Integrating Lync Server 2013 with Exchange 2013MUCUGN

Ståle HansenTechnical Evangelist @AteaV-TSP @ MicrosoftLync MVP

Blog: http://msunified.netTwitter: @StaleHansen

Agena

• What?

• Why?

• How?

• Endresult Demo

• QA

• Contacts with Unified Contact Store (UCS)• High Resolution Photos• Scheduling Online meetings through OWA• Archiving using Microsoft Exchange

integration• SharePoint eDiscovery Console

• Existing integration features• OWA IM Integration• Exchange UM

What is shared?

Use Exchange for what it is doing very well• Single platform for Contact storage and manipulation. • Common experience for administrators around compliance and

eDiscovery• The need for high resolution photos • require a more advanced storage platform than what AD can provide

Why change?

How the integrations are accessed

New Lync and SharePoint Clients

Lync 2013 and Lync MX

HR PhotoUCS

Client credentialsS2SOAuth

UCS Archiving

Lync 2013 Server

HR Photo

UCWA

LWA and Lync Mobile V2

Exchange Web Services

Exchange 2013 Mailbox

S2SOAuth

SharePoint 2013 Server

HR Photo

eDiscovery Console

MySite

Legacy Lync Clients

S2SOAuth

UCS Archiving

Lync 2013 Server

Lync 2010, Lync for Mac 2011, Lync Mobile V1

Exchange Web Services

Exchange 2013 Mailbox

READ ONLY

Scheduling of Online meetings from OWA

S2SOAuth

Lync 2013 Server

UCWA

Outlook Web App

Lync Autodiscover

Service

Exchange 2013 CU1 Mailbox

How the existing Exchange integration works

UCMA 4.0

Exchange UM

OWA IM

Lync 201x Server

Lync 2010 Server & Client

Lync 2013 Server & Client

Lync 2010 Server and Lync 2013 Client

Lync 2013 Server and Lync 2010 Client

Exchange 2010 mbx

Legacy Legacy Legacy Legacy

Exchange 2013 mbx

Legacy New Legacy Legacy1,2

Exchange 2013 CU1 mbx

Online meeting scheduling in OWA

Online meeting

scheduling in OWA

Feature Matrix

Legacy• OWA IM• UM• Missed Call• Visual Voice Mail• Outlook

Contacts• SharePoint Skill

Search

New• UCS• HR Photo• Archiving into Exchange• OWA IM• UM• Missed Call• Visual Voice Mail• Outlook Contacts• SharePoint Skill Search

1) UCS Contacts are read-only2) Archiving into Exchange

works

Prerequisites for new server integration features

• For integration two basic things needs to be in place• Trust• Permissions

• Server to Server OAuth (S2SOAuth) is the trust method used across the Office family of servers Exchange, Lync and SharePoint.• http://oauth.net/2/

• Works both on-premises, in the cloud and hybrid• Use Azure Access Control Server (ACS) for cloud components and it acts as a

OAuth Server

Trust and Permissions

• Trust is established using certificates (no news here )

• Trust needs to be established between all Lync 2013 FE and Exchange 2013 servers in the deployment• Certificate distribution challenge

• Solution• Exchange use one self-signed certificate and distributes it during setup of a server• Microsoft Exchange Server Auth Certificate

• Lync can use enterprise or self-signed certificates and use CMS to distribute it to all servers• OAuthTokenIssuer certificate type

• Certificate distribution between Lync and Exchange via auth metadata document• Metadata/json/1

Trust

• Permissions are given to configuration entities called Partner Applications representing the other system

• You create one Part Application per system, i.e. 1 for Lync no matter the number of pools

• Application Identifier defined to represent system type

• POST /ews/exchange.asmx - 443 P~00000004-0000-0ff1-ce00-000000000000 LYNC/5.0.8308.0/Storage 200 0 0 500

Permissions

System Application Identifier

Exchange

00000002-0000-0ff1-ce00-000000000000

SharePoint

00000003-0000-0ff1-ce00-000000000000

Lync 00000004-0000-0ff1-ce00-000000000000

• Partner Applications linked to disabled user accounts in Exchange and assigned appropriate ManagementRole

• Exchange provides a script to configure the partner application, create the disabled user and assign the management roles• Reference the auth metadata document Url on other system

• Lync & SharePoint have cmdlets to create the partner application• Reference the auth metadata document Url on other system

Permissions

• Lync Server Storage Service (LYSS) is a storage framework intended to be used by different LYSS consumers for accessing storage platforms in the overall LYNC system• Archiving using Microsoft Exchange integration• UCS

• Currently the design is allowing for using Exchange Web Services (EWS) and SQL Server as the two storage platforms

• LYSS use S2SOAuth to talk to Exchange 2013• No configuration needed outside of S2SOAuth

Lync Server Storage Service (LYSS)

