Tuesday, 6 January 2015

Integrate Lync 2013 and Exchange 2013 Unified Messaging using only PowerShell (mostly)

Happy New Year happy readers.  My first blog post of 2015 follows on from a popular post How to integrate Lync Server 2013 with Exchange Server 2013 Outlook WebApp in 5 easy steps.  In the second of what will be a three part series on integrating Lync Server 2013 with Exchange Server I focus on Exchange Unified Messaging.  

Ever since I was introduced to PowerShell in Exchange 2007 where certain things like Public Folder management could only be done in PowerShell rather than a GUI (which would later follow in SP1) I have been hooked.  PowerShell "one liners" are all about speed and efficiency.  The GUI is largely a thing of the past now.  In both Lync and Exchange there are still many things that cannot be done in the GUI which means PowerShell is your only option.  In Exchange Server 2013, the GUI is now a Web Page.  And we all know how slow a web page can be.  

In this post I will walk you through the steps of integrating Lync Server 2013 with Exchange Server 2013 Unified Messaging.  For those that don't know what Unified Messaging (UM) is, here is a link to the Technet description.  In Exchange 2007 and 2010, UM was a separate role.  In 2013 it is part of the Client Access Server role.  I'll leave you to deploy Exchange and make sure it is fit for UM.

As I mentioned above, I am a fan of PowerShell so I have tried to as much as I can just using PowerShell.  Here goes.

Step 1 - Certificates
Generate a new Self Signed cert, import and enable for UM and UMCallRouter services.   On your Exchange UM server open Exchange Server Management Shell as Administrator
New-ExchangeCertificate -FriendlyName 'LyncUM' -PrivateKeyExportable $true -KeySize '2048' -SubjectName 'C=UK, O=Company, CN=ExchUM01.domain.local' -DomainName 'ExchUM01.domain.localk' -Services 'UM,UMCallRouter' -Server 'ExchUM01.domain.local'
These next commands Export the certificate to a file on the Exchange Server
$cert = (Get-ExchangeCertificate | Where {$_.Services -ilike "*UM*"})

Export-Certificate -Cert $cert -FilePath c:\UMCert.p7b -Type p7b
And this one copies the certificate file to one of your Front End servers.  Repeat as necessary for all Front End Servers.
Copy-Item C:\UMCert.p7b -Destination \\FrontEnd01.domain.local\C$\UMCert.p7b -Force
This command will Import the certificate on your Front End server in the Trusted Root Certificate Authorities.  On your Lync server(s), Open Lync Server Management Shell as Administrator
Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root -FilePath "C:\UMCert.p7b"
Back to Exchange.  
Step 2 - Exchange UM configuration

First we need to create a New UM Dial Plan.
New-UMDialPlan -Name ‘Lync_UM_Dial_Plan’ -NumberOfDigitsInExtension ’4' -URIType ‘SipName’ -VoIPSecurity ‘Secured’ -CountryOrRegionCode ’44' -AccessTelephoneNumbers +9090
Now Set dialing restrictions   
Set-UMDialPlan "Lync_UM_Dial_Plan" -ConfiguredInCountryOrRegionGroups "Anywhere,*,*,*" -AllowedInCountryOrRegionGroups "Anywhere" -ConfiguredInternationalGroups "Anywhere,*,*,*" -AllowedInternationalGroups "Anywhere"
Now Configure the UM Server
Set-UMService -Identity ‘ExchUM01.domain.local' -DialPlans ‘Lync_UM_Dial_Plan’ -UMStartupMode TLS
Set-UMCallRouterSettings -DialPlans 'Lync_UM_Dial_Plan' -UMStartupMode TLS
Now Start UM Services
Start-Service "MSexchangeUM*" -verbose
Output
VERBOSE: Performing the operation "Start-Service" on target "Microsoft Exchange Unified Messaging (MSExchangeUM)".

VERBOSE: Performing the operation "Start-Service" on target "Microsoft Exchange Unified Messaging Call Router (MSExchangeUMCR)".
Now create a New UM Attendant
New-UMAutoAttendant -Name ‘AutoAttendant’ -UMDialPlan ‘Lync_UM_Dial_Plan’ -Status ‘Enabled’ -SpeechEnabled $true -PilotIdentifierList ‘+9091'
And a new UM Mailbox Policy
New-UMMailboxPolicy -Name UMMailboxPolicy -UMDialPlan "Lync_UM_Dial_Plan" | Set-UMMailboxPolicy -AllowCommonPatterns $true -MinPINLength 4

Now we need to run the Exchange UC Util configuration script. This script gives permissions to the Lync Server on the Exchange UM objects and creates a new UM IP gateway pointing to the Lync pool.
Run Exchange UC Configuration Script - C:\Program Files\Microsoft\Exchange Server\v15\Scripts>.\ExchUCUtil.ps1 - Twice!
Once you have run it a second time the dial plan you created and the Lync pool FQDN are present in the output.

Now back to the Lync server.  


Step 3.  Configure Lync for UM

First we need to add a Normalization Rule for UM Subscriber Access in Lync.  Open Lync Server Management Shell as Administrator
New-CsVoiceNormalizationRule -Name 'Exchange UM' -Parent "LyncSiteName" -Description "Exchange UM Normalization" -Pattern '^(909\d{1})$' -Translation '+$1' -IsInternalExtension: $TRUE | Out-Null
Now we must create Lync contacts for UM, for the subscriber access number and auto attendants (if you have any).  This is a GUI unfortunately.  But it is the only one.
Run Lync UM Configuration Tool - C:\Program Files\Common Files\Microsoft Lync Server 2013\Support\OcsUmUtil.exe
  1. Click Load Data and the Active Directory forest name should populate the Exchange UM Dial Plan Forest field.
  2. Click Add to create the Subscriber Access contact first.  Select the desired Organizational Unit and Name.  The defaults can be used for the remainder of the settings.
  3. Click Add again to create another contact and select Auto-Attendant as the Contact Type. Select the desired Organizational Unit and Name.  The defaults can be used for the remainder of the settings as well.

Close the Exchange UM integration Utility and force an address book update in a Lync client to verify the new Exchange contacts.  Open Lync Server Management Shell as Administrator
Update-CsAddressBook
Step 4 - Create Test users
Create two test users in AD, Mail, UM and Lync enable them, enable for Enterprise Voice and assign line URIs.

First Create and Mail enable the Users

$password = Read-Host "Enter password" -AsSecureString (Enter the password when prompted)
New-Mailbox -UserPrincipalName test.user1@domain.com -Alias test.user1 -Database "Mailbox Database 1" -Name test.user1 -OrganizationalUnit Users -Password $password -FirstName Test -LastName User1 -DisplayName "Test User1" -ResetPasswordOnNextLogon $false
New-Mailbox -UserPrincipalName test.user2@domain.com -Alias test.user2 -Database "Mailbox Database 1" -Name test.user2 -OrganizationalUnit Users -Password $password -FirstName Test -LastName User2 -DisplayName "Test User2" -ResetPasswordOnNextLogon $false
Now Lync enable the users. Lync Server Management Shell As Administrator
Enable-CsUser -Identity "Test User1" -RegistrarPool "FrontEnd01.domain.com" -SipAddress "sip:test.user1@domain.com" | Set-CsUser -EnterpriseVoiceEnabled $True -lineURI "TEL:+44123549092;ext=9092"

Enable-CsUser -Identity "Test User2" -RegistrarPool "FrontEnd01.domain.com" -SipAddress "sip:test.user2@domain.com" | Set-CsUser -EnterpriseVoiceEnabled $True -lineURI "TEL:+44123459093;ext=9093"
And finally, UM enable the Users.  Exchange Server Management Shell as Administrator
Enable-UMMailbox -Identity test.user1@domain.com -UMMailboxPolicy UMMailboxPolicy -Extensions 9092

Enable-UMMailbox -Identity test.user2@domain.com -UMMailboxPolicy UMMailboxPolicy -Extensions 9093
Step 5 - Test UM
Test Access to Voicemail

$cred = get-credential "domain\test.user1" - (Enter Password when prompted)

Test-CsExUMConnectivity -TargetFqdn FrontEnd01.Domain.local -UserSipAddress "sip:test.user1@domain.com" -UserCredential $cred
Result: Should say Success
Test that a user can leave a voicemail for another user
$cred = get-credential "domain\test.user2" - (Enter Password when prompted)

Test-CsExUMVoicemail -TargetFqdn FrontEnd01.Domain.local -ReceiverSipAddress "sip:test.user2@domain.com" -sendersipaddress "sip:test.user1@domain.com" -SenderCredential $cred
Result: Should say Success
And that's it.  You have successfully integrated Lync 2013 with Exchange Server 2013 UM.  Hope this was useful.  

Stay tuned for part three of this series.  Configuring OAuth between Lync 2013 and Exchange 2013.