• Article

Step 1. Configure Exchange UM to Work with Communications Server

Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

Important

If you are not using Exchange UM to provide call answering, Outlook Voice Access, or auto-attendant services for Enterprise Voice (as might be the case, for example, if you deploy Communications Server in a PBX coexistence scenario), skip this step and proceed to Step 2. Create Location Profiles.

The following tools must be available on each Exchange UM SP1server:

  • The Exchange Server 2007 SP1 Management Shell (also known as the "Power Shell" or "Monad Shell"), which is a snap-in for the Windows PowerShell.

  • The script exchucutil.ps1, which performs the following tasks:

    • Creates a UM IP gateway for each Communications Server 2007 Enterprise Pool.

    • Creates a hunt group for each gateway. (The pilot identifier of each hunt group specifies the UM dial plan used by the Enterprise Pool that is associated with the gateway.)

    • Grants Communications Server permission to read Exchange UM objects in Active Directory.

The script exchucutil.ps1 is by default installed in <exchange_install_directory>\Scripts\.

Requirements and Recommendations

Before you begin:

  • Make sure that you have deployed the following Exchange server roles either (in the same or a different forest as Communications Server 207): Hub Transport, Client Access, Mailbox, and Unified Messaging. For information about deploying Exchange Server 2007 SP1, see Exchange Server 2007 SP1 product documentation at https://r.office.microsoft.com/r/rlidOCS?clid=1033&p1=ExcProdDoc.

  • Read Plan for Exchange Server 2007 SP1 Unified Messaging in Office Communications Server. Integrating Exchange UM and Communications Server requires careful planning and a clear understanding of the technologies involved, the features you want to enable, and important configuration details that you must be aware of to successfully complete your deployment.

Also note the following:

  • If Exchange UM is installed in multiple forests, the Exchange integration steps must be performed for each UM forest. In addition, each UM forest must be configured to trust the forest in which Communications server is deployed.

  • The integration steps are performed on both Exchange UM server and Communications Server. You should perform the Exchange UM integration steps before you do the Communications Server integration steps.

  • For an overview of the Exchange 2007 SP1 UM integration process, descriptions of supported topologies, and a list of planning tasks, see Plan for Exchange Server 2007 SP1 Unified Messaging in Office Communications Server. You are strongly urged to read this topic before you begin the following procedures.

Overview

Configuring Exchange UM to work with Enterprise Voice consists of the following tasks:

  • Creating one or more UM dial plans as needed, and then creating corresponding location profiles.

  • Creating a SIP URI for each user and associating users with a UM dial plan.

  • Using the exchucutil.ps1 script to:

    • Create UM IP gateways.

    • Create UM hunt groups.

    • Grant Communications Server permission to read UM Active Directory objects.

  • Creating a UM auto-attendant object.

Configuring Exchange UM using Exchucutil.ps1

Use the following steps to configure Exchange UM to work with Office Communications Server 2007.

You can perform this procedure using either the Exchange Management Console or the Exchange Management Shell command line. For information about how to use these management tools, see your Exchange 2007 SP1 documentation.

Important

The commands shown in the following procedure are examples only. You need to modify them to fit your particular configuration and requirements.

To configure an Exchange 2007 SP1 UM Server

  1. Create a UM dial plan for each of your Enterprise Voice location profiles. If you choose to use the Exchange Management Console, create a new dial plan with the security setting SIP Secured. If you use the Exchange Management Shell, type the following script:

    new-umdialplan -name <dial plan name> -UriType "SipName" -VoipSecurity <SIPSecured|Secured> -NumberOfDigitsInExtension <number of digits> -AccessTelephoneNumbers <access number in E.164 format>

    Important

    The dial plan name that you create must also be a valid Communications Server location profile name. Therefore, it must contain no more than 256 alphanumeric characters and must not contain spaces or special characters other than hyphens (-) or periods (.).

