Upload
abhay-kapoor
View
247
Download
15
Tags:
Embed Size (px)
DESCRIPTION
BOOK
Citation preview
Released:
Conditions and Terms of Use
This training package content is proprietary and confidential, and is intended only for users described in the training materials. This content and information is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or information included in this package is strictly prohibited.
THE CONTENTS OF THIS PACKAGE ARE FOR INFORMATIONAL AND TRAINING PURPOSES ONLY AND ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
Training package content, including URL and other Internet Web site references, is subject to change without notice. Because Microsoft must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
Copyright and Trademarks © Microsoft Corporation. All rights reserved.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
For more information, see Use of Microsoft Copyrighted Content at http://www.microsoft.com/about/legal/permissions/.
Microsoft®, Internet Explorer, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
About the Authors
Author: Greg Anthony
Bio:
Project Member: Ron Solomon
Bio:
Acknowledgements We want to thank the numerous members of the Product Group, User Assistance Teams, Beta Team, Reskit Team, and Product Quality Team and other supporting teams for their collaboration, time, effort, materials, and presentations that in many important ways has helped to make this project successful.We also want to thank Global Technical Readiness for help with the formatting, presentation creation and other training readiness items and CTS Labs with their help in on boarding the virtual environment in external VMAS.Lastly, I want to thank the CSS Readiness Team for their push, encouragement, and assistance with additional resources to complete this project in a timely manner.
Table of ContentsLab 2: Prepare Lab Environment.................................................................................................................
Overview..................................................................................................................................................................
Exercise 1: Update and publish Lync Server 2010 topology.....................................................................................
Exercise 2: User Provisioning...................................................................................................................................
Exercise 3: Import User Photos..............................................................................................................................22
Exercise 4: Install Office Web Apps Server 2013 (aka WAC)..................................................................................24
Exercise 5: Replace Lync Server 2010 Certificates with Certificates reflecting <lync#>.msftonlinerepro.com and contoso.com............................................................................................................................................................
Appendix A: Provisioned Lync Users..........................................................................................................45
Contoso User Moves..........................................................................................................................................45
Lab 2: Prepare Lab Environment
Warning: Do not start this Lab until you have completed Lync Server 2013 L01 Prepare VMAS Environment. It is okay to continue if you have run the TMGConfigScript.ps1 in the previous lab and started the TMG 2010 server installation, as this lab relies on the info.txt file created by the TMGConfigScript.ps1 in Lab 1.
OverviewIn Lab1, you completed the preparation of the VMAS environment for basic networking so all virtual machines register with the EnterpriseDC DNS server, configured ForeFront TMG 2010 as a bastion host, and reverse proxy for your environment and several other tasks.
In this Lab, you will run scripts to create your users with <lync#>.msftonlinerepro.com as the UPN, enable them for Lync Server 2010, create Exchange 2010 mailboxes, and configure other Lync Server policies in order to have a working Lync Server 2010 environment with a Lync Server 2010 Edge and Standard Edition server from which you will migrate to Lync Server 2013 in later labs.
Estimated time to complete this lab: 1 hour and 30 minutes.
Exercise 1: Update and publish Lync Server 2010 topologyScenario
The Lync Server 2010 topology needs to be updated with the IP addresses for the Lync 2010 Edge server in your environment.
Tasks1. Connect to VM L2010SE01, the Lync Server 2010 Standard Edition server, and logon as
Contoso\administrator. (TIP: RDP from ENTERPRISEDC or use Remote Desktop Connection Manager and get the IP from DNS or the VMAS Dashboard)
2. Launch the Lync Server Management Shell.
Global Technical Readiness1
Lab 2: Prepare Lab Environment
3. Change directory to C:\Users\Administrator.CONTOSO\Downloads.
4. Open info.txt in Notepad. Verify it has your setup information. If not, from WSTMG01 copy the info.txt created on WSTMG01 over to L2010SE01 (copy c:\users\administrator.contosocd\downloads\info.txt \\l2010se01\c$\users\administrator.contoso\downloads. Info.txt was created at the end of the TMGConfigScript.ps1 that you executed in the previous lab.