• Scheduling Online meetings in OWA use the Lync Autodiscover service to locate the UCWA url for the user

Lync Autodiscover Service

Prerequisites for existing server integration featuresUM and IM in OWA

• UCMA 4.0 Runtime is required to be installed on Exchange 2013 to support• OWA IM• Exchange UM

• Installing it makes the DLL Microsoft.Rtc.Internal.Ucweb.dll available in C:\Program Files\Microsoft UCMA 4.0\Runtime\SSP

UCMA 4.0 Runtime on Exchange 2013

Unified Contact Store

• The ability to use Exchange 2013 as the storage platform for Lync Contacts• Require Exchange 2013 mailbox• Require Lync 2013 client

• Why use UCS?• Allow contact managemet outside of Lync• Local cache used in case of connectivity issue with Exchange 2013

Unified Contact Store

• Enable UCS in the User Services Policy• Global, Site, Service, Tag• Set-CsUserServicesPolicy -UcsAllowed $true

Unified Contact Store

• Lync 2013 client ”nudge” the server• Supported: ms-ucs-ready

• Server migrates Contacts to Exchange 2013 using LYSS

• Client then use EWS to get Contacts

Unified Contact Store

Lync 2013 Client Lync 2013 Server response

SUBSCRIBE roaming contact with the header Supported:ms-ucs ucsMode=”disabled”

SUBSCRIBE roaming contacts with the header Supported: ms-ucs-ready

ucsMode=”allowed”

BENOTIFY with a termination on the subscription on roaming contacts with ms-diagnostics-public = 2186 and reason "Contact subscription has been terminated as the user migrated to ucs mode." and the roaming contacts data has ucsMode="migrated"

• Use Test-CsUnifiedContactStore• Lync Client Configuration Information

• CTRL + right click Lync Icon in system tray-> Configuration Information• Contact List Provider = UCS

• Lync 2013 sets a value in registry• HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Lync\<SIP URI>\UCS and

value is InUCSMode• InUCSMode will have the value 2165 (decimal)

How to see if a user has been UCS migrated?

How to see if a user has been UCS migrated?

Test-CsUnifiedContactStore -UserSipAddress tu14@contoso.dk -TargetFqdn lync.contoso.dk

Target Fqdn : lync.contoso.dkResult : SuccessLatency : 00:00:00.0593965Error Message :Diagnosis :

• Contacts folder in the mailbox• Hidden folder <GUID> of folder class IPF.Contact.MOC.ImContactList

has any groups, favorites, other contacts and tagged• The visible folder ”Lync Contacts” has the contacts themselves

Where are the Contacts stored?

• You can rollback a user from UCS by using Invoke-CsUcsRollBack

• Will rollback contacts to Lync Server and the user is prevented from migrating to UCS for a period of 7 days

How to rollback the user?

Invoke-CsUcsRollback -Identity tu14@contoso.dkConfirmInvoke-CsUcsRollback[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):

UCS Demo

High Resolution Photos

• Lync 2013 and Exchange 2013 supports photos with a larger resolution than Lync 2010

• The implementation supports 9 different pixel resolutions from 48x48 to 648x648, but the three used are 64x64, 96x96 and 648x648.• 64x64 is for the AD thumbnailPhoto version1

• 96x96 is for OWA, Outlook, LWA and Lync 2013• 648x648 is for LWA and Lync 2013

1) Exchange 2013 RTM used 48x48 for the AD photo

High Resolution Photo

• You can upload the photo using Exchange 2013 OWA Options (ECP) or using the PowerShell cmdlet Set-UserPhoto.

High Resolution Photo

• The photo is stored in the Exchange 2013 mailbox

• The upload process will automatically update the AD thumbnailPhoto

• The uploaded photo is stored in an internal format to support the different resolutions

• The typically size of the item, representing a photo with resolution equal to 648x648 and 24 bits depth, is 241 Kb

High Resolution Photo

• The photo is stored in the root of the Exchange 2013 mailbox as an item• Message Class IPM.UserPhoto.Preview or IPM.UserPhoto• The preview item stores the photo from the time it has been uploaded

till it has been saved. The item then becomes IPM.UserPhoto.

High Resolution Photo

• Access to the photo is provided through EWS API’s including GetUserPhoto

• GET /ews/exchange.asmx/s/GetUserPhoto email=tu26@contoso.dk&size=HR96x96 443 - OC/15.0.4420.1017+(Microsoft+Lync) 200 0 64 78

• GET /ews/exchange.asmx/s/GetUserPhoto email=tu26@contoso.dk&size=HR648X648&trace=1 443 P~00000004-0000-0ff1-ce00-000000000000 LYNC/5.0.8308.276/Storage 200 0 0 46

High Resolution Photo

• SharePoint is able to use the high resolution photos• The SharePoint-Exchange photo sync feature implements this

• SharePoint treats Exchange 2013 as the master photo store• SharePoint's local photo store becomes a cache

• SharePoint requests photos from Exchange 2013 automatically• When a user performs an operation that causes a request for their own photo• That means that the user needs to have requested his/her own photo, before other users will be able to see it.