    Note

    Whether you select a security level of SIPSecured or Secured depends on whether SRTP is activated or deactivated for media encryption. For guidance information about selecting the appropriate VoipSecurity setting, see Security Levels in Plan for Exchange Server 2007 SP1 Unified Messaging in Office Communications Server.

  2. Obtain the FQDN for each UM dial plan.

    (Get-UMDialPlan <dialplanname>).PhoneContext

  3. Record the dialplanname of each UM dial plan. You will use the FQDN of each dialplanname later as the name of each UM dial plans corresponding Communications Server location profile.

  4. Add the dial plan to the UM server. If you choose to use the Exchange Management Console, you can add the dial plan from the property sheet for the server. For specific instructions, see your Exchange 2007 SP1 documentation. If you use the Exchange Management Shell, type the following script:

    $ums=get-umserver; 
$dp=get-umdialplan -id <name of dial-plan created in step 1>; 
$ums.DialPlans +=$dp.Identity; 
$ums | set-umserver

    Note

    Before performing the following step, make sure that all Enterprise Voice users have been configured with an Exchange 2007 or SP1 mailbox. For information about configuring users with a mailbox, see Exchange Server 2007 product documentation at https://r.office.microsoft.com/r/rlidOCS?clid=1033&p1=ExcProdDoc.
    When specifying a mailbox policy for each dial plan that you created in step 1, select either the default policy or one that you have created.

  5. Navigate to <Exchange installation directory>\Scripts, and then if Exchange is deployed in a single forest, type:

    exchucutil.ps1
exchucutil.ps1 -verify

    If Exchange is deployed in multiple forests, type:

    exchucutil.ps1 -Forest:"<forest FQDN>" for multiple forest deployments

    where forest FQDN specifies the forest in which Office Communications Server is deployed. If you have one or more UM dial plans that are associated with multiple IP gateways, continue with step 6. If your dial plans are each associated with only a single IP gateway, skip step 6.

  6. Using either the Exchange Management Shell or Exchange Management Console, disable outbound calling for all but one of the IP gateways associated with each of your dial plans.

    Note

    This step is necessary to ensure that outbound calls by Exchange UM to external users (as is the case, for example, with play-on-phone scenarios) reliably traverse the corporate firewall.

    Important

    When selecting the UM IP gateway through which to allow outgoing calls, choose the one that is likely to handle the most traffic In any case, do not allow outgoing traffic through an IP gateway that connects to a pool of Communications Server Directors.

    If you use the Exchange Management Shell, disable each IP gateway by running the following command:

    Set-UMIPGateway <gatewayname> -OutcallsAllowed $false

    If you use the Exchange Management Console, clear the Allow outgoing calls through this IP gateway check box, as shown in the following figure.

    166182c1-ad2a-422e-91c3-0cddeda5dbcc

    Important

    If your UM dial plan is associated with only a single IP gateway, do not disallow outgoing calls through this gateway.

  7. Create a UM auto-attendant for each Communications Server location profile.

    New-umautoattendant -name <auto attendant name> -umdialplan < name of dial plan created in step 1> -PilotIdentifierList <auto attendant phone number in E.164 format> -SpeechEnabled $true -Status Enabled

    The following step should be performed for each user after you have enabled Communications Server users for Enterprise Voice and know their SIP URIs.

  8. Associate Exchange UM users (each of whom should be configured with an Exchange 2007 mail box) with the UM dial plan and create a SIP URI for each user.

    Note

    The SIPResourceIdentifier in the following sample must be the SIP address of the Communications Server user.

    enable-ummailbox -id <user alias> -ummailboxpolicy <name of the mailbox policy for the dial plan created in step 1> -Extensions <extension> -SIPResourceIdentifier "<user alias>@<full domain name>" -PIN <user pin>

Configuring Certificates on the Exchange UM Server

Use the following procedures to configure the certificate on the Exchange UM server.

