Deploying Office Web Apps Server for Lync2013 28 Sep 2012
The collaboration experience in Lync2013 is significantly improved over Lync2010 and this is largely due to the fact that Lync2013 now uses the Office Web Apps Server for content sharing and collaboration during Online Meetings. Using the new Office Web Apps Server, users can present rich Powerpoint presentations with thumbnail-based slide navigation, video and audio multimedia playback with support for H.264 up to 20MBs and slide animations support. This approach also allows mobile devices to access these presentations via the use of standard DHTML and JavaScript to broadcast PowerPoint presentations instead of customized DHTML and Silverlight as in Lync2010.
When a presenter uploads a powerpoint file, it first gets uploaded to the Lync2013 Data MCU which then returns a broadcast URL back to the Lync client. When the Lync client views the presentation, it goes to the broadcast URL and the Office Web Apps server retrieves the file from the Data MCU and displays it in an embedded browser frame back to the Lync client. All this is done via Web Open Platform Interface (WOPI). Attendees and Presenters can now even share OneNote for individual or collaborative note taking during the Online Meeting.
In order to use these new capabilities we must install Office Web Apps Server and configure Lync Server 2013 to communicate with Office Web Apps Server. This article provides information on how to install Office Web Apps server and then configure integration with Lync Server 2013. The overview of the steps are:
1. Prepare Server for Office Web Apps
2. Request & Assign Certificates for Office Web Apps
3. Install & Configure Office Web Apps Server
4. Verify Lync2013 integration with Office Web Apps Server
The diagram below gives an overview of how WAC works in a web conferencing session:
When a presenter uploads a powerpoint file, it first gets uploaded to the Lync2013 Data MCU which then returns a broadcast URL back to the Lync client. When the Lync client views the presentation, it goes to the broadcast URL and the Office Web Apps server retrieves the file from the Data MCU and displays it in an embedded browser frame back to the Lync client. All this is done via Web Open Platform Interface (WOPI). Attendees and Presenters can now even share OneNote for individual or collaborative note taking during the Online Meeting.
In order to use these new capabilities we must install Office Web Apps Server and configure Lync Server 2013 to communicate with Office Web Apps Server. This article provides information on how to install Office Web Apps server and then configure integration with Lync Server 2013. The overview of the steps are:
1. Prepare Server for Office Web Apps
2. Request & Assign Certificates for Office Web Apps
3. Install & Configure Office Web Apps Server
4. Verify Lync2013 integration with Office Web Apps Server
The diagram below gives an overview of how WAC works in a web conferencing session:
Step 1: Prepare Server for Office Web Apps
We will prepare a Windows Server 2008 R2 SP1 server for installation. For my lab I'm using the server FQDN of webapp.apbeta.local. After the server has successfully joined the domain, proceed to install the following pre-requisites in the order shown below:
.NET Framework 4.5
Windows Powershell 3.0 (requires restart)
KB2592525 (requires restart)
Next, we need to install the IIS7 Role with the required Role Services. The easiest way to do this is to open Windows Powershell and run the following commands:
> Import-Module ServerManager
> Add-WindowsFeature Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-App-Dev,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,Web-Security,Web-Windows-Auth,Web-Filtering,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Console,Ink-Handwriting,IH-Ink-Support
.NET Framework 4.5
Windows Powershell 3.0 (requires restart)
KB2592525 (requires restart)
Next, we need to install the IIS7 Role with the required Role Services. The easiest way to do this is to open Windows Powershell and run the following commands:
> Import-Module ServerManager
> Add-WindowsFeature Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-App-Dev,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,Web-Security,Web-Windows-Auth,Web-Filtering,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Console,Ink-Handwriting,IH-Ink-Support
After installing the necessary IIS roles, I would recommend restarting the IIS services by using the command "iisreset"
Step 2: Request & Assign certificate to Office Web Apps Server
On the Web Apps server, run the certificates mmc for the Local Computer. Then right-click on Personal and select All Tasks->Advanced Operations->Create Custom Request
In the Certificate Enrollment wizard, on the Before You Begin page, click Next. Then on the Select Certificate Enrollment Policy page, click Active Directory Enrollment Policy and then click Next. On the Custom Request page, in the Template drop-down list, select Web Server and then click Next.
On the Certificate Information page, in the window next to Details, click the double down chevrons and then click Properties. On the Certificate Properties page, on the Subject tab, under Subject name, in the Type drop-down list, select Common name. In the Value box, enter the FQDN of the webapp server eg. webapp.apbeta.local and then click Add. Under Alternative name, in the Type drop-down list, select DNS. In the Value box, type the FQDN of the webapp server and any other SAN names required for your SIP domain topology and then click Add.
Click the General tab and in the Friendly Name box, type a friendly name eg. Office Web Apps Certificate. This exact name is important, as you will need to refer to this certificate using its Friendly Name in a command line later. Click the Private Key tab, and then click the double-down chevron next to Key Options to expand the options. Select the Make private key exportable check box and then click OK.
