You are on page 1of 10

Lync and Exchange UM Integration November 15, 2010 by Jeff Schertz Comments (57) This article covers the

e Unified Messaging (UM) integration configuration between Lync Server 2010 Release Candidate and Exchange Server 2010 SP1. Although the process is basically the same as it was in Exchange 2007 and OCS 2007 R2 there are a few important changes. Also note these instructions were tested various times with both RC and RTM installations of Lync Server. The lab environment used as examples was built using the same processes discussed in these three previous articles for Lync Server. A single consolidated Exchange 2010 SP1 server was also added with all roles (CAS, Hub, Mailbox, UM). Overview The following steps completed in this order in a greenfield deployment should yield a working UM environment in little time. 1. Deploy Exchange Server 2010 SP1 in same forest as a consolidated server with Unified Messaging role included. 2. Replace the self-signed certificate with one from an internal Windows Enterprise Certificate Authority and reassign all Exchange roles to it. 3. Create a new SIP Dial Plan in Exchange. 4. Configure UM Dial Plan, Policy, and Auto Attendant settings. 5. Enable Unified Messaging on at least one mailbox. 6. Run the exchucutil.ps1 PowerShell script on the Exchange server. 7. Configure Lync Server Dial Plan or verify existing configuration is sufficient. 8. Run the ocsumutil.exe tool on the Lync server. Configuration These steps begin right where article 3 left off so if you are following along make sure to configure the Enterprise Voice setting in Lync Server as detailed in that article. 1. Deploy Exchange Server The deployment of Exchange Server 2010 SP1 is outside the scope of this article but there are many official and unofficial walkthroughs available online to help anyone unfamiliar with the Exchange Server deployment process. The best place to start would be the official Microsoft documentation. The host used in this lab is a separate, dedicated virtual guest running Windows Server 2008 R2 with 2GB of RAM assigned to it. No previous instance of Exchange had been installed so the deployment included creating a new Exchange Organization. Prior to deploying the Exchange Server make sure to install all of the prerequisite software for the UM role as documented in this checklist. Pay special attention to the Microsoft Speech Platform, UC Managed API 2.0, and UM Language Packinstallations. 2. Generate New Certificate

This step is a common Exchange deployment task and official instructions can be found here. Note that the statement you must use a public certificate if you are using Unified Messaging with Office Communications Server is not entirely correct. This really should state that a trusted certificate is required, as a private certificate issued by an internal Enterprise Windows CA can be used and will work fine if both the Lync and Exchange servers are members of the same domain. Also verify that the UM service is assigned to the new certificate once it is installed and the UM service was restarted. When collocating the UM role on a consolidated Exchange Server the easiest configuration is to use a single SAN certificate for all Exchanges services with the servers FQDN set as the Subject Name (e.g. lab1exch.csmvp.net) with any other required names (e.g. mail.csmvp.net, autodiscover.csmvp.net) added to the Subject Alternative Names field. 3. Create Exchange UM Dial Plan In this deployment the VoIP Security option Secured was used used so that both SIP signaling traffic and RTP media traffic will be transmitted between Lync and Exchange using encrypted TLS communications. Opting to use the SIP Secured setting would only protect the SIP traffic using TLS while all RTP traffic would be transmitted over TCP. Additionally a value of 4 was selected for the number of digits in extension numbers as the dial plan previously configuredin the Lync server is based on the pattern 312-555-75xx, where the last four digits are treated as the users extension. Since normalization patterns were created to translate 75xx patterns into RFC 3966 patterns (+131255575xx) then we want the Exchange UM dial plan to automatically select the last 4 digits of the users Telephone Number field as their extension when they are later enabled for UM.

Using the Exchange Management Console navigate to the UM Dial Plans tab under Organization Configuration >Unified Messaging. Create a new UM Dial Plan with any Name desired (e.g. DefaultUM), and any valid PIN length (e.g.4). The URI Type must be set to SIP URI and the VOIP Security was set to Secured. As this lab is using a North American dialing plan the Country/Region Code was set to 1.

An improvement in the Exchange Server 2010 process is seen next as the wizard will ask which UM server to associate the new dial plan with. Previously with Exchange Server 2007 this step had to be performed manually afterwards.

Select the consolidated Exchange server running the UM role and then complete the wizard.

During the wizard completion the following error may appear as the default UM service startup mode is set to TCP and is not compatible with the VoIP Security option selected. This will also prevent the Unified Messaging service from starting on the Exchange server. The VoIPSecurity type of dial plan(s) DefaultUM does not match the UMStartupMode of Unified Messaging server LAB1EXCH. Please ensure that if the UMStartupMode of the Unified Messaging server is TCP, the dial plan has a VoIPSecurity type of Unsecured. If the UMStartupMode of the Unified Messaging server is TLS, the dial plan should have a VoIPSecurity type of either SIPSecured or Secured.