The Exchange Server must be configured with a server certificate in order to connect to Office Communications Servers:

  1. Download the CA certificate for the Exchange Server.

  2. Install the CA certificate for the Exchange Server.

  3. Verify that the CA is in the list of trusted root CAs of the Exchange Server.

  4. Create a certificate request for the Exchange Server and install the certificate.

  5. Assign the certificate for the Exchange Server.

To download the CA certificate for the Exchange 2007 SP1 UM Server

  1. Click Start, click Run, type http://<name of your Issuing CA Server>/certsrv, and then click OK.

  2. Under Select a task, click Download a CA certificate, certificate chain, or CRL.

  3. Under Download a CA Certificate, Certificate Chain, or CRL, select Encoding Method to Base 64 and click Download CA certificate.

  4. In the File Download dialog box, click Save. Save the .cer file to the hard disk on the server.

To install the CA certificate for the Exchange 2007 SP1 UM Server

  1. Open an MMC console. Click Start, and then click Run. In the Open box, type mmc, and then click OK.

  2. On the File menu, click Add/Remove Snap-in, and then click Add.

  3. In the Add Standalone Snap-ins box, click Certificates, and then click Add.

  4. In the Certificate snap-in dialog box, click Computer account, and then click Next.

  5. In the Select Computer dialog box, ensure that the Local computer: (the computer this console is running on) check box is selected, and then click Finish.

  6. Click Close, and then click OK.

  7. In the console tree, expand Certificates (Local Computer), expand Trusted Root Certification Authorities, and then click Certificates.

  8. Right-click Certificates, click All Tasks, and click Import.

  9. Click Next.

  10. Click Browse and locate the .cer file, and then click Next.

  11. Click Place All Certificates in the following store.

  12. Click Browse and select Trusted Root Certification Authorities.

  13. Click Next to verify the settings, and then click Finish.

To verify that the CA is in the list of trusted root CAs on the Exchange UM Server

  1. In the MMC console, expand Certificates (Local Computer), expand Trusted Root Certification Authorities, and then click Certificates.

  2. In the details pane, verify that your CA is on the list of trusted CAs.

To create a certificate request and install the certificate

  1. Click Start, click Run, type http://<name of your Issuing CA Server>/certsrv, and then click OK.

  2. Under Select a task, click Request a Certificate.

  3. Under Request a Certificate, click Advanced certificate request.

  4. Under Advanced Certificate Request, click Create and submit a request to this CA.

  5. Under Advanced Certificate Request, select Web server or another server certificate template configured for server authentication.

  6. Under Identifying Information for Offline Template, in the Name box, type the FQDN of the Exchange Server. You must enter the FQDN of the Exchange Server for communications to work.

  7. Under Key Options, click the Store certificate in the local computer certificate store checkbox.

  8. Click the Submit button in the bottom of the Web page.

  9. A dialog box will open asking for confirmation. Click Yes to continue to go to Certificate Issued page.

  10. Under Certificate Issued, click Install this certificate.

  11. A dialog box will open asking for confirmation. Click Yes.

  12. Verify that the page says "Your new certificate has been successfully installed."

  13. Submit this file to your CA (by e-mail or other method supported by your organization for your Enterprise CA). If your CA is configured for automatic approval, proceed to the next procedure. If your CA requires CA administrator approval to issue a certificate, the administrator must manually approve or deny the certificate issuance request on the issuing CA before you can assign it.

To assign the certificate for the Exchange 2007 SP1 UM Server

  1. Open the MMC console.

  2. In the console tree, expand Personal and then click Certificates.

  3. In the details pane, verify that personal certificate is displayed.

  4. Double click the certificate to read its details and ensure it is valid. It may take a few minutes before the certificate displays as valid.

  5. Restart the Microsoft Exchange Unified Messaging service. Exchange UM will automatically retrieve the correct certificate.

  6. Open Event Viewer and look for Event ID 1112. This event will specify what certificate Exchange UM has retrieved.