OWA – Office Web Apps high availability for Lync 2013/Skype4Business


  • ADDS – Active Directory Domain Services.
  • Lync Server 2013 or Skype For Business deployed in the environment
  • ADCS – Active Directory Certificate service for certificates request based in predefined templates

Do the same below to all servers that will run WAC (OWA – office web apps)

  • Open a PowerShell as Administrator and then copy and paste
  • Add-WindowsFeature NET-HTTP-Activation,NET-Non-HTTP-Activ,NET-WCF-HTTP-Activation45,Web-Includes,Web-Static-Content,Web-Windows-Auth,Web-Mgmt-Console,InkAndHandwritingServices -source r:\sources\sxs -restart
  • Download Office Web Apps from http://www.microsoft.com/en-us/download/details.aspx?id=35489
  • Download Office Web Apps updates from http://support.microsoft.com/kb/2760445
  • Install also NLB feature on all servers that will run WAC (OWA – Office web apps)



Requesting needed certificates for WAC (Office Web Apps)

In the first node of this FARM generate the certificate request using mmc.exe , Certificates, Personal and then go to all tasks, advanced operations and select “Create Custom Request”

Windows + R \ mmc.exe <enter>

Follow the instructions bellow.

Select Custom Request and click next

At Custom Request select the “web server” template, and at “request format” check PKCS #10 and click next

Select properties once you have “web server” at Active Directory Enrollment Policy and click properties

Select Custom Request and click next

At general TAB name the certificate “officeweb” and click apply

At the subject TAB select “common name” at type and give the CN name to this certificate

Hm11.home.intranet and click ADD



At “Alternative name” select DNS as type

Fill with the following names:

Officeweb.home.com.br (your external url that is going to be used to answer the request for WAC)

Officeweb.home.intranet (your internal url that is used to answer for internal request inside your ADDS network/netbios domain)

And also add the host names of the servers where WAC FARM is running.



At the “Private Key” TAB select the key size as 2048

Check “make private key exportable” and click ok or apply

After this click NEXT and select the folder to save the request file yourcertreqname.req and click save.

Be sure that your folder path is correct and the file has its own name and file extension .REQ and click FINISH


Now you can request your certificate at your internal CA (certificate authority) in AD forest.

Access your internal CA url to request the certificate

Select “request a certificate”

Select “advanced certificate request”

Select the option “Submit a certificate request by using a base-64 encoded CMC or PKCS #10, or submit a neweal request by using a base-64 encoded PKCS #7 file”

Open the certificate request file in NOTEPAD, copy the entire data and paste it at the “saved request” \ Base-64-encoded certificate request


Wait to processed and then select DER endoced or Base 64 encoded and click “download certificate”, if you prefer you can click at “download certificate chain” and this file contains the CA root certificates of your CA tree.

Import the certificate in the 1st server of the FARM

After that you can export this certificate with its private key to use it (import it) at the 2nd FARM server.

ATENTIONS: for each server joined at this FARM you need to name it at the DNS type at the request certificate done in the first steps of this article.



Deploying the WAC FARM


At the first server of the FARM run the following command in the powershell as administrator

New-OfficeWebAppsFarm -InternalUrl https://officeweb.contoso.net –ExternalUrlhttps://officeweb.contoso.com -CertificateName “office” –AllowHttp

where “office” in red is the “subject name” used during the certificate request.



For each new server joined at this FARM execute the following command

New-OfficeWebAppsMachine –MachineToJoin “hm11.home.intranet”

If everything is ok at this moment you can run the  “get-officewebappsfarm” command to verify the servers that are joined at this FARM.

*sometimes you won’t resolve the server’s name of all servers joined at the FARM and a good Solution is to import again the certificate at IIS or direct using MMC.exe \ certificates \ personal.


Validation tasks

At the first server joined at the FARM, open a browser and hit the following addresses

https://hm11.home.intranet/hosting/discovery/ – local server name

https://officeweb.home.com.br/hosting/discovery/ – external url

from a remote server (not a FARM server)

https://<server_XXX&gt;.home.intranet/hosting/discovery/ (server name/hosting/discovery/)

https://officeweb.home.com.br/hosting/discovery/ (external url name/hosting/discovery/) -> this is the name used at the Lync and Skype 4 Business topology publishing.

Validate the NLB function

Shutdown one of the servers joined at this FARM (or only disconnect the NIC or virtual NIC)

Hit the external URL from internet of a remