||Posted 3 years 53 days ago ago by Christian Burke 0 Comments
16 Loved it
I was recently called upon to help locate the MISSING Online Meeting icon in Outlook Web App when a user mailbox is homed in Exchange Online (Office 365) and the Lync account is located in Lync 2013 On-Premises. For clarification, the icon is supposed to be here:
That little guy in the pink box is simply missing in Exchange Online.
To be specific:
- If you are running Exchange Hybrid, any users homed in Exchange On-Prem work fine, if you followed the normal Exchange/Lync OAuth configuration setup. It’s well documented out there, so I won’t cover that in this article. Although if you’re thinking there is a similar step to this one in getting the Exchange Online/Lync 2013 On-Premises scenario working, you are right!
- It is also assumed that if you are doing Exchange Hybrid and Lync Hybrid or simply Exchange Online and Lync Online, and your user mailbox is homed in Exchange Online and the user is homed in Lync Online, then you should already be able to see the icon as well. If not, that’s a call for the Office 365 team.
The reason this little icon is missing is because the OAuth Certificate handshake between Exchange Online and Lync 2013 On Premises has not been completed. Whether you noticed or not, the OAuth handshake between Exchange Online and Exchange 2013 On Premises is actually done as a handful of steps in the Exchange Hybrid Wizard. In fact, if you want to see the GUI steps in all their glory, “modify” the Hybrid deployment and select a different SSL certificate when prompted, and you will see the steps before your eyes. For some reason, in the initial Hybrid setup, you don’t actually see the steps.
But, in the Exchange Online / Lync On Premises part, there is no wizard. In fact, the only article that refers to it whatsoever is this bullet ridden article http://technet.microsoft.com/en-us/library/jj204990.aspx. The content is actually all there, but key descriptors are missing which help ensure that the deployment is done successfully. As I found out, one misinterpretation, and the whole thing will fail, and you won’t notice a thing. The “Online Meeting” icon simple won’t be there.
So, basically, I’m going to rewrite the Technet article so there is much less chance of error. Cool? Here goes…
OK, first things first, we need to gather a little data and get a few bits and pieces together.
Export your Lync On-Premises OAuth Certificate
In the Lync Server 2013 Certificate Wizard, locate your OAuthTokenIssuer certificate you created during Lync installation and note the Serial Number of the certificate.
Go to your Certificates Snapin and locate the correct OAuth certificate in your Personal Certificates store. I asked you to grab the serial number in the previous step just in case you have duplicates in your store like I do. We definitely want to make sure we get the correct one.
Now, right-click on the correct certificate, select Export to open up the Certificate Export Wizard.
Do NOT import the private key,
Save it as DER encoded,
And save it to a directory of your choice,
Record Your Lync External Web Services Name
Launch your Lync 2013 On-Premises Topology Builder and locate your External Web Services Name and write it down for future use:
Locate your TenantID
Launch your Azure/Office 365 Tenant PowerShell
I typically open the Windows Azure Active Directory module that I installed when building my Office 365 tenant. There are tons of tutorials out there. Once that’s done, here are the commands I put in to get to the PowerShell mode I need to get to
$cred = Get-Credential
$CSSession = New-CsOnlineSession -Credential $cred
Import-PSSession $CSSession -AllowClobber
This is what it looks like once you’re all logged in,
Run the command:
Locate the TenantId and save it somewhere:
Mine is 7daef689-b41b-4224-873c-07fd61665810
Clean up Old Entries (if necessary)
Run the command:
Make sure you don’t have an Identity named microsoft.sts. If you do (like I do in the above picture), delete it with:
Remove-CsOauthServer –Itentity microsoft.sts
Now, run the following command:
Go through the same exercise to see if “microsoft.exchange” is already there. If it is, delete it by entering the following command:
Remove-CsPartnerApplication – Identity microsoft.exchange
Create New OAuth Server
Using the TenantId you located in an earlier step, in a text editor, modify the command below to include your TenantId:
New-CsOAuthServer -Identity microsoft.sts -metadataurl "https://accounts.accesscontrol.windows.net/7daef689-b41b-4224-873c-07fd61665810/metadata/json/1"
Go ahead and run the command in your PowerShell window. The results should look like this:
Create New Partner Application
Run the following TWO commands in your Azure PowerShell window:
New-CsPartnerApplication -Identity microsoft.exchange -ApplicationIdentifier 00000002-0000-0ff1-ce00-000000000000 -ApplicationTrustLevel Full -UseOAuthServer
Set-CsOAuthConfiguration -ServiceName 00000004-0000-0ff1-ce00-000000000000
The results of the last few commands can be verified by running the following command: