Configuring Exchange unified messaging with OCS 2007

Configuring Exchange Server unified messaging (UM) for OCS 2007 isn't much different than configuring UM with IPs and PBXs. The first step is to create an Exchange UM dial plan. This tip shows you how.

Exchange 2007 Unified Messaging combines email, voicemail and fax into a single unified message store. Office Communications...

Server 2007 integrates into the UM infrastructure to provide call answering, subscriber access, call notification and auto-attendant services. But what's the best way to integrate both products? Configuring Exchange for OCS isn't that different from configuring UM with other IP-based private branch exchanges (PBX).

Related links:
Plan for Exchange Server 2007 SP1 Unified Messaging in Office Communications Server


TechNet Webcast: Configuring Office Communications Server 2007 and Exchange Server 2007 Unified Messaging Interoperability (Level 300)

Office Communications Server 2007 Document: Enterprise Voice Planning and Deployment Guide

Quick Start Guide for Outlook Voice Access 2007

An Exchange UM dial plan supports three different security levels: unsecured, SIP secured, and secured. Table 2 shows the differences in terms of Mutual TLS and SRTP for each security level.

You'll want to create a UM dial plan for each Enterprise Voice location profile.


VoIP Security Mutual TLS SRTP
Unsecured Disabled Disabled
SIP secured Enabled (required) Disabled
Secured Enabled (required) Enabled (required)

Table 2. VoIP security levels

When integrating Exchange UM with OCS 2007 and selecting the appropriate dial-plan security level, consider the following criteria:

  • Mutual TLS is required between Exchange UM and OCS. Unsecured level is not an option.
  • Office Communicator 2007 clients support secure real-time transport protocol (SRTP); therefore, both secured and SIP secured levels can be used. The encryption level that Communicator uses can be set by means of Group Policy or by changing the PC2PCAVEncryption registry key.
  • If Communicator Phone Edition (aka Tanjay) is deployed, the security level should be set to secured.

If you choose to use the Exchange Management Console, create a new dial plan with the security setting SIP secured (Figure 10).

Create a new UM dial plan

Figure 10. Click through these steps to create a new UM dial plan.

If you use the Exchange Management Shell, type the following command:

New-UMDialPlan -name <dial plan name> -URIType "SipName" -VoIPSecurity <SIPSecured|Secured> -NumberOfDigitsInExtension <number of digits> -AccessTelephoneNumbers "<access number in E.164 format>"

In my environment, I used this command:

New-UMDialPlan -Name 'OCS' -NumberOfDigitsInExtension '4' -URIType 'SipName' -VoIPSecurity 'SIPSecured' --AccessTelephoneNumbers '+44020071000'

Figure 11 shows which "OCS Properties" tab to select in order to find the Associate Subscriber Access Number.

Associate Subscriber Access Number

Figure 11. Your Associate Subscriber Access Number.

The dial plan must be enabled on the UM server. Open the Exchange Management Console, expand Server Configuration and select Unified Messaging. On the right pane, right click the UM server and select Properties.

On the UM Settings tab, add the dial plan and click OK (Figure 12).

Add a dial plan to the UM server

Figure 12. Add a dial plan to the UM server by using this box.

A box will appear to show you how to create a new UM auto attendant (Figure 13).

Create a new UM auto attendant

Figure 13. How to create a new UM auto attendant.

Although it's not required, you can use the Exchange Management Console to create a new UM auto attendant for the dial plan that you just configured. You can also use a PowerShell cmdlet to create a new UM auto attendant for the previously configured dial plan.

New-UMAutoAttendant -Name <auto attendant name> -UMDialPlan <name of dial plan> -PilotIdentifierList <auto attendant phone number in E.164 format> -SpeechEnabled $true -Status Enabled

I used the following command:

New-UMAutoAttendant -Name 'OCS Auto Attendant' -UMDialPlan 'OCS' -PilotIdentifierList '+44020071099' -Status 'Enabled' -SpeechEnabled $true

Run ExchUCUtil.ps1

The ExchUCUtil.ps1 script performs the following:

  • Creates a UM IP gateway object in Active Directory for each Communications Server pool that hosts Enterprise Voice-enabled users.
  • Creates an Exchange UM hunt group for each gateway. The hunt group pilot identifier will be the name of the dial plan associated with the corresponding gateway.
  • Grants Communications Server permission to read Exchange UM Active Directory objects, specifically, SIP dial plans that were created in the previous task.

To run this script, open the Exchange Management Shell and navigate to the Scripts folder, which can be found under the Exchange installation directory, and type ExchUCUtil.ps1 (Figure 14).

Configure the ExchUCUtil output

Figure 14. How to configure the ExchUCUtil output.

Verify that there are no errors in the output and check the UM IP Gateways tab in the Exchange Management Console. There you'll see the newly created gateway and hunt group (Figure 15).

