Search

SOLVED: Online Meeting Icon Missing from OWA in Exchange Online

Posted 2 years 299 days ago ago by Christian Burke     0 Comments

16 Loved it Love It Hate It

I was recently called upon to help locate the MISSING Online Meeting icon in Outlook Web App when a user mailbox is homed in Exchange Online (Office 365) and the Lync account is located in Lync 2013 On-Premises.  For clarification, the icon is supposed to be here:

Screenshot_070814_071051_AM


That little guy in the pink box is simply missing in Exchange Online. 

To be specific:

  1. If you are running Exchange Hybrid, any users homed in Exchange On-Prem work fine, if you followed the normal Exchange/Lync OAuth configuration setup.  It’s well documented out there, so I won’t cover that in this article.  Although if you’re thinking there is a similar step to this one in getting the Exchange Online/Lync 2013 On-Premises scenario working, you are right!
  2. It is also assumed that if you are doing Exchange Hybrid and Lync Hybrid or simply Exchange Online and Lync Online, and your user mailbox is homed in Exchange Online and the user is homed in Lync Online, then you should already be able to see the icon as well.  If not, that’s a call for the Office 365 team. 

The Theory

The reason this little icon is missing is because the OAuth Certificate handshake between Exchange Online and Lync 2013 On Premises has not been completed.  Whether you noticed or not, the OAuth handshake between Exchange Online and Exchange 2013 On Premises is actually done as a handful of steps in the Exchange Hybrid Wizard.  In fact, if you want to see the GUI steps in all their glory, “modify” the Hybrid deployment and select a different SSL certificate when prompted, and you will see the steps before your eyes.  For some reason, in the initial Hybrid setup, you don’t actually see the steps.

But, in the Exchange Online / Lync On Premises part, there is no wizard.  In fact, the only article that refers to it whatsoever is this bullet ridden article http://technet.microsoft.com/en-us/library/jj204990.aspx.  The content is actually all there, but key descriptors are missing which help ensure that the deployment is done successfully.  As I found out, one misinterpretation, and the whole thing will fail, and you won’t notice a thing.  The “Online Meeting” icon simple won’t be there.

So, basically, I’m going to rewrite the Technet article so there is much less chance of error.  Cool?  Here goes…

Step-By-Step

OK, first things first, we need to gather a little data and get a few bits and pieces together.

Export your Lync On-Premises OAuth Certificate

In the Lync Server 2013 Certificate Wizard, locate your OAuthTokenIssuer certificate you created during Lync installation and note the Serial Number of the certificate.

image

Go to your Certificates Snapin and locate the correct OAuth certificate in your Personal Certificates store.  I asked you to grab the serial number in the previous step just in case you have duplicates in your store like I do.  We definitely want to make sure we get the correct one.

image

Now, right-click on the correct certificate, select Export to open up the Certificate Export Wizard.

image

Do NOT import the private key,

image

Save it as DER encoded,

image

And save it to a directory of your choice,

image

Record Your Lync External Web Services Name

Launch your Lync 2013 On-Premises Topology Builder and locate your External Web Services Name and write it down for future use:

Untitled_Clipping_071014_072152_AM

Locate your TenantID

Launch your Azure/Office 365 Tenant PowerShell

I typically open the Windows Azure Active Directory module that I installed when building my Office 365 tenant.  There are tons of tutorials out there. Once that’s done, here are the commands I put in to get to the PowerShell mode I need to get to

Import-Module LyncOnlineConnector

$cred = Get-Credential

$CSSession = New-CsOnlineSession -Credential $cred

Import-PSSession $CSSession -AllowClobber

image

This is what it looks like once you’re all logged in,

image

Run the command:

Get-CsTenant |fl

Locate the TenantId and save it somewhere:

Screenshot_071014_064015_AM

Mine is 7daef689-b41b-4224-873c-07fd61665810

Clean up Old Entries (if necessary)

Run the command:

Get-CsOauthServer

Untitled_Clipping_071014_064416_AM

Make sure you don’t have an Identity named microsoft.sts.  If you do (like I do in the above picture), delete it with:

Remove-CsOauthServer –Itentity microsoft.sts

Now, run the following command:

Get-CsPartnerApplication

image

Go through the same exercise to see if “microsoft.exchange” is already there.  If it is, delete it by entering the following command:

Remove-CsPartnerApplication – Identity microsoft.exchange

Create New OAuth Server

Using the TenantId you located in an earlier step, in a text editor, modify the command below to include your TenantId:

New-CsOAuthServer -Identity microsoft.sts -metadataurl "https://accounts.accesscontrol.windows.net/7daef689-b41b-4224-873c-07fd61665810/metadata/json/1"

Go ahead and run the command in your PowerShell window.  The results should look like this:

image

Create New Partner Application

Run the following TWO commands in your Azure PowerShell window:

New-CsPartnerApplication -Identity microsoft.exchange -ApplicationIdentifier 00000002-0000-0ff1-ce00-000000000000 -ApplicationTrustLevel Full -UseOAuthServer

Set-CsOAuthConfiguration -ServiceName 00000004-0000-0ff1-ce00-000000000000

The results of the last few commands can be verified by running the following command:

Get-CsOAuthConfiguration