SharePoint and High Resolution Photo

High Resolution Photo Demo

Scheduling Online meetings in OWA

• Exchange 2013 CU1 includes the ability of on-premises users of OWA to schedule Online meetings

• Require the mailbox to be on Exchange 2013 CU1 and user homed on a Lync 2013 pool

• Use S2SOAuth to communicate between Exchange and Lync via UCWA

• Use Lync Autodiscover to locate UCWA

Schedule Online meetings in OWA

• Honors the appropriate scoped meeting configuration elements from CsMeetingConfiguration in Lync• PstnCallersBypassLobby• LogoUrl1

• LegalUrl2

• HelpUrl• CustomFooterText

• Meeting is created such that all company employees joins as presenters and bypass the lobby

1. In Exchange 2013 CU1 the logo will only be shown, if the CustomFooterText has text in it 2. In Exchange 2013 CU1 the hyper link for the legal URL will always be empty no matter, if it is set or not

Meeting Configuration

• When OWA boots, and whenever you create an event, it checks the UCWA capabilities of the user• GetUcwaUserConfiguration

• If enabled the Online Meeting button is shown in the event

Scheduling Online meetings

Click to insert photo.

• When OWA boots, and whenever you create an event, it checks the UCWA capabilities of the user• GetUcwaUserConfiguration

• If enabled the Online Meeting button is shown in the event

Scheduling Online meetings

Scheduling Online meetings• When Online meeting is clicked OWA creates the Online meeting in Lync and fill in the invite• CreateOnlineMeeting

• You can change an existing event to be an Online meeting

• You can join the Online meeting from the Calendar peek or from the read form

Join Online meetings

Schedule Online meetings Demo

OWA IM Integration

• IM capabilities in OWA• Presence• IM• Reply all by IM

• Use People hub for contact management• Require UCS

• No custom presence states

Exchange 2013 OWA IM Integration

• Install a certificate trusted by same CA as Lync, and have the FQDN of the MBX server in both subject name and one of the subject alternative names

• Edit OWA web.config file (C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa)• Make sure it has the right format, i.e. no space after the hex characters in the certificate thumbprint and

ending /> brackets• <add key="IMCertificateThumbprint" value="EA5A332496CC05DA69B75B66111C0F78A110D22" /> • <add key="IMServerName" value=“<Lync 2013 pool FQDN>" />

• Make sure you add the two lines in the right section of the OWA web.config file (<appSettings>)

• Restart the MSExchangeOWAAppPool after the edit

Exchange Configuration – MBX server

• Configure the OWAVirtualDirectory and OwaMailboxPolicy• InstantMessagingType = Ocs• InstantMessagingEnabled = True

• Make sure users have SIP proxy addresses

Exchange Configuration

• If Exchange 2013 MBX is also running UM and hosting a SipName UM dial plan• No configuration is needed, since ExUmRouting component on Lync FE

loads the Exchange 2013 MBX as a trusted server

• Else• Add Exchange 2013 MBX as a trusted application server in Topology

Builder or New-CsTrustedApplicationPool with same next hop as defined in Exchange

• Add Owa as a trusted application on the trusted application server with random port

Lync Configuration

OWA IM Demo

Exchange UM

• New UM component running on client access server• UM Call Router

• Calls going to Exchange UM will divert to UM Call Router and then be re-directed to Exchange UM on the mailbox server

• Configuration of Exchange UM the same as Exchange 2010 UM, except the addition of UM Call Router• Trust• Mutually trusted certificates• Known Servers in Lync

• Permissions• Allow Lync to read Exchange AD objects

• Existing Exchange 2010 guidance http://technet.microsoft.com/en-us/library/gg398768.aspx

Exchange UM

• Set dual startup mode, dial plan and certificate for UM Call Router on the client access server

• Restart UM Call Router

Exchange UM Call Router Configuration

• Two new Synthetic Transactions:• Test-CsExUMConnectivity• Test-CsExUMVoiceMail

Test Exchange UM Functionality

Test-CsExUMConnectivity -TargetFqdn lync.contoso.dk -UserSipAddress tu14@contoso.dk

$cred=get-credential -username contoso\tu64 -message "voice mail sender is tu64"Test-CsExUMVoiceMail -SenderSipAddress tu64@contoso.dk -ReceiverSipAddress tu14@contoso.dk -sendercredential $cred -wavefile voicemail.wma -verbose

Exchange UM Demo

Lync and Exchange integrate more than ever beforeIntegration is only done one time for all featuresLyncdiscover and autodiscover is core featuresKey Takeaways

QA ?58

Thank youStåle HansenBlog: http://msunified.netTwitter: @StaleHansen