New UM IP gateway

Figure 15. This is what a new UM IP Gateway looks like.

Now, obtain a certificate for Exchange UM server from a trusted root certificate authority (CA).

Exchange and OCS will communicate using mutual TLS, so they both need a certificate from a trusted CA.

The Exchange setup installs a self-signed certificate that cannot be used with OCS, so you must obtain a new certificate. You can do so using a series of PowerShell cmdlets.

Note: To view the certificate, type Get-ExchangeCertificate in the Exchange Management Shell.

Use this command to generate the request (Figure 16):

New-ExchangeCertificate -GenerateRequest -Path c:\certreq.txt -SubjectName "c=UK, o=MI6, cn=e2k7.mydomain.local" -DomainName, webmail.mydomain.local -PrivateKeyExportable $true

Example of a New-ExchangeCertificate request

Figure 16. Here's an example of a New-ExchangeCertificate request.

The generated text file contains the encoded certificate request that can be used on the online certificate request form (Figure 17).

Sample of New-ExchangeCertificate request form

Figure 17. This is a sample of a New-ExchangeCertificate request form.

After the certificate has been issued and saved locally, the following cmdlet will enable it for use with the Exchange UM service and HTTPS:

Enable-ExchangeCertificate -Thumbprint A9594D9632BAB0A136B2372442656CD99C13121B -Services "UM, IIS"

Figure 18 depicts the whole series of cmdlets used to import and enable a certificate.

How to use PowerShell cmdlets to import and enable the certificate

Figure 18. Use this PowerShell code to import and enable the certificate.

TIP: Open the Exchange server default web site with Internet Explorer to check there are no certificate errors.

Next, restart the Exchange unified Messaging service. Although there are two certificates (self-signed and the new one) installed, the UM service will pick the one that is not self-signed. You can search for event ID 1112 (Figure 19) on the Exchange server application log to check which certificate Exchange is using.

Selected certifiate for Exchange UM service

Figure 19. This is a selected certificate for the Exchange UM service.

You can also double check the certificate by inspecting the serial number (Figure 20).

Find the certificate serial number under the details tab

Figure 20. You can find the certificate serial number under the details tab.

Enable users for unified messaging

Before enabling users for unified messaging, I recommend filling in the telephone number information in AD. Although Microsoft recommends using E.164 normalized numbers, you can safely use a four-digit (or more) extension on the telephone number field (Figure 21). But I strongly recommend using E.1645 numbers on the Telephones tab (mobile number, home number, etc.).

Different fields in AD properties

Figure 21. These are the different AD Properties fields.

TIP: If you use non-E.164 telephone numbers, make sure there is a rule on the Company_Phone_Number_Normalization_Rules.txt file (OCS Address Book server) to normalize the numbers.

Once the telephones are added to AD, open the Exchange Management Console to enable users for unified messaging. Then navigate to Recipient Configuration and select Mailbox.

Right-click on the user and select Enable Unified Messaging (Figure 22).

Enable UM for a user

Figure 22. Enable unified messaging for a selected user.

On the Enable Unified Messaging window, click Browse and select the UM Mailbox Policy (Figure 23).

Figure 23. This the introduction to the Unified Messaging wizard.

Click Next -- notice that Exchange uses the extension number from AD --, then click Next again (Figure 24).

UM wizard's extension configuration

Figure 24. Here's the Unified Messaging wizard's extension configuration.

Finally, click Enable and then Finish (Figure 25).

Final step of the UM wizard

Figure 25. This is the last step of the Unified Messaging wizard.

TIP: In order to make the Call Voice Mail option available in Office Communicator, make sure the SIP URI, for example JamesB@mydomain.local, is the default EUM address. The address should be in bold.

Figure 26 shows the traditional user extension with the digits specified in the Enable Unified Messaging process.

Available options when configuring Mailbox Properties

Figure 26. This image displays the available options when configuring Mailbox Properties.

Figure 27 shows the second type of extension -- a SIP URI.

Figure 27. These are what the default Mailbox EUM addresses look like.

Integrating Exchange unified messaging with OCS 2007
  Part 1: Integrating Exchange unified messaging with OCS 2007
  Part 2: Configuring Exchange unified messaging with OCS 2007
  Part 3: Tools automate an Exchange UM and OCS 2007 integration


Rui Silva, Microsoft Exchange MVP
Rui Silva is a Technology Solution Professional (Unified Communications) at Microsoft Portugal. Silva is MCITP/MCDBA/MCSA/MCSE:Messaging+Security certified and has been recognized as a Microsoft MVP for Exchange Server from 2005 to 2008, due to his contribution to the technical community. Silva spent the last 11 years working with all kinds of Microsoft technologies, with particular emphasis on Microsoft Exchange Server and Office Communications Server.

This was last published in February 2010

Dig Deeper on Instant Messaging and Unified Messaging



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.