5. Close Notepad.
6. Delete ProvisionEdgeTopo.ps1
7. Download ProvisionEdgeTopo.ps1 from http://sdrv.ms/NA13mq or copy it from \\10.0.29.52\software\skydrive\ProvisionEdgeTopo.ps1.
8. Execute .\ProvisionEdgeTopo.ps1.
2 © Microsoft Corporation. All rights reserved.
9. Ignore the service restarts for now.
10. If you receive an error like the below screenshot shutdown EnterprisdeDC2 and leave it off the rest of the course delivery.
Restart L2010SE01 and rerun .\ProvisionEdgeTopo.ps1.
Exercise 2: Replace Lync Server 2010 Certificates with Certificates reflecting <lync#>.msftonlinerepro.com and contoso.com.Scenario
Contoso is doing business as <lync#>.msftonlinerepro.com and will add the UPN to Active Directory and needs to support users signing in with that SIP URI.
Global Technical Readiness3
Lab 2: Prepare Lab Environment
TasksUpdate Lync Server 2010 Edge Certificate
1. Connect to VM L2010S1EDGE01, and logon as L2010S1EDGE01\Administrator.
2. Launch the Lync Server 2010 Deployment Wizard.
3. In the Deployment Wizard, click Install or Update Lync Server System.
4. On the Deploy Page, click Run by Step 3: Request, Install or Assign Certificates.
4 © Microsoft Corporation. All rights reserved.
5. On the Certificate Wizard, select External Edge Certificate, and then click Import Certificate.
6. On the Import Certificate page, click Browse.
Global Technical Readiness5
Lab 2: Prepare Lab Environment
7. Open \\10.0.29.52\Foundation\Student Materials. Open the folder for your assigned lync# and select the edge certificate and click Open.
8. On the Import Certificate page, select Certificate file contains certificate's private key and then enter the password it is protected with 3*Lync4u and then click Next.
6 © Microsoft Corporation. All rights reserved.
9. On the Import Certificate Summary page, click Next.
10. On the Executing Commands page, click Finish.
Global Technical Readiness7
Lab 2: Prepare Lab Environment
11. Back on the Certificate Wizard, select External Edge Certificate, and click Assign.
12. On the Certificate Assignment page, click Next.
8 © Microsoft Corporation. All rights reserved.
13. On the Certificate Store page, select your Lync Edge External certificate that you imported, and then click Next.
14. On the Certificate Assignment Summary page, click Next.
Global Technical Readiness9
Lab 2: Prepare Lab Environment
15. On the Executing Commands page, click Finish.
16. On the Certificate Wizard page, select Edge internal and click Request.
10 © Microsoft Corporation. All rights reserved.
17. On the Certificate Request page, click Next.
18. On the Delayed or Immediate Requests page, click Next.
19. On the Choose a Certification Authority (CA) page, in the Specify another certification authority field enter enterprisedc.contoso.com\contoso-ENTERPRISEDC-ca and click Next.
Global Technical Readiness11
Lab 2: Prepare Lab Environment
20. On the Choose a Certification Authority (CA) page, select Specify another certification authority and in the field enter enterprisedc.contoso.com\contoso-ENTERPRISEDC-ca and then click Enter.
21. On the Certification Authority Account page, select Specify alternate credentials and enter the administrator credentials and then click Next.
12 © Microsoft Corporation. All rights reserved.
22. On the Specify Alternate Certificate Template page, click Next.
23. On the Name and Security Settingspage, enter a Friendly Name and click Next.
24. On the Organization Information page, in the Organization field enter Contoso and in the Organization Unit enter IT and then click Next.
25. On the Geographical Information page, in the Country/Region dropdown select United States, in the State/Province field enter Washington, in the City/Locality field enter Redmond and then click Next.
