Exchange 2010 WepApp (OWA) and Lync 2010 Integration error: Instant Messaging isn’t available right now…”
For Exchange 2010, Lync 2010
You configured Exchange 2010 OWA integration with Lync 2010 OWA. So that users can use instant messaging. But when you login to owa you see that instant messaging does not work, IM icons are disabled and you see the following error:
“Instant Messaging isn’t available right now. The Contact List will appear when the service becomes available..”
During the creation of trusted application in Lync server with New-CsTrustedApplication command, Subject Alternative Name in the ssl certificate is used instead of external Subject Name in the public ssl certificate. Problem occurs CAS (OWA) fqdn is different from internal Active Directory domain fqdn.
Use external Subject Name of the ssl cert (mail.contoso.com) in New-CsTrustedApplication command.
One more documentation issue! In most blogs, and how to docs about Lync OWA Integration, external fqdn of OWA link and internal Active Directory Domain fqdn are the same. (This makes life relatively easy for the configuration) But this is not the case in most organizations in real life:
Here is the example:
External OWA link that points to Exchange cas1.internal.contoso.com server inside:
External domain fqdn: contoso.com so the OWA link is:
https://mail.contoso.com/owa Public ssl certificate installed on the reverse proxy (ex: ISA Server) has Subject Name mail.contoso.com
Internal Active Directory fqdn: internal.contoso.com
So you must use Subject Name in external certificate in New-CsTrustedApplication command
1- Install SSL certificate on cas1.internal.contoso.com server in internal network with external Subject Name mail.contoso.com. I also used Subject Alternative Name cas1.internal.contoso.com and mail.contoso.com in the ssl certificate for guarantee.
You can get this cert from your internal CA. No need to instal cert from Public CA. Assuming your lync server and reverse proxy also trusts your internal CA. But you can install the same public ssl certificate too.
2- Create trusted application on Lync Topology builder with name mail.contoso.com. Ignore warnings which tell you that mail.contoso.com is not a domain member.
3- Go a head and publish topology
4- In Lync Front End Server host file Add
<Internal IP of cas1.internal.contoso.com > mail.contoso.com
So that Lync Server can solve mail.contoso.com from internal IP of cas1.internal.contoso.com
5- In trusted application creation step, start Lync Server Management Shell and run
New-CsTrustedApplication -ApplicationID ExchangeOutlookWebApp –TrustedApplicationPoolFqdn mail.contoso.com -Port 9999
The Port number can be any unused TCP port.
And then run
Refresh the OWA page and it worked. Lync services resart or iisreset are not needed.