7. On Exchange: Enable OWA VD Instant Messaging
8. On Exchange: Enable Messaging on OWA Policy
9. On Exchange: Create Enterprise Application for Skype Pool.
10. On Exchange: Create new SettingOverride for Skype for Business.
11- Generate a new Certificate for Exchange IM
12. Assign the newly imported certificate to IIS Exchange Back End site
13. On Exchange: Restart the WebAppPool
14. Log out and sign back in to OWA to Check
15. Troubleshooting methods
Part of enabling IM integration between Exchange and SfB is to enable OWA Virtual Directory to allow this. The below cmdlet does the job for you on all your Exchange Servers
From Exchange, Launch Exchange Management and run the following cmdlet
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InstantMessagingEnabled $true -InstantMessagingType Ocs
Run the following to enable Messaging for Owa Policy
Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -InstantMessagingEnabled $true -InstantMessagingType Ocs
From Exchange Management shell Run the following cmdlet
Cd $exscripts
.\Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl “https://sbg-pool01.domain.com/metadata/json/1” -ApplicationType Lync
The AuthMetadataUrl is going to be your local Skype for Business Pool URL. This URL should work in your Exchange server without any Certificate error. Meaning that the certificate assigned to your Skype for Business pool should already be imported to Exchange Servers to trust this URL.
If your previous configuration is correct then you should see the “The Configuration has Succeeded” Message.
Notes:
To configure the same settings on all Exchange 2016 and Exchange 2019 servers in the Active Directory forest, don’t use the Server parameter.
New-SettingOverride -Name “<UniqueOverrideName>” -Component OwaServer -Section IMSettings -Parameters @(“IMServerName=<Skype server/pool name>”,”IMCertificateThumbprint=<Certificate Thumbprint>”) -Reason “<DescriptiveReason>” [-Server <ServerName>]
The Thumbprint you use here will define if whether IM will work or not as this what secures the communication between Exchange and Skype. If you use the wrong certificate your Integration will fail and users wont be able to login to IM through OWA.
IMPORTANT NOTE:
In order for IM in OWA to work the certificate you will generate must have its common name set as mail.domain.com to match the configuration.
Using Digicert tool on Exchange Server I will generate the CSR of the new certificate
Choose SSL certificate type and make sure you choose Mail.domain.com as CN
In the SANs type all of the involved servers (Skype for Business Frontends, Mailbox servers in FQDN and in Hostnames as in the screenshot below). and click on Generate
Click on the Details and copy the Thumbprint or from MMC right click the certificate > Properties give it a friendly name e.g. (IM) and then from Exchange Management shell you can copy the Thumbprint directly.
Get-ExchangeCertificate | select thumbprint,friendlyName
Now use the previous script to create the setting Override for OwaServer.
Things you can change are in bold “Name, IM Servername Value, and the Thumbprint value”.
New-SettingOverride -Name “IM Override” -Component OwaServer -Section IMSettings -Parameters @(“IMServerName=SBG-Pool01.domain.com“,”IMCertificateThumbprint= 28E4B1BA0F2FCB1535AF199F02A64EFC78367F2D“) -Reason “Configure IM”
If you enter the server parameter to use a single server you can change that by using. Note that you must not use FQDN but rather only the server’s hostname.
Get-SettingOverride | Set-SettingOverride -Server sbg-mx01,sbg-mx02
This should generate an event ID 112 on Exchange servers involved in the deployment.
Once the certificate is in the server store, You will be able to easily find in from IIS and bind it to the Exchange Back End site.
This is the most crucial step to get IM to work in OWA. Don’t worry about breaking up Exchange Sites or Powershell. If you have added Exchange Servers Hostnames and FQDNs in this certificate then you should be good.
Make sure you change the backend cert to the new on all the involved Exchange Servers.
Restart-WebAppPool MSExchangeOWAAppPool
Log out of OWA and back in and check if you are able to Login to IM . It should normally sign you in automatically but in case of an error then you should see it.
In case of an error you should see the following.
If it works then you should see the presence
If you follow the above steps correctly then it should work especially when applying the right certificate for your Exchange Back End IIS part however if you face an error then you should do the following steps to troubleshoot the error
Set-EventLogLevel -Identity “sbg-mx01\MSExchange OWA\InstantMessage” -Level High
C:\Program Files\Microsoft\Exchange Server\V15\Logging\OWA\InstantMessaging
Get-ServerHealth -HealthSet OWA.Protocol.Dep -Server sbg-mx01 | Format-Table Name, AlertValue –Auto
Get-MonitoringItemIdentity -Server sbg-mx01 -Identity OWA.Protocol.Dep | Format-Table Identity,ItemType,Name -Auto
Ref
Reset and manage your Active Directory users' Passwords Active Directory is one of the most…
Finding Exchange Database hidden mailboxes. Story:Maybe you have been in this situation before, trying to…
If you're using a Proxy server in your firewall or in your network and have…
Story:I got some clients that have reported some of their users being locked out and…
Delegate Permissions This is a code that I have wrote recently to check if an…
Story: I got a request from a client who constantly gets CVs and have to…
View Comments
I followed these instructions exactly and it is still not working. I am getting the following errors in the logs:
2021-07-01T18:01:20.615Z,71,5,,,,0,DEBUG:InstantMessageNotifier.KeepAlive. User: sip:user@domain.com,
2021-07-01T18:01:20.615Z,71,5,,,,0,"DEBUG:InstantMessageOCSProvider.ChangeUserPresenceAfterInactivity. Context: User=user@domain.com, Sip address=sip:user@domain.com, Lyncserver=SFB.domain.local",
2021-07-01T18:01:20.615Z,71,1,,,,0,ERROR:InstantMessageOCSProvider.ChangeUserPresenceAfterInactivity. SelfDataSession not established.,