicemail.wma -verbose
Exchange UM Demo
Lync and Exchange integrate more than ever beforeIntegration is only done one time for all featuresLyncdiscover and autodiscover is core featuresKey Takeaways
QA ?58
Thank youStåle HansenBlog: http://msunified.netTwitter: @StaleHansen