SOLUTION: Exchange 2010 WepApp (OWA) and Lync 2010 Integration error: Instant Messaging isn’t available right now…”

Problem:

Exchange 2010 WepApp (OWA) and Lync 2010 Integration error: Instant Messaging isn’t available right now…”

For Exchange 2010, Lync 2010

Symptoms:

You configured Exchange 2010 OWA integration with Lync 2010 OWA. So that users can use instant messaging. But when you login to owa you see that instant messaging does not work, IM icons are disabled and you see the following error:

“Instant Messaging isn’t available right now. The Contact List will appear when the service becomes available..”

Cause:

During the creation of trusted application in Lync server with New-CsTrustedApplication command, Subject Alternative Name in the ssl certificate is used instead of external Subject Name in the public ssl certificate. Problem occurs CAS (OWA) fqdn is different from internal Active Directory domain fqdn.

Resolution:

Use external Subject Name of the ssl cert (mail.contoso.com) in New-CsTrustedApplication command.

One more documentation issue! In most blogs, and how to docs about Lync OWA Integration, external fqdn of OWA link and internal Active Directory Domain fqdn are the same. (This makes life relatively easy for the configuration) But this is not the case in most organizations in real life:

Here is the example:
External OWA link that points to Exchange cas1.internal.contoso.com  server inside:

External domain fqdn: contoso.com so the OWA link is:

https://mail.contoso.com/owa  Public ssl certificate installed on the reverse proxy (ex: ISA Server)  has Subject Name mail.contoso.com

Internal Active Directory fqdn: internal.contoso.com

So you must use  Subject Name in external certificate in New-CsTrustedApplication command

1- Install SSL certificate on cas1.internal.contoso.com  server in internal network with external Subject Name mail.contoso.com. I also used Subject Alternative Name  cas1.internal.contoso.com and mail.contoso.com in the ssl certificate for guarantee.

You can get this cert from your internal CA. No need to instal cert from Public CA. Assuming your lync server and  reverse proxy also trusts your internal CA. But you can install the same public ssl certificate too.

2- Create trusted application on Lync Topology builder with name mail.contoso.com. Ignore warnings which tell you that mail.contoso.com is not a domain member.

3- Go a head and publish topology

4- In Lync Front End Server  host file Add

<Internal IP of cas1.internal.contoso.com >  mail.contoso.com

So that Lync Server can solve mail.contoso.com from internal IP of cas1.internal.contoso.com

5- In trusted application creation step, start Lync Server Management Shell and run

New-CsTrustedApplication -ApplicationID ExchangeOutlookWebApp –TrustedApplicationPoolFqdn mail.contoso.com -Port 9999

The Port number can be any unused TCP port.

And then run

Enable-CsTopology

Refresh the OWA page and it worked.  Lync services resart or iisreset are not needed.

More Information:

http://technet.microsoft.com/en-us/library/gg420962.aspx

 

Advertisements
Gallery | This entry was posted in Lync 2010 and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s