Howdy,

I have been working on this article for a while now I wanted to make another complete how-to guide about integrating Skype for Business with the new Exchange 2016 server where you will find a simple step by step on how to integrate both platforms in every way possible.

This article will assume you already have a running Skype for Business & Exchange 2016 infrastructures and working without errors or problems, I will not go into how to install Exchange or Skype for business server, there is a lot of good articles and videos out there for that.

What is New with Exchange 2016 Architecture

So if you don’t know already Microsoft Exchange 2016 is out and available for download and installation, Microsoft had yet again made some changes in different areas and I will go into some of what I find relative (at least for me 😛 )

Exchange 2016 Architect

So in Exchange 2010 we had 4 server roles (CAS, MBX, HT and Edge), then with Exchange 2013 this number of roles got reduced to 3 server roles (CAS, MBX and Edge), now with Exchange 2016 Microsoft finally made it more simple by reducing the number of server roles to…. yes, you guessed right 2 server roles only:

  • Mailbox: which include basically all known component found in Exchange 2013 & 2010 as in Client access services, Hub Transport services, Mailbox services and the Unified messaging services.
  • Edge: is same role which is deployed in the DMZ network of your organization and handle the internet facing mail flow and act as additional protection layer for the emails.

Client Access Protocols:

MAPI over HTTP is now the default Outlook protocol used to connect to Exchange 2016 server by utilizing industry standards HTTP model, good thing is if you did not enable MAPI over HTTP in your infrastructure, Outlook will fail back to RPC over HTTP to connect to Exchange.

Outlook on the Web:

Have no idea why Microsoft renamed it but it includes now a lot of new features that available only if you have Exchange 2016 server installed

For a list of all new changes in Exchange 2016 check Microsoft TechNet article here

Before Integrating

Before I start with explaining how to integrate Skype for business and Exchange 2016, there is a couple of things you need to make sure are configured correct and that your Skype for Business and Exchange 2016 infrastructures are ready for the integration, this is usually done in two steps:

  1. Make sure your Server-to-Server authentications are working
  2. Make sure Exchange Autodiscover services are configured correctly.

Server-To-Server Authentication

In order for the integration to work, Skype for Business server and Exchange server need to be able to communicate and exchange information between each other in a secure way, this is done of course by using SSL certificates and assign them to the required services.

Exchange Side

By default, a self-signed SSL Certificate (Microsoft Exchange Auth Certificate) is installed on the Exchange server after you have deploy it, this certificate is used for server-to-server authentication on the Exchange side

Skype for Business side

When installing Skype for business server you have to request a certificate for SkypeFB web services which can be also used for the OAuthTokenIssuer for server-to-server communication as long as you use this SSL certificate on all your Front end servers, so by doing so your Skype for Business side is also ready.

Use the PowerShell command to make sure OAuthTokenIssuer certificate is configured correctly on your Skype for Business Frontends

> Get-CsCertificate -Type OAuthTokenIssuer

If you don’t have a certificate, use Skype for Business deployment wizard to request and/or assign certificate to the OAuthTokenIssuer, more details can be found here

Configure Exchange Autodiscover

As I said, I’m assuming your Exchange 2016 is up and running without problems, but just in case you are a consultant working on customer sites, make sure the Exchange Autodiscover is configured correctly this is done by checking two areas:

  1. DNS records
  2. Exchange 2016 CAS Services
DNS Records

Make sure there is A-record for Autodiscover.domain pointing to the Exchange 2016 Mailbox server(s)

Also make sure there is SRV-records configured and resolving to autodiscover.domain

Exchange CAS Services

Make sure that the Autodiscover services on the Exchange 2016 CAS services is configured correctly, this is easily done by using our friend…PowerShell

Use the following PowerShell command line to see if the CAS services have the Autodiscover URL defined correctly

P.S. Remember that with Exchange 2016 the command line changed from Set-ClientAccessServer to Set-ClientAccessService

> Get-ClientAccessService | Select-Object Name, AutoDiscoverServiceInternalUri | Format-List

If AutodiscoverServiceInternalUri have the wrong Url like I do, then you must configure it using the following command

> Set-ClientAccessService -Identity <Exchange MBX> –AutoDiscoverServiceInternalUri “https://autodiscover.domain/autodiscover/autodiscover.xml”

Next you need to make sure that OAuthTokenIssuer is configured so that Skype for Business frontend can find the Exchange Autodiscover services, use the following command to see if OAuthTokenIssuer have Exchange Autodiscover URI defined.

