With the release of Exchange 2013 CU1, we can finally deploy the Unified Contact Store (UCS) into an existing Exchange2010 SP3 environment. This is because Exchange2013 is required for UCS and the GTM version of Exchange2013 did not support coexistence with previous versions of Exchange. To recap, UCS enables users to store all contact information in Exchange 2013 so that the information is available globally across Lync, Exchange, Outlook, and Outlook Web Access. Without UCS, Lync2013 clients cannot change or upload their photos. Below is the UCS architecture diagram for reference:
Deploying Exchange2013 CU1 itself is beyond the scope of this article and the steps are provided in Technet. For existing Exchange2010 environments as in the case of this lab setup, upgrading to Exchange2010 SP3 is required which also performs the prepare AD schema, thereby eliminating the need to run setup.exe /PrepareSchema using Exchange2013. After deploying Exchange2013 we also need to run the post-install steps as described in here. Most notably would be the need to assign a CA issued certificate for the CAS role as Exchange2013, like it's predecessors, by default uses a self-signed cert which Lync2013 will not recognize. Once the prerequisites are done, enabling unified contact store in Lync Server 2013 does not require any topology settings. All that's needed is that the Unified contact store policy is enabled (default is enabled), user's mailboxes have been migrated to Exchange2013, and user log in with using the Lync 2013 rich client at least once.
Configuring oAuth
oAuth is required for server-to-server commication between Lync and Exchange for UCS to work. In the previous article which walked through a Lync2013 deployment, the oAuth certificate was requested and assigned to the Lync server and this certificate will now also be used for Exchange-to-Lync communication. If you have not yet assigned a certificate for the oAuth Token Issuer in Lync2013 then follow the steps in this Technet article. Assuming that has been done, we should proceed to create a partner application for Exchange. The script provided by Microsoft here can be used but the names should be replaced with the specific deployment. Note that the script creates partner applications for both Exchange and Sharepoint so if the latter is not deployed as in the case for this lab, then the following error message displayed after running the script as shown below:
The above errors points to the missing Sharepoint deployment and can be safely ignored in this lab, since the Exchange partner application was successfully created. Next we proceed to configure the oAuth configuration by running the powershell cmdlet:
Set-CsOAuthConfiguration -Identity Global -ExchangeAutoDiscoverURL <exchange autodiscover svc url> as shown below:
Set-CsOAuthConfiguration -Identity Global -ExchangeAutoDiscoverURL <exchange autodiscover svc url> as shown below:
Interestingly enough, the Exchange Autodiscover service by default has no internal URL assigned as clients use AD SCP to locate the service. This can be shown in the ECP below, noting that the Autodiscover (Default Web Site) has no URL assigned, in contrast to the other virtual directories such as ecp, EWS, ActiveSync etc..:
To assign the URL for the Autodiscover service, simply run the Exchange powershel cmdlet:
Set-ClientAccessServer -Identity <exchange server FQDN> -AutoDiscoverServiceInternalUri "<XML URL>"
The command as run in my lab environment is shown below along with a Get-ClientAccessServer to verify that the URL was created successfully:
Set-ClientAccessServer -Identity <exchange server FQDN> -AutoDiscoverServiceInternalUri "<XML URL>"
The command as run in my lab environment is shown below along with a Get-ClientAccessServer to verify that the URL was created successfully:
Of course the autodiscover DNS record has to be created and pointing correctly to the Exchange CAS server. Once that is completed, the final configuration step would be to configure Lync Server 2013 as a partner application in Exchange 2013. A script is provided for this at the default location 'C:\Program Files\Microsoft\Exchange Server\V15\Scripts". The syntax for running the script is
.\Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl "https://<LyncFEServerFQDN>/metadata/json/1
The screen shot of running this script in my lab environment is shown below:
.\Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl "https://<LyncFEServerFQDN>/metadata/json/1
The screen shot of running this script in my lab environment is shown below:
That's pretty much all the configuration that is needed on the Lync2013 and Exchange2013 servers. If a Lync2013 client is currently signed, it will take a few minutes before the following message appears as shown below:
This indicates that the Lync server has detected a valid UCS on Exchange2013 and will proceed to migrate the user's contacts into Exchange. Once the client signs out and back in again, the user is now UCS enabled. You can verify this be trying to change the user's contact photo in Lync2013, which brings up a browser for the user to login to Exchange Webapp to upload a photo which will then be displayed in Lync.
RSS Feed