Global Technical Readiness13
Lab 2: Prepare Lab Environment
26. On the Subject Name / Subject Alternate Names page, click Next.
27. On the Configure Additional Subject Alternate Names page, click Next.
28. On the Certificate Request Summary page, click Next.
29. On the Executing Commands page, click Next.
30. On the Online Certificate Request Status page, ensure Assign this certificate to Lync Server certificate usages is selected and then click Finish.
14 © Microsoft Corporation. All rights reserved.
31. On the Certificate Assignment page, click Next.
32. On the Certificate Assignment Summary page, click Next.
33. On the Executing Commands page, click Finish.
34. On the Certificate Wizard page, click Close.
35. On L2010SE01, in Lync Management Shell execute the following;
Export-CsConfiguration -Filename config.zip
Global Technical Readiness15
Lab 2: Prepare Lab Environment
36. Execute the following to copy to the L2010S1EDGE01
Copy config.zip \\l2010s1edge01\c$\users\administrator\downloads
37. On L2010S1EDGE01, In Lync Server Management Shell cd to downloads and execute the following:
Import-CsConfiguration -Filename config.zip -localstore
38. Execute the following:
Stop-CsWindowsService
39. Execute the following:
Start-CsWindowsService -verbose
If Lync services fail to start, verify that the SQL Server (RTCLOCAL) and SQL Server Browser services are started.
40. Close the Lync Server 2010 Deployment Wizard and Lync Server Management Shell.
Request and Assign Lync Server 2010 Standard Edition Certificate with your domain information.
41. On L2010SE01, launch Lync Server 2010 Deployment Wizard.
42. Click Install or Update Lync Server System.
43. Click Run Again for Step 3: Request, Install or Assign Certificates.
44. On the Certificate Wizard, select Request.
45. On the Certificate Request page, click Next.
46. On the Delayed or Immediate Requests page, click Next.
47. On the Choose a Certification Authority page, click Next.
48. On the Certification Authority Account page, click Next.
49. On the Specify Alternate Certificate Template page, click Next.
50. On the Name and Security Settings page, enter L2010SE01 for Friendly Name and then click Next.
51. On the Organization Information page, enter Contoso and IT.
16 © Microsoft Corporation. All rights reserved.
52. On the Geographical Information page, enter you Country, State, City (Doesn't matter)
53. On the Subject Name / Subject Alternate Names page, click Next.
Global Technical Readiness17
Lab 2: Prepare Lab Environment
54. On the Certificate Request page, put a check mark in both configured Sip domains and then click Next.
55. On the Configure Additional Subject Alternate Names page, add the following SANs and then click Next.
lyncdiscover.contoso.com
lyncdiscover.<lync#>.msftonlinerepro.com
18 © Microsoft Corporation. All rights reserved.
56. On the Certificate Request Summary page, click Next.
57. On the Executing Commands page, click Next.
58. On the Online Certificate Request Status page, ensure Assign this certificate to Lync Server certificate usages is checked and click Finish.
59. On the Certificate Assignment page, click Next.
Global Technical Readiness19
Lab 2: Prepare Lab Environment
60. On the Certificate Assignment Summary page, click Next.
61. On the Executing Commands page, click Finish.
62. Close the Certificate Wizard.
63. Start Lync Server Services
64. Verify Lync Server Services are running before exiting deployment wizard and continuing to Step 3.
65. Exit the Deployment Wizard.
Exercise 3: User ProvisioningScenario
Create users in your environment with SipURI of @<lync#>.msftonlinerepro.com and configure them for Exchange 2010 and Exchange 2010 UM.
Tasks
1. Connect to VM EX2010S101, the Exchange 2010 server, and logon as Contoso\administrator. (TIP: RDP from ENTERPRISEDC)
2. Launch the Exchange Management Shell.
3. Change directory to C:\Users\Administrator.Contoso\Downloads.
20 © Microsoft Corporation. All rights reserved.
