Mino – The UC Guy

Microsoft Unified Communications Blog

Posts Tagged ‘Exchange UM integration’

Step by Step Lync and Exchange UM Integration (by Jeff Schertz)

Posted by Mino on November 16, 2010



also in case you faced Integration problems , please check this URL


Posted in Lync Bugs, Lync Server 2010, Lync Telephony | Tagged: , , , | Leave a Comment »

How to Fix Exchange UM Certificate errors when Integrating with OCS 2007

Posted by Mino on May 19, 2009

Typically When Exchange 2007 is installed, it generates a self-issued certificate for use with IIS, SMTP, and SIP (if you’re using UM).  This certificate generally isn’t ideal for Outlook and OWA clients because it’s not trusted by any machines except for the Exchange server, and one of the first tasks to do is replace this certificate with one that is trusted by the user’s machines.

So typically you would request to buy a Public certificate for the Exchange and usually people don’t include the internal FQDN of the servers in this request.

On the Other Hand when you deploy the OCS 2007 you will require Certificate for each OCS server and this is required for securing the communication internally between OCS to OCS servers and OCS to Client. So you will deploy internal Enterprise CA in your domain to issue the certificates for the OCS , and since this is Enterprise CA so it will be published in the Active directory and it will be trusted by default for all internal domain user computers.

However when you try to integrate the OCS 2007 with the Exchange UM by this design , the first thing you will notice that the Voice mail is not accessible from the Communicator client  and it is giving you communicator error whenever you click on voice mail ,and you will find lots of Certificate event logs and OCS Protocol stack errors on both OCS front end and Exchange UM Server.

The reason behind that is because the Exchange UM server is still using the Exchange Self Signed certificate for its internal name and it is trying to communicate with the OCS using this certificate , and since the OCS doesn’t know anything about this issuer so it drops the connection.

To solve this problem we will have to replace the Exchange UM self signed certificate with one from the same CA that the OCS 2007 is using. To accomplish this task simply run the below command on the Exchange command shell.

New-ExchangeCertificate -GenerateRequest -Path c:\UMrequest.req -SubjectName “c=US, o=Contoso, cn=umsrv.mydomain.local” -DomainName mydomain.local  -PrivateKeyExportable $true

This will generate a request on the C: drive under the name of UMrequest.req  for the UM server internal FQDN umsrv.mydomain.local , open it with notepad and copy the content and then go to the PKI auto enrolment page https:\\pkisrv.mydomain.local\certsrv   to issue the certificate and save it locally .

Then we need to import the certificate to exchange and Enable it for UM service usage , my certificate is saved on the C: drive with the name of UMCertificate.cer

Import-ExchangeCertificate -Path c:\UMCertificate.cer

The last thing we will do is to enable this certificate for UM usage, first make sure to copy the Thumbprint of the certificate that you will see in the command shell then run the below command .

Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e –Services UM

Restart UM service and restart OCS Front End Server and now you will get the UM working fine with the OCS and you will no longer see the protocol stack errors.

Posted in Certificates, Common Errors, communicator client, Front End Server, Mediation Server, OCS & Exchange07, OCS 2007 R2, Phone Edition, Unified Messaging | Tagged: , , , , , , , , , , | 3 Comments »