Table Of Contents
Microsoft Exchange 2003 Configuration Checklist (WebDAV)
Verifying Permissions on the Exchange 2003 Account
Microsoft Exchange 2007 Configuration Checklist (WebDAV)
Verifying Permissions on the Exchange 2007 Account
Enabling Authentication on the Exchange 2003/2007 Virtual Directories
Configuring Microsoft Exchange Server 2003 and 2007 for Integration with Cisco Unified Presence (over WebDAV)
Revised: November 30, 2012
Note This module describes the integration of Cisco Unified Presence with Microsoft Exchange Server 2003 and 2007 over WebDAV. If you are integrating with the Exchange server 2007 or 2010 over Exchange Web Services (EWS), see Chapter 3 "Configuring Microsoft Exchange Server 2007 and 2010 for Integration with Cisco Unified Presence (over EWS)." For an overview of each type of Exchange integration, we recommend that you review Chapter 1 "Planning for Cisco Unified Presence Integration with Microsoft Exchange".
•Microsoft Exchange 2003 Configuration Checklist (WebDAV)
•Verifying Permissions on the Exchange 2003 Account
•Microsoft Exchange 2007 Configuration Checklist (WebDAV)
•Verifying Permissions on the Exchange 2007 Account
•Enabling Authentication on the Exchange 2003/2007 Virtual Directories
Microsoft Exchange 2003 Configuration Checklist (WebDAV)
Table 2-1 provides a summary checklist to follow when configuring access to mailboxes on the Microsoft Exchange 2003 server. For detailed instructions, see the Microsoft Server 2003 documentation at the following URL: http://technet.microsoft.com/en-us/library/bb123872(EXCHG.65).aspx
Table 2-1 Configuration tasks for Microsoft Exchange 2003 Components
Troubleshooting Tips
•Cisco Unified Presence only requires Receive As permissions on the account to enable it to sign in to that account when it connects to the Exchange server. Note that this account does not typically receive mail so you do not need to be concerned about allocating space for it.
•If you receive an error message indicating that the Exchange server is down and the certificate is configured properly, then the Receive As account is not configured properly. Recreate the account using the steps in this procedure.
What To Do Next
Verifying Permissions on the Exchange 2003 Account.
Verifying Permissions on the Exchange 2003 Account
Procedure
Step 1 Use Internet Explorer to connect to the following URL:
https://server/exchange/user@domain
Where server = server name, user = user name (some user other than receive-as acccount), domain = exchange domain
Step 2 Sign in using the receive-as credentials. If these credentials allow you to access the OWA account, it verifies that the permissions have propagated successfully to the Exchange server.
What To Do Next
Configuring the Presence Gateway on Cisco Unified Presence for Microsoft Exchange Integration.
Troubleshooting Tips
This procedure applies to Microsoft Exchange Server 2003 SP1 and later releases.
Microsoft Exchange 2007 Configuration Checklist (WebDAV)
Table 2-2 provides a summary checklist to follow when configuring access to mailboxes on the Microsoft Exchange 2007 server. For detailed instructions, see the Microsoft Server 2007 documentation at the following URL: http://technet.microsoft.com/en-us/library/bb124558(EXCHG.80).aspx
Table 2-2 Configuration tasks for Microsoft Exchange 2007 Components
Troubleshooting Tips
•Cisco Unified Presence only requires Receive As permissions on the account to enable it to sign in to that account when it connects to the Exchange server. Note that this account does not typically receive mail so you do not need to be concerned about allocating space for it.
•If you receive an error message indicating that the Exchange server is down and the certificate is configured properly, then the Receive As account is not configured properly. Recreate the account using the steps in this procedure.
What To Do Next
Verifying Permissions on the Exchange 2007 Account
Verifying Permissions on the Exchange 2007 Account
After you have assigned the permissions to the Exchange 2007 account, you must verify that the permissions propagate to mailbox level and that you can access the mailbox of the end-user. On Exchange 2007, it takes some time for the permissions to propagate to mailboxes.
Before You Begin
•Delegate the appropriate roles and Receive-As permissions to the Exchange account. See the Microsoft Exchange 2007 Configuration Checklist topic.
