Integrating Lync with Exchange 2010 SP1

By Chris Blackburn

I’m working on a large OCS->Lync / Exchange 2007->Exchange 2010 migration for a client, and on top of that they’re also deploying full VOIP – Polycom Lync Phone edition sets, SIP trunks through Broadvox, the works. Part of the big selling point was that they had been using OCS for instant messaging, and now that they are on Lync (with full external access, meaning IM anywhere in the world without a VPN) being able to have that internal presence anywhere, including OWA, just adds icing onto the cake.

While there are a number of articles that review this process, I’ve had the chance to digest the dozen or so and simplify them (especially getting the right prerequisite downloads) into an easy to follow process. Now when I implement the next one, I can have it done in “10 minutes or less”.

Download the from my SkyDrive. This takes an hour or more of frustration out of the equation by getting the right ones to work with Windows 2008 R2.

Install each prerequisite on each Exchange CAS server, in the numbered order. For an Exchange 2010 server on Windows 2008 R2, chances are you probably wont have to install the Visual C++ runtime or .NET 3.5 Framework.

NOTE: If you have difficulties installing the UCMARedist.msi prerequisites, changes are that you have the .NET 4.0 Framework installed. You’ll need to uninstall this as well as the .NET 4.0 Client Profile and then try again.

Run the following Powershell command on each CAS server to enable the IM directory. Make sure you are using your permanent certificate on your Exchange CAS server, as this recycles its use for IM:

$cert = (Get-ExchangeCertificate |  Where-object {$_.Services -like “*IIS*”}).Thumbprint

Get-OWAVirtualDirectory | Set-OWAVirtualDirectory -InstantMessagingType OCS -InstantMessagingEnabled:$true -InstantMessagingCertificateThumbprint $cert -InstantMessagingServerName pool.domain.local

Where pool.domain.local is your Lync front end pool.

NOTE: If you get the message:

Property InstantMessagingType can’t be set on this object because it requires the object to have version 0.10 ( or later. The object’s current version is 0.1 (8.0.535.0)

This can be safely ignored, because this command also runs against any other Exchange OWA virtual directory in the forest. In my case, I still have an Exchange 2007 server I am working to decommission. Open the Event Viewer on your Exchange 2010 server and under the Application and Service Logs/MSExchange Management you’ll see something like this:

Cmdlet failed. Cmdlet Set-OwaVirtualDirectory, parameters {InstantMessagingType=Ocs, InstantMessagingEnabled=True, InstantMessagingCertificateThumbprint=F268BF860DF233F8ACFE23A92E26D5C2F45D1439, InstantMessagingServerName=pool.domain.local, Identity=E2010SVR\owa (Default Web Site)}.

Note here that the “Identity” is the old mail server (E2010SVR\owa)

Now let’s setup the the trusted application within Lync! We have two options: GUI & Powershell


  • Log into the Lync Topology builder.
  • Open your site and then under the Trusted Application Servers, click New Trusted Application Servers.
  • Complete the short wizard, entering the CAS server/CAS array FQDN, then selecting the Lync Front End Pool as the Trusted Application Pool.
  • Publish the topology to your Lync environment.


New-CsTrustedApplicationPool -Identity cas.domain.local -Site 1 -Registrar pool.domain.local -RequiresReplication $false

Where cas.domain.local is the name of your Exchange CAS server, and pool.domain.local is the name of your Lync pool. For the Site number, use Get-CSSite in the Lync Management Shell in order to get the site number. 1 is the default and will work in probably 99% of the deployments

Next, on the Lync Front End let’s create the trusted application. In the Lync Management Shell, and enter the following command:

New-CsTrustedApplication -ApplicationID ExchangeOutlookWebApp -TrustedApplicationPoolFqdn cas.domain.local -Port 9898


Where cas.domain.local is your CAS server/CAS array FQDN, and the Port is any number 9898 is any free port you want to use. Just make sure that either:

    • The port is open in the Windows firewall, or the IIS Worker Process is added as an exception
    • The Windows Firewall is turned off

Once those commands have been executed, fire up OWA and log in. The contact list should appear and be populated with your contacts, plus user’s “presence” will appear in messages!



2 Comments Leave a comment

  1. Chris,
    Nice work on this. I’m curious, you didn’t mention resetting IIS on the CAS servers. Did you have to do this in your implementation? Also, nice last name 😉

    • Thanks Ryan (and yes, great last name!)
      I didn’t have to reset the services but YMMV – probably not a bad thing to do!

Share your thoughts