So your making use of all those new products, Lync 2013, Exchange 2013 and SharePoint 2013 but now comes the task of Lync2013integration. So lets make a start and configure the basics so that Lync 2013can use Exchange 2013 for Archiving and Contact Storage (UCS).
Pre-requisites
Lab Setup
Server Name | IP Address | Description |
EXCH-FE | 10.20.12.21 | Exchange 2013 Front End Server |
EXCH-BE | 10.20.12.22 | Exchange 2013 Back End Server |
LYNC-01 | 10.20.12.31 | Lync 2013 Enterprise Front End Server |
LYNC-02 | 10.20.12.32 | Lync 2013 Enterprise Front End Server |
SQL-01 | 10.20.12.41 | SQL 2012 Server |
DNS Records
These additional DNS records were created
Record Name | Record Type | Record Value |
Autodiscover | A | 10.20.12.21 |
LyncDiscoverInternal | CNAME | LyncPool |
LyncPool | A | 10.20.12.31 |
LyncPool | A | 10.20.12.32 |
Exchange Server
Firstly we need to ensure that the Exchange Auto discover is setup and working correctly as this is what Lync 2013 will use to discover Exchange services. So a quick PowerShell to enumerate the settings and URLs:
Get-ClientAccessServer |fl name, AutoDiscoverServiceInternalUri
We need to check that the AutoDiscoverServiceInternalUri does have a value, that it is one we want and that it is defined in the SAN entry of our Exchange Front End Certificate. If we have to make any changes we can run the following to change all our Exchange Front End Servers to use a new Auto Discover URL.
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.domain.com/autodiscover/autodiscover.xml
Lync Server
Now that our Exchange Server is configured we need to configure OAuth on the Lync Server and point it to the Auto discover service endpoint on the Exchange Front End Server. This will ensure that Server to Server authentication will function between Lync and Exchange. We run the following PowerShell however the Identity parameter isn’t strictly necessary as there can only be one OAuth configuration and that is the global one.
Set-CsOAuthConfiguration -Identity global -ExchangeAutodiscoverUrl https://autodiscover.domain.com/autodiscover/autodiscover.svc
[notice]Note the ending of the URL is autodiscover.svc NOT autodiscover.xml[/notice]
Partner Applications
In above we configured the basics to allow authentication between Lync and Exchange, now we need to configure a partner application on the Exchange Server for Lync and Vice Versa. On our Exchange Server we first need to check that we can access the xml for the below URL with no certificate errors:
https://lyncfrontendname.domain.com/metadata/json/1
If we get no errors we can proceed to the next step and configure a Partner Application on our Exchange Server using the following script:
cd "C:\Program Files\Microsoft\Exchange Server\V15\Scripts\"
.\Configure-EnterprisePartnerApplication.ps1 -AuthMetaDataUrl 'https://lyncfrontendname.domain.com/metadata/json/1' -ApplicationType Lync
Once this has run it is best to run a quick iisresetWe have Exchange looking at Lync as a Partner so now over to our Lync Server.On ourLync Server we need to check that we can access the xml for the below URL with no certificate errors:
https://autodiscover.domain.com/autodiscover/metadata/json/1
If we get no errors we can proceed to the next step and configure a Partner Application on our Lync Server to point at Exchange:
New-CsPartnerApplication -Identity Exchange -ApplicationTrustLevel Full -MetadataUrl "https://autodiscover.domain.com/autodiscover/metadata/json/1"
That’s it, all that is left to dois a quick test of our new found connectivity, we will use a test user that has been enabled for Lync:
Test-CsExStorageConnectivity -SipUri "sip:testuser1@domain.com"
Lync Policies
Controlling Unified Contact Store (UCS)The default setting for UCS is enabled and hence once we have configured the Partner Applications all clients will begin to migrate there Lync contacts to Exchange. However if you want to control who is going to be able to use UCS we can disable it globally:
Set-CsUserServicesPolicy -Identity global -UcsAllowed $False
Then create a user level policy and assign it to users on an individual basis:
New-CsUserServicesPolicy -Identity "AllowUnifiedContactStore" -UcsAllowed $True
Grant-CsUserServicesPolicy -Identity "Test User1" -PolicyName "AllowUnifiedContactStore"
Now we can test our user for UCS:
Test-CsUnifiedContactStore -UserSipAddress "sip:testuser1@domain.com" -TargetFqdn "lyncpool.domain.com"