To resolve this issue complete the wizard and then use the Exchange Management Console to navigate to the UM Settings tab on the UM server properties located under Server Configuration > Unified Messaging. Change the Startup Mode to TLS. (Dual could also have been selected but in this lab all communications will be using TLS so there is no reason to for the UM service to listen over TCP as well. This approach is also more secure in production deployments.)

To apply this change the Microsoft Exchange Unified Messaging service must be restarted, although it should not even be running at this point so then it just needs to be started.

Alternatively the Exchange Management Shell can be used with the following PowerShell cmdlets to perform all of the steps shown above in this section. New-UMDialPlan -Name DefaultUM -NumberOfDigitsInExtension 4 -URIType SipName VoIPSecurity Secured -CountryOrRegionCode 1

Set-UMServer -Identity LAB1EXCH -DialPlans DefaultUM -UMStartupMode TLS Start-Service MSExchangeUM 4. Configure UM Settings This first step is optional but I typically prefer to tweak a couple settings before enabling users for UM, specifically the minimum PIN length as the default of 6 is annoyingly long for demo purposes, plus enabling common patterns allows me to set easy-to-remember PINs like 1234 or 1111.

From the PIN policies tab on the default UM Mailbox Policy set the Minimum PIN Length to 4 and enable Allow common patterns in PIN.

Next is the Exchange Subscriber Access and Auto Attendant configuration. As this lab is using 312-555-75xx in the Lync Dial Plan I selected 7556 and 7557 for the SA and AA telephone numbers.

Enter the desired telephone number on the Subscriber Access tab of the newly created UM Dial Plan (e.g.+13125557556).

Create a new UM Auto Attendant with any Name (e.g. AutoAttendant) (do not include any spaces) and enter the desired phone number in the Pilot Identifier List (e.g. +13125557557). Select the new UM Dial Plan as the associated dial plan and select both settings to enable and speech-enable the auto attendant.

Alternatively the PowerShell cmdlet shown below can be used to create the new UM Auto Attendant with the setting described above.

New-UMAutoAttendant -Name AutoAttendant -UMDialPlan DefaultUM -Status Enabled SpeechEnabled $true -PilotIdentifierList +13125557557 5. Enable Mailboxes for UM Select at least one mailbox using the Exchange Management Console and enable Unified Messaging on it. This account should already be enabled for Lync Server and Enterprise Voice.

Run the Enable Unified Messaging wizard on the mailbox and select the default policy. Retain the automatic settings but verify that the extension and SIP address shown match the desired settings for that user.

Once again, the Exchange Management Shell can be used to perform the same step, as shown by the following cmdlet. Enable-UMMailbox Identity kristina -PinExpired $false -UMMailboxPolicy DefaultUM Default Policy -Extensions 7502 -SIPResourceIdentifier Kristina@csmvp.net

Verify that the EUM and SIP addresses are properly configured on the mailbox after the wizard completes.

6. Run Exchange UC Configuration Script This script is basically unchanged in SP1 and performs the same actions: creating the UM IP Gateway and IP Hunt Group as well as granting permissions to Lync server to read specific UMrelated objects in Active Directory. Make sure to allow for any outstanding AD replication to complete before running this script so that the newly created UM dial plan and any other changes are read by the script in their updated state. If run to soon sometimes the Dial Plans listed in the last line of the script output will display as not found even though the configuration would typically be functional at that point. If that happens it is safe to re-run the script multiple times at it will identify any successful previous changes and thus report that no new changes were applied in those cases.

Using the Exchange Management Shell execute the exchucutil.ps1 script located in the Exchange Servers Scriptsdirectory, as shown in the path below.

[PS] C:\Program Files\Microsoft\Exchange Server\v14\Scripts>.\ExchUCUtil.ps1 Using Global Catalog: GC://DC=csmvp,DC=net Configuring permissions for csmvp.net\RTCUniversalServerAdmins CSMVP Net: The appropriate permissions havent been granted for the Office Communications

Servers and Administrators to be able to read the UM dial plan and auto attendants container objects in Active Directory. The correct permissions are being added to the container objects. UM DialPlan Container: The appropriate permissions havent been granted for the Office Communications Servers and Administrators to be able to read the UM dial plan and auto attendants container objects in Active Directory. The correct permissions are being added to the container objects. UM AutoAttendant Container: The appropriate permissions havent been granted for the Office Communications Servers and Administrators to be able to read the UM dial plan and auto attendants container objects in Active Directory. The correct permissions are being added to the container objects. Configuring permissions for csmvp.net\RTCComponentUniversalServices CSMVP Net: The appropriate permissions havent been granted for the Office Communications Servers and Administrators to be able to read the UM dial plan and auto attendants container objects in Active Directory. The correct permissions are being added to the container objects. UM DialPlan Container: The appropriate permissions havent been granted for the Office Communications Servers and Administrators to be able to read the UM dial plan and auto attendants container objects in Active Directory. The correct permissions are being added to the container objects. UM AutoAttendant Container: The appropriate permissions havent been granted for the Office Communications Servers and Administrators to be able to read the UM dial plan and auto attendants container objects in Active Directory. The correct permissions are being added to the container objects. Configuring UM IP Gateway objects Pool: lab1ls.csmvp.net A UMIPGateway doesnt exist in Active Directory for the Office Communications Server Pool. A new UM IP gateway is being created for the Pool. IsBranchRegistrar: False MessageWaitingIndicatorAllowed: True OutcallsAllowed: True WARNING: The command completed successfully but no settings of 1:1 have been modified. Dial plans: DefaultUM Permissions for group csmvp.net\RTCUniversalServerAdmins ObjectName AccessRights Configured CSMVP Net ListChildren True UM DialPlan Container ListChildren, ReadProperty True UM AutoAttendant Container ListChildren, ReadProperty True Permissions for group csmvp.net\RTCComponentUniversalServices ObjectName AccessRights Configured CSMVP Net ListChildren True UM DialPlan Container ListChildren, ReadProperty True UM AutoAttendant Container ListChildren, ReadProperty True