•For the purpose of the examples in the following procedures, assume that the Exchange account is named "cupsadmin" and the mail storage group is named "First Storage Group".
Procedure
Step 1 Open the Exchange Management Shell (EMS) for command line entry.
Step 2 Verify that the Exchange account is a member of the"ExchangeView-Only Administrator" group as follows:
a. Run this command in the EMS:
([ADSI]"LDAP://CN=CUPS Admin,CN=Users,DC=r7,DC=com").memberof
Note The "CN=CUPS Admin,CN=Users,DC=r7,DC=com" is the DN (Distinguished Name) of the Exchange account. To determine the DN, use adsiedit.msc. Also verify the DN with your Active Directory administrator if required.
b. Ensure that the command output indicates the Exchange account is a member of "Exchange View-Only Administrator" group, as follows:
Example: Command Output
Step 3 Verify that the Exchange account has "Receive-As" permissions on the mail storage group as follows:
a. Run this command in the EMS:
Get-ADPermission "First Storage Group" -user cupsadmin | Format-Table -AutoSize
Note The "First Storage Group" is the name of the mail storage group. The "cupsadmin" is the Exchange account.
b. Ensure that the command output indicates the Exchange account has "Receive-As" permission on the mail storage group, as follows:
Example: Command Output
Identity- - - - - - User- - - - Deny- - - Inherited- - - - - - Rights- - - - - HTLUO-MAIL\First Storage Group R7\cupsadmin False False Receive-As
Step 4 Verify that the Exchange account has permissions on an end-user mailbox as follows:
a. Run this command in the EMS:
Get-MailboxPermission jdoe -user cupsadmin | Format-Table -autosize
Note The "jdoe" is the mailbox of the end-user. The "cupsadmin" is the Exchange account.
b. Ensure that the command output indicates that the Exchange account has FullAccess permission on jdoe's mailbox, as follows:
Example: Command Output
Identity- - - - - - User- - - - AccessRights- - - - - - - - IsInherited- - - - - - - - Deny- - - r7.com/Dallas/John Doe R7\cupsadmin {FullAccess} True False
Truobleshooting Tips
Full Access permission on a user mailbox is inherited from the higher-level permission, in this instance, from the "First Storage Group". If the command (that you run in Step 4) fails to return output, the permission has not yet propagated to the mailbox. Do not proceed until you see that the Exchange account has FullAccess on the mailbox of the end user.
What To Do Next
Configuring the Presence Gateway on Cisco Unified Presence for Microsoft Exchange Integration
Enabling Authentication on the Exchange 2003/2007 Virtual Directories
You must enable basic authentication on the Exchange virtual directories (/exchange and /exchweb) for Microsoft Office Outlook Web Access to work properly. The /exchange directory handles mailbox access requests for OWA and WebDAV. The /exchweb directory contains resource files used by OWA and WebDAV. You can also optionally enable Windows Integrated Authentication on the Exchange virtual directories. Furthermore, Forms Based Authentication can be optionally enabled.
The procedure that follows is for WebDAV integrations on Exchange 2003 and Exchange 2007 server running Windows Server 2003.
Procedure
Step 1 From Administrative Tools, open Internet Information Services. and select the server.
Step 2 Select Web Sites.
Step 3 Select Default Web Site.
Step 4 Right click either the /exchange or /exchweb, and select Properties.
Step 5 Select the Directory Security tab.
Step 6 Under Authentication and access control, select Edit.
Step 7 Under Authentication, ensure that the Basic Authentication and Integrated Windows check boxes are checked.
Step 8 [Optional] If you want to enable Forms Based Authentication, complete the following steps:
•Open the Exchange Management Console (EMC).
•From the left pane, select Server Configuration > Client Access.
•Select the appropriate server in the Client Access pane and select the Outlook Web Access tab.
•Right-select owa (Default Web Site) and select Properties.
•Select the Authentication tab.
•Select Use forms-based authentication and under Logon Format select Domain\user name.
Note Basic authentication is enabled by default for OWA when Forms Based Authentication is selected.
Related Topics
•http://technet.microsoft.com/en-us/library/aa998849(EXCHG.80).aspx
•Known Issue: see Calendar Integration Fails with "HTTP 503 Service Unavailable" Error from Exchange 2007