OWA 2013 and Lync 2013 integration

In this post I’ll describe how to integrate lync 2013 and owa 2013. Because of traffic between lync and exchange servers are encrypted you need certificates in both side (lync and exchange),
Lync 2013 certificate: During installation of lync server, there was one step where you assign certificate and this certificate will be used for integration, so you don’t need any additional certificate in lync infrastructure.
Exchange 2013 Certificate: you can use certificate that you already assigned to exchange server. you cannot use self sign certificate in exchange server during integration, because certificate that will be used in lync and exchange both must be trusted for all exchange and lync infrastructure servers.
Exchange side
I will create addition certificate for lync im integration: don’t use wildcard certificate, in alternative names you need all servers fqdn in exchange infrastructure, cas array name, webmail fqdns.
My Certificate friendly name will be Exchange IM Cert: alternative names will be e-15.domain.corp, mail.lab.community.ge (i will not add lync fqdn in certificate, it is not necessary )
my lync fqdn is lync2013.domain.corp. I will not assign exchange im certificate to any services, it’s not necessary to assign certificate to any service to use for im integration.

image image



After import Certificate in exchange server we must enable instantmessaging for lync to do this type in exchange console:

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –InstantMessagingEnabled
$True -InstantMessagingType OCS

we need also add in Web.config in C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Owa
under <AppSettings>


<add key="IMCertificateThumbprint" value="3D1036F139BCDFE68F53546C766FAB9ECCD0387F"/> 
<add key="IMServerName" value="lync2013.domain.corp"/>




last step on exchange side

C:\Windows\System32\Inetsrv\Appcmd.exe recycle apppool /apppool.name:"MSExchangeOWAAppPool"

Lync Side
Create trusted application pool in topology builder


publish topolgy. after creating trusted application pool, we must create trusted application in this pool , to do this open lync shell and type

New-CsTrustedApplication -ApplicationId OutlookWebApp -TrustedApplicationPoolFqdn e-15.domain.corp -Port 5199




and at last in exhcange server  iisreset /noforce or you can restart server.


Add comment

  Country flag

  • Comment
  • Preview

About the author

Giorgi Jambazishvili
System Administrator
Ministry of Justice of Georgia