> Get-CsOAuthConfiguration

If the Exchange Autodiscover URL have no value, then use the following command to define it so that Skype for business can find Exchange Autodiscover

> Set-CsOAuthConfiguration -Identity global -ExchangeAutodiscoverUrl “

Integrate Skype for Business & Exchange 2016

Now that we have everything ready for the integration and we made sure that both platforms are ready, it is time that we start with the integration itself, this will be first by configuring each server to be a Partner Application to the other one.

Configure a Partner Application (need IIS reset)

To allow server-to-server authentication between Skype for business and Exchange 2016 mailbox server you need to configure skype for business to be partner application for Exchange server and vice versa.

Configure Skype for Business to be Partner Application for Exchange 2016

This is done by using the Configure-EnterprisePartnerAppliation script that is shipped with Microsoft Exchange 2016, you will need the metadata URL for the authentication of your Skype for Business Frontend, should be in the following format

https://<poolFQDN>/metadata/json/1

so the full command line should be as following:

>Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl “https://<poolFQDN>/metadata/json/1″ -ApplicationType Lync

Do a quick IIS reset quickly here 🙂

Configure Exchange 2016 server to be Partner application for Skype for Business

This is done by using the PowerShell command line New-CsPartnerApplication and also you will need the metadata authentication URL of the Exchange server which should be in the following format

https://autodiscover.domain/autodiscover/metadata/json/1

test the connection to the URL from your Skype for Business frontend by opening a browser and putting the URL in it, should get the following result

Now that all is working, time to add the Partner application, fire up the Skype for Business Management Shell and use the following command line

> New-CsPartnerApplication -Identity Exchange -ApplicationTrustLevel Full -MetadataUrl https://autodiscover.<domain>/autodiscover/metadata/json/1

Now test the connection by using

> Test-CsExStorageConnectivity -SipUri “user@domain” –Verbose

Should get something like following and say test-passed J

Enabling Skype for Business for Outlook on the Web (require IIS restart)

Configure Exchange

Before we go in I want to send a special thanks to Benoit Hamet, his article helped with some parts of this section.

On the Exchange 2016 Mailbox server run the following command line to get the Thumbprint of the SSL certificate assigned to your IIS services

Get-ExchangeCertificate

Copy the Thumbprint and keep it ready, now edit the web.config (don’t forget to back it up) file located in:

Now with Exchange 2016 it is much simpler to integrate Skype for Business with Outlook on the Web, using PowerShell

> New-SettingOverride -Name <Name> -Component OwaServer -Section IMSettings -Parameters @(“IMServerName=<SkypeFB Frontend FQDN/Pool FQDN>”,”IMCertificateThumbprint=<Thumbprint You kept aside>”) -Reason “Configure IM” -MinVersion “15.01.0225.41”

so in my case it was as following

Now refresh the configuration using:

Get-ExchangeDiagnosticInfo -Server $ENV:COMPUTERNAME -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh

Now last thing to do is to restart the Outlook on Web Application:

> Restart-WebAppPool MSExchangeOWAApppool

Now enable Instant messaging on Outlook on the web (I need to get use to this new name), this is done by of course PowerShell

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InstantMessagingEnabled $True -InstantMessagingType OCS

Outside point: I wonder when microsoft will change the value of Instant Messaging Type to SkypeFB instead of OCS J

Double check that all is good by running the Get-OwaVirtualDirectory | FL command and check the value of the two properties

Now allow Instant messaging on the Outlook on the web policy, also using PowerShell command line, I will allow it on the default global policy, if your organization have number of OWA policies, then you should allow it only on the one you want

> Set-OwaMailboxPolicy -Identity “Default” -InstantMessagingEnabled $True -InstantMessagingType “OCS”

Configure Skype for Business

Now the Skype for Business frontend server part, you need to add the Outlook on the web App pool as a trusted application to the Skype for Business topology which is done basically by running 4 PowerShell command lines in the following sequence:

Get the site-id of your Skype for business by running the following command

> Get-CsSite | Select-Object DisplayName, SiteID

take a copy of it and keep it a side, you will need it in the next command line

create a trusted application pool using following command:

New-CsTrustedApplicationPool -Identity <owa FQDN> -Registrar <Pool FQDN> -Site <Site name> -RequiresReplication $False

when asked to confirm, type A and hit Enter

Now add trusted application to the trusted application pool you just created

> New-CsTrustedApplication -ApplicationId OutlookWebApp -TrustedApplicationPoolFqdn <ApplicationPool you created> -Port 5199

Now for all to take effect you need to publish the topology:

> Enable-CsTopology

And with this you integrated Skype for business with outlook on the web, log in to outlook on the web and test

owa

See you in part II