PoolFqdn UMIPGateway DialPlans lab1ls.csmvp.net 1:1 {DefaultUM} 7. Configure Lync Dial Plans As mentioned earlier the Lync Server voice configuration is already complete. To validate which settings are required in Lync follow just the Enabling Enterprise Voice section of this previous article (the Deploying a Media Gateway section is not required for UM connectivity.)

To validate the configuration will support the extension dialing configured for the SA and AA UM objects use the Lync Server Control Panel to create a New Voice Test Routing Case. Enter the SA extension (e.g. 7556) and the Expected translation (e.g. +13125557556) and make sure the test passes.

8. Run Lync UM Configuration Tool This utility is used to create the AD contact objects for Lync Server to resolve and locate the Exchange Subscriber Access and Auto Attendant services. In the past it was always required to configure the UM Dial Plan name to be the identical FQDN as what the OCS Location Profile was named. But now with SP1 on Exchange Server 2010 that is no longer required, as indicated by the informational text on the bottom of the next screenshot.

Execute the OcsUmUtil.exe program located in the Lync Servers Support directory, as shown in the path below.

C:\Program Files\Common Files\Microsoft Lync Server 2010\Support\OcsUmUtil.exe

Click Load Data and the Active Directory forest name should populate the Exchange UM Dial Plan Forest field.

Click Add to create the Subscriber Access contact first. Select the desired Organizational Unit and Name. The defaults can be used for the remainder of the settings. Click Add again to create another contact and select Auto-Attendant as the Contact Type. Select the desiredOrganizational Unit and Name. The defaults can be used for the remainder of the settings as well.

Close the Exchange UM integration Utility and force an address book update in a Lync client to verify the new Exchange contacts. Depending on the AD forest configuration replication may need to complete before attempting the address book update process.

or anyone keeping score this now makes the third blog entry in as many days related to Exchange and Lync Unified Messaging integration. If you followed the previous configuration article and ended up here

because calls to the Subscriber Access are working but calls to the Exchange Auto Attendant fail, then here is a quick fix.

Problem
Calls placed to the Subscriber Access number or any calls to offline users which are forwarded to the Exchange attendant work normally. But when placing calls from OCS or Lync clients to the Exchange Auto Attendant the call immediately fails and the following event log entry can be found on the Exchange UM server. Log Name: Application Source: Event ID: MSExchange Unified Messaging 1021

Task Category: UMCore Level: Warning Computer: Description: exch.schertz.local

The Unified Messaging server rejected an incoming call with the ID "5cf1ddf281595cefc56af46855fc95d3". Reason: "The Unified Messaging server cant find a valid UM hunt group for "Auto Attendant.ExchangeUM" associated with UM IP gateway "lync.schertz.local"." Regardless of how the Active Directory contact was named when created by the OCSUmUtil utility the incoming call will append the name of the contact to the Pilot Identifier string. Calls to the Subscriber Access number will only use the Dial Plan name (e.g. ExchangeUM) which successfully match the Pilot Identifier string set on the UM Hunt Group which was automatically created by running the ExchUtil.ps1 script.

Resolution
Update: Thanks to a recent comment it was brought to my attention that the original workaround in this article (which I have left in for posterity, but has been struck-through) was actually routing both calls to the Subscriber Access attendant. I just verified the call completed and not listened to the greeting to notice this behavior. So I revisited the original issue, and with the help of an extra set of eyes realized that the root cause was I had used a space in the name of the Exchange Auto Attendant (as seen in the Application log error above). Doh. Spaces will get you every time. To resolve the issue simply delete the existing auto attendant in Exchange and then recreate it using the same settings, but omitting any spaces (and probably avoid other non alpha-numeric characters for good measure). The example below shows a supported AA name of AutoAttendant.

Although it may not have been necessary I also recreated the SA contact object in AD using OCSUmUtil.exe and then restarted the MSExchangeUM service on the Exchange UM server. At this point calls to both the SA and the AA functioned correctly.