4. Run Set-ExecutionPolicy UnRestricted and choose Y to change the policy.
5. Delete .\ProvUserAccts.ps1
6. Download ProvUserAccts.ps1 from http://sdrv.ms/NA13mq to downloads folder.
7. Execute .\ProvUserAccts.ps1 script.
8. If prompted with Security Warning, type R for run once.
9. At the "Enter your alias for <lync#>.msftonlinerepro.com, type your domain alias prefix for msftonlinerepro.com and press Enter.
10. It will take about 5 minutes for the script to complete. Following is what the script performs.
Add Contoso\administrator to csadministrator group
Remote PS-Session to Lync Server 2010 Standard Edition
Configure UM Dialplan, Mailbox Policy, UM AutoAttendant, UM Server Startup Mode
Configures Lync default SIP Domain to your UPN, creates normalization rules, Pstn Usages, Voice Policy and voice route
Create User accounts and enables them for Lync Server 2010 and Exchange UM 2010.
Create RTCContacts OU.
Global Technical Readiness21
Lab 2: Prepare Lab Environment
11. Continue to the next step while the script runs. When script is complete it will say user account provisioning complete.
12. While the ProvUserAccts scripts runs, open a second Exchange Management Shell, change directory to c:\Program Files\Microsoft\Exchange Server\V14\Scripts.
13. Execute .\ExchUCUtil.ps1 script
14. When complete, execute .\ExchUCUtil.ps1 a second time.
15. Output should be similar to the following.
16. Close the second Exchange Management Shell by typing Exit and then pressing Enter.
17. On VM L2010SE01, launch "C:\Program Files\Common Files\Microsoft Lync Server 2010\Support\OCSUMUTIL.EXE".
18. On the Exchange UM Integration Utility, click Load Data.
22 © Microsoft Corporation. All rights reserved.
19. After the data is loaded if you do not have SA and AA contacts follow the steps below to add. Otherwise, close Exchange UM Integration Utility and continue on to Exercise 4.
20. After the data is loaded, click Add.
Global Technical Readiness23
Lab 2: Prepare Lab Environment
21. On the Contact page, click Browse.
22. On the OU Picker page, expand Contoso.com, select RTCContacts, and then click OK.
24 © Microsoft Corporation. All rights reserved.
23. On the Contact page, click OK to accept the Subscriber Access contact settings.
24. Click Add again, and under Contact Type select Auto-Attendant, append AA to ContosoUM in the Name field and then click OK.
Global Technical Readiness25
Lab 2: Prepare Lab Environment
Note: The SA already has Name ContosoUM so if you do not append AA you will get the following error.
25. Close and exit the Exchange UM Integration Utility.
26 © Microsoft Corporation. All rights reserved.
The list of provisioned user accounts can be found in the lab appendix.
Exercise 4: Import User PhotosScenario
The company needs to restore user photos to Active Directory.
Tasks1. Back on VM EX2010S101, launch the Exchange Management Shell if not already
open.
Global Technical Readiness27
Lab 2: Prepare Lab Environment
2. Change directory to C:\Users\Administrator.Contoso\Downloads.
3. Execute copy .\uploadphoto\*.*
4. Execute .\uploadphoto.ps1 -all script.
If prompted with Security Warning, type R for run once.
5. Enter Y to upload all pictures.
6. When complete continue to next exercise.
Exercise 5: Install Office Web Apps Server 2013 (aka WAC) Scenario
The company plans to take advantage of Office Web Apps Server 2013 for PowerPoint presentations with Lync Server 2013. You will install WAC Server 2013 into the existing infrastructure.
The pre-requisites such as .NetFramework 4.5, Windows PowerShell 3.0 and KB2592525 have already been installed for you.
For additional information on installing Office Web Apps Server see http://technet.microsoft.com/en-us/library/jj219455.aspx.
28 © Microsoft Corporation. All rights reserved.
