A lot of organizations use wildcard certificates for Exchange and Lync, and although MS doesn't really like wildcards to be used, it's doable. When integrating Lync with OWA, you'll get a "Instant Messaging isn't available right now" message. The workaround is to install local certs for the IIS service on your CAS hubs.
1. Request new certificates using the Web Server Template on each of your CAS hubs from your local CA. Add the Trusted Application FQDN of the CAS hub you are working on, as the Subject Name. You can name them whatever you like. Make note of the thumbprint(s) of the new certs(s).
**Note** If the Web Server Template isn't available, you'll need to allow your Exchange Servers as "Allowed to Enroll" on the Template's Security Tab on your Root CA.
2. Assign the new certificates to IIS and OWA by running:
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InstantMessagingCertificateThumbprint <New Certificate Thumbprint>
3. Restart IIS with a iisrest/noforce command
4. Add the CAS hubs to the Trusted Application Pool in Lync Topology Builder
5. Log on to OWA and check that it works
**Note** The new "local" certs you just created and assigned are only for the IM integration, they will have no effect on OWA functionality...OWA will still work as it has been.
Microsoft Enterprise Messaging tips, tricks, and general help.
No comments:
Post a Comment