Back on the Certificate Information page, click Next. On the Certificate Enrollment page, in the File Name box, type a filename eg. C:\WACert.req and then click Finish. Open the file in Notepad and copy all the contents
Start IE and navigate to your CA's web page eg. http://dc1.apbeta.local/certsrv and login if necessary. On the Welcome page, click Request a certificate. On the Request a Certificate page, click advanced certificate request. On the Advanced Certificate Request page, click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file. On the Submit a Certificate Request or Renewal Request page, right-click in the Saved Request window and then click Paste. In the Certificate Template drop-down list, select Web Server and then click Submit.
On the Certificate Issued page, click Download certificate and save the certificate to the local hard drive.
Finally, we import the certificate using the certificates MMC. Right-click Personal, click All Tasks, and then click Import. On the Welcome page, click Next. On the File to Import page, in the File name box, type the full pathname of the saved certificate and then click Next. On the Certificate Store page, leave the default settings and then click Next.
On the Completion page, click Finish.
Finally, we import the certificate using the certificates MMC. Right-click Personal, click All Tasks, and then click Import. On the Welcome page, click Next. On the File to Import page, in the File name box, type the full pathname of the saved certificate and then click Next. On the Certificate Store page, leave the default settings and then click Next.
On the Completion page, click Finish.
Step 3: Install & Configure Office Web Apps Server
Download the Microsoft Office Web Apps Server Preview from http://www.microsoft.com/en-us/download/details.aspx?id=30358. This is a WIM file so you need to burn the image to DVD using the Windows 7 built-in DVD burner or some other tool. After loading the DVD into the server, double click setup.exe to start the installation. In the Microsoft Office Web Apps wizard, select the I accept the terms of this agreement check box and then click Continue.Then on the Choose a file location page, leave the default settings and then click Install Now. When on the Completion page, click Close.
Next, start a Windows Powershell session and run as administrator. Run the following command to load the Office Web Apps Windows Powershell module:
> Import-Module 'C:\Program Files\Microsoft Office Web Apps\AdminModule\OfficeWebApps'
Then create the new Web Apps farm:
> New-OfficeWebAppsFarm -InternalUrl https://webapp.apbeta.local -ExternalUrl https://webapp.apbeta.local
–CertificateName “Office Web Apps Certificate” –AllowHttp
Remember to replace the internal/external URLs in the above command with your own and specify the correct friendly certificate name created in step 2.
> Import-Module 'C:\Program Files\Microsoft Office Web Apps\AdminModule\OfficeWebApps'
Then create the new Web Apps farm:
> New-OfficeWebAppsFarm -InternalUrl https://webapp.apbeta.local -ExternalUrl https://webapp.apbeta.local
–CertificateName “Office Web Apps Certificate” –AllowHttp
Remember to replace the internal/external URLs in the above command with your own and specify the correct friendly certificate name created in step 2.
Note: If you encounter any internal errors running the OfficeWebApps cmdlets, you need to go to C:\windows\Microsoft.NET\Framework\v4.0.30319 and run
> aspnet_regiis.exe -iru
> iisreset /restart /noforce
To verify that the Office Web App server is wroking, start IE and navigate to https://webapp.apbeta.local/hosting/discovery (replace with your server FQDN) and you should see the following XML page:
> aspnet_regiis.exe -iru
> iisreset /restart /noforce
To verify that the Office Web App server is wroking, start IE and navigate to https://webapp.apbeta.local/hosting/discovery (replace with your server FQDN) and you should see the following XML page:
Step 4: Verify Lync2013 Server integration with Office Web Apps
If you folowed the steps in my previous article http://www.ucprimer.com/lync2013-preview-deployment-walkthru.html then the Web Apps server will already have been defined in the Lync Topology. If not, then you need to open Topology Builder and define a new Office Web Apps server under Shared Components and publish the topology.Ensure the FQDN of the Web App server matches what is defined in the topology. It should look similar to the following:
On the Lync2013 Preview FE server, start the Event Viewer, expand Applications and Services Logs and then click Lync Server. In the Lync Server event logs, find the newest event with the ID of 41032 with the source of LS Data MCU and view its properties. If Lync has successfully integrated with Office Web Apps, it should look similar to the following screenshot:
Update Dec2012:
For non-domain joined PCs running Lync2013, attempting to share Powerpoint content will result in a “There was a problem verifying the certificate from the server. Please contact your support team.” error. To resolve this, follow the steps in this article: http://blogs.technet.com/b/lyncativity/archive/2012/12/06/troubleshooting-lync-2013-powerpoint-sharing-issue-there-was-a-problem-verifying-the-certificate-from-the-server-please-contact-your-support-team.aspx
To summarize the article, when we use an internal RootCA configured as an Enterprise Root CA (AD-integrated), by default AIA and CDP extensions are set to LDAP target only and non-domain joined clients cannot use LDAP to obtain the CRL. We therefore need to configure the CA to allow HTTP. The screen captures of the RootCA configuration required for HTTP are shown below:
To summarize the article, when we use an internal RootCA configured as an Enterprise Root CA (AD-integrated), by default AIA and CDP extensions are set to LDAP target only and non-domain joined clients cannot use LDAP to obtain the CRL. We therefore need to configure the CA to allow HTTP. The screen captures of the RootCA configuration required for HTTP are shown below:
After making the changes, we need to reissue the CRL by executing CERTUTIL –CRL from the ADCS server and then re-issue the certificate for the web app server.