Microsoft Office Web Apps Server is available in the Microsoft Download Center.
http://www.microsoft.com/en-us/download/details.aspx?id=35489
Tasks1. Connect to VM O15S1WAC01, which will become the Office Web Apps 2013 server, and
logon as Contoso\administrator. (TIP: RDP from ENTERPRISEDC) (Note the O in O15 is the letter o for Office. 01 is zero one).
Generating and Requesting WAC CertificateThere are some scenarios where certificates are required where the product certificate wizard does not support required features. One scenario is the IIS certificate wizard, which does not support specifying SAN entries.
Custom Certificate Request using Windows MMC Certificate Snap-inThe following steps specify how to create a SAN certificate-signing request for IIS web server, which is required for IIS on WAC server.
2. On the O15S1WAC01 server, launch Microsoft Management Console (MMC)
3. Click File/Add/Remove Snap-in.
4. Select Certificates snap-in and click Add.
5. On the Certificate snap-in page, select Computer account, then click Next.
Global Technical Readiness29
Lab 2: Prepare Lab Environment
6. On the Select Computer page, ensure Local Computer is selected and click Finish.
7. On the Add or Remove Snap-ins page, click OK.
8. In the navigation pane, expand Certificates, select Personal and right-click, and then select AllTasks -> Advanced Operations -> Create Custom Request… to launch the Certificate Enrollment wizard.
30 © Microsoft Corporation. All rights reserved.
9. On the Certificate Enrollment wizard, click Next.
10. On the Select Certificate Enrollment Policy page, under Custom Request, select Proceed without enrollment policy and click Next.
11. On the Custom request page, click the Template dropdown and select (No template) Legacy key, verify Request format is PKCS #10 and then click Next.
Warning: Do not select CNG key, as it is not compatibility with all applications. A CNG key certificate cannot be used on ISA or TMG Server.
Global Technical Readiness31
Lab 2: Prepare Lab Environment
12. On the Certificate Information page, click to expand Details.
13. Click Properties.
32 © Microsoft Corporation. All rights reserved.
14. On the Certificate Properties page, on the General tab, in the Friendly name field type WAC as the friendly name for the certificate.
Critical:The Friendly name of the certificate cannot match the friendly name of any other certificates that are already on the WAC server where you plan to install this certificate.
15. Click to select the Subject tab.
16. In the Subject name box click the Type drop down and select Common name. In the Value field type the fully qualified domain name (FQDN) for the WAC Server of o15s1wac01.contoso.com and then click Add.
Global Technical Readiness33
Lab 2: Prepare Lab Environment
Note: Be careful about the letter o and 0. It is the letter o at the beginning for Office server and 01 (zero, one) at the end of the O15s1wac01 host name.
Note: For certificates from an internal CA, Common name and any DNS alternative names should be all that is needed on the Subject tab. Public CAs may require additional Types, which you should add as appropriate such as Country, Locality, Organization, and Organization unit.
17. In the Alternative name box click the Type dropdown and select DNS. In the Value field type the common name FQDN of o15s1wac01.contoso.com again and click Add.
18. In the Alternative name box, with DNS selected for Type, in the Value field enter the FQDN wac.contoso.com of the WAC server and click Add. Repeat to add the following FQDN.
Wac.<lync#>.msftonlinerepro.com
34 © Microsoft Corporation. All rights reserved.
19. Click to select the Extensions tab, expand Extended Key Usage (application policies), and under Available options select Server Authentication and click Add.
20. Click to select the Private Key tab, expand Key type and select Exchange. By default, it will be set to Signature but should be set to Exchange for key exchange.
Global Technical Readiness35
Lab 2: Prepare Lab Environment
21. Expand Key options and select Make private key exportable. Select 2048 for the Key size.
Warning: Do not select Strong private key protection as that will disable non-interactive use and uncheck "key archival" if selected as that is a CA function not supported by public CA's.
36 © Microsoft Corporation. All rights reserved.
22. Click OK to close the Certificate properties window.
23. Back on the Certificate Information page, click Next.
24. On the Where do you want to save the offline request page, enter c:\users\administrator.contoso\downloads\waccert.req and click Finish.
25. On the Do you want to replace it, click Yes.
26. Leave the Certificate Snap-in MMC running.
Global Technical Readiness37
Lab 2: Prepare Lab Environment
Submitting the CSR27. Open a command prompt.
28. Cd downloads
29. Since the CSR does not contain template information, to avoid "Denied by Policy Module 0x80094801" error from the MMC, use the following command line to submit the request.
Certreq.exe -submit -attrib "CertificateTemplate:WebServer" waccert.req
30. In the Certificate Authority List window that opens, select the Contoso-ENTERPRISEDC-CA to submit the request to and click OK.
31. In the Save Certificate window, for the File name enter C:\users\administrator.contoso\downloads\waccert.cer and click Save. (Replace if
38 © Microsoft Corporation. All rights reserved.
existing.)
32. The command line should show the certificate was retrieved and issued and whether there are any pending operations if not automatically issued.
33. Exit the Command Prompt.
Completing the Outstanding Certificate RequestOnce the certificate has been issued from the CA the certificate request needs to be complete.
34. Back in the Certificates MMC, expand Personal, right-click Certificates, click All Task -> Import to launch the Certificate Import Wizard.
35. On the Welcome to the Certificate Import Wizard page, click Next.
Global Technical Readiness39
Lab 2: Prepare Lab Environment
36. Open the certificate file C:\Users\administrator.CONTOSO\Downloads\waccert.cer and click Next.
37. On the Certificate Store page, ensure Personal is selected and click Next.
40 © Microsoft Corporation. All rights reserved.
38. Click Finish.
39. On the import was successful page, click OK.
40. The certificate should appear in the Local Computer Certificates/Personal/Certificates store.
Global Technical Readiness41
Lab 2: Prepare Lab Environment
41. Open the certificate to verify it has a private key and contains the information that was requested in the CSR.
42 © Microsoft Corporation. All rights reserved.
42. You can close the Certificate MMC.
Global Technical Readiness43
Lab 2: Prepare Lab Environment
Install Office Web Apps 2013 Server43. Click Start->Run and enter C:\users\Administrator.CONTOSO\Downloads\
WacServer_x64\Setup.exe and click OK to start the Microsoft Office Web Apps 2013 installation.
44. Accept the terms and click Continue.
45. On the File Location page, click Install Now.
44 © Microsoft Corporation. All rights reserved.
46. The Installation Progress page is displayed. Installation takes about 5 minutes.
47. When the installation is finished, click Close.
Global Technical Readiness45
Lab 2: Prepare Lab Environment
48. If prompted, restart O15S1WAC01.
Creating a New Single Server Office Web Apps Server Farm49. Connect to O15S1WAC01 and logon as Contoso\administrator.
50. Launch Windows Powershell.
51. Execute Get-Host and verify version is 3.0.
52. Enter the following command at the Windows PowerShell prompt and then press ENTER:
Get-Command "*Office*"
46 © Microsoft Corporation. All rights reserved.
53. You should then see a list of all the Office Web Application cmdlets:
54. In the PowerShell, execute the following after replacing <lync#> with your domain alias.
New-OfficeWebAppsFarm -InternalUrl https://wac.contoso.com -ExternalUrl https://wac.<lync#>.msftonlinerepro.com -CertificateName "WAC" -AllowHttp -EditingEnabled:$true -OpenFromUrlEnabled:$true
55. Press Enter to to"Setting EditingEnabled to TRUE."
Note: The –EditingEnabled parameter enables editing in Office Web Apps when it is used together with SharePoint 2013. The –EditingEnabled parameter is not used by Lync Server 2013 or Exchange Server 2013 because those hosts don't support editing. Also requires appropriate licensing when set to true.
In the preceding command, the InternalUrl and ExternalUrl parameters are the WAC Server URLs used by internal users and external users (that is, users accessing the service from outside the organization's firewall). The HTTPS: protocol is used when specifying these URLs. In addition, it is recommended to use the same parameter value or URL for the InternalUrl parameter that is used for the ExternalUrl parameter. The AllowHttp parameter configures HTTP bindings in Office Web Apps Server.
The CertificateName parameter is used to assign a certificate to WAC Server. When configuring the WAC Server certificate, use the Friendly Name of the certificate as the certificate name. As noted previously, the Friendly Name must be unique within the Trusted Root Certificate Authorities store. If you had multiple certificates that share a Subject Name the command will fail.
Successful execution will look similar to the following.
Global Technical Readiness47
Lab 2: Prepare Lab Environment
Verifying the Creation of an Office Web Applications Farm56. To verify that the Office Web Application farm was successfully created, type the
following command at the Windows PowerShell prompt and then press ENTER:
Get-OfficeWebAppsFarm
57. You should see information as previous about the newly created Web Application farm:
Validating Office Web Application Server Installation58. To verify that WAC Server has been correctly installed and configured, use a Web
browser to access the WAC Server discovery URL from another machine like ENTERPRISEDC. The discovery URL is composed of the value you assigned to the InternalUrl parameter when you configured the Office Web Application server farm followed by /hosting/discovery. For example:
https://wac.contoso.com/hosting/discovery
Tip:From your local PC you would use https://wac.<lync#>.msftonlinerepro.com/hosting/discovery to verify that it is working across the TMG Reverse Proxy configuration.
Note: Depending on the security settings of your web browser, you might see a message that prompts you to select Show all content before the contents of
48 © Microsoft Corporation. All rights reserved.
the discovery XML file are displayed.
If Office Web Apps Server works as expected, you should see a Web app Open Platform Interface (WOPI)-discovery XML file in your web browser. The first few lines of that file should look similar to following example:
You should not see any security warnings when accessing the discovery URL. If you do, that means that the certificate is not trusted. Either the trust chain on the computer you are running Internet Explorer from is incomplete or the WAC Server certificate is incorrect. Correct the certificate trust chain or delete the existing Web Apps Farm (using the Remove-OfficeWebAppsFarm cmdlet) and create a new Web Apps Farm selecting the proper certificate as appropriate.
Adding Domains to WAC Server Allow ListAfter you have verified that WAC Server is up and running you must then add your domain to the WAC Server Allow List. The Allow List represents the domains that will be allowed to
Global Technical Readiness49
Lab 2: Prepare Lab Environment
communicate with WAC Server. When adding domains to the Allow List, the wildcard character (*) is assumed; that means that Office Web Apps Server will honor requests from all endpoints in the domain. That also means that you should not use an asterisk in any domain you add to the list (for example, *.contoso.com), nor should any domain name begin with a period (for example, .contoso.com). If you add litwareinc.com to the Allow List then WAC Server will honor WOPI requests from endpoints in the domains like litwareinc.com, corp.litwareinc.com and dev.litwareinc.com. Requests from other domains (such as fabrikam.com or contoso.com) will be ignored. If the Allow List is empty, then all domains will be allowed.
59. To add the domains to the Allow List use back in the O15S1WAC01 Windows PowerShell run the following for both domains replacing <lync#> with you domain prefix.
New-OfficeWebAppsHost –Domain "contoso.com"New-OfficeWebAppsHost –Domain "<lync#>.msftonlinerepro.com"
To remove a previously entered domain, run the following cmdlet.
Remove-OfficeWebAppsHost -Domain "<domain>"
Note: The domain entry is case sensitive so if you entered "Contoso.com" original and go to remove "contoso.com" it will not be removed due to the case difference. This may be fixed by RTM.
60. To verify that a domain has been added to the Allow List type the following command from the Windows PowerShell prompt and then press ENTER:
Get-OfficeWebAppsHost
The name of the allowed domains will appear in the Allow List:
50 © Microsoft Corporation. All rights reserved.
Appendix A: Provisioned Lync UsersThis table list the users provisioned in an earlier exercise. These users are currently homed on the Lync Server 2010 Standard Edition Pool L2010SE01. You will move them in a later lab.
Contoso User MovesDisplay Name Current Tel URI New Tel Uri Destination Pool
Alan BrewerTEL:+14255550192
TEL:+14255553192
L15S2SE01/Toronto
Amy AlbertsTEL:+14255550153
TEL:+14255550153 Pool.contoso.com
Anahita BahramiTEL:+14255550135
TEL:+14255550135 Pool.contoso.com
Bart DuncanTEL:+14255550195
TEL:+14255553195
L15S2SE01/Toronto
Bjarne RiisTEL:+14255550159
TEL:+14255553159
L15S2SE01/Toronto
Bob KellyTEL:+14255550162
TEL:+14255550162 Pool.contoso.com
Chloe BrussardTEL:+14255550147
TEL:+14255553147
L15S2SE01/Toronto
Cynthia CareyTEL:+14255550138
TEL:+14255553138
L15S2SE01/Toronto
Dave LandesTEL:+14255550129
TEL:+14255552129
L15S3SBA/Charlotte
Dave LudwigTEL:+14255550168
TEL:+14255550168 Pool.contoso.com
Daniel DurrerTEL:+14255550165
TEL:+14255550165 Pool.contoso.com
Diane MargheimTEL:+14255550171
TEL:+14255552171
L15S3SBA/Charlotte
Heather Murchison
TEL:+14255550141
TEL:+14255550141 Pool.contoso.com
Ivan Komashinsky
TEL:+14255550150
TEL:+14255550150 Pool.contoso.com
Global Technical Readiness51
Lab 2: Prepare Lab Environment
Izak CohenTEL:+14255550101
TEL:+14255552101
L15S3SBA/Charlotte
Jeff FordTEL:+14255550177
TEL:+14255553177
L15S2SE01/Toronto
Jim CorbinTEL:+14255550180
TEL:+14255550180 L2010SE01/Corp
Jim GlynnTEL:+14255550183
TEL:+14255550183 Pool.contoso.com
Kathy BainTEL:+14255550104
TEL:+14255552104
L15S3SBA/Charlotte
Kim AkersTEL:+14255550186
TEL:+14255552186
L15S3SBA/Charlotte
Ken CirceoTEL:+14255550117
TEL:+14255552117
L15S3SBA/Charlotte
Lola JacobsenTEL:+14255550123
TEL:+14255552123
L15S3SBA/Charlotte
Manjinder KaurTEL:+14255550111
TEL:+14255550111 Pool.contoso.com
Matt CavallariTEL:+14255550107
TEL:+14255553107
L15S2SE01/Toronto
Michele MartinTEL:+14255550126
TEL:+14255550126 Pool.contoso.com
Minjung LeeTEL:+14255550110
TEL:+14255550110 Pool.contoso.com
Mrina NatarajanTEL:+14255550114
TEL:+14255553114
L15S2SE01/Toronto
Patrick ElliottTEL:+14255550189
TEL:+14255550189 Pool.contoso.com
Paul KochTEL:+14255550179
TEL:+14255550179 Pool.contoso.com
Peter KrebsTEL:+14255550125
TEL:+14255553125
L15S2SE01/Toronto
Ryan GreggTEL:+14255550120
TEL:+14255550120 Pool.contoso.com
Scott MacDonald TEL: TEL: L15S2SE01/
52 © Microsoft Corporation. All rights reserved.
+14255550124 +14255553124 Toronto
Sean BentleyTEL:+14255550132
TEL:+14255553132
L15S2SE01/Toronto
Tim ToyoshimaTEL:+14255550122
TEL:+14255553122
L15S2SE01/Toronto
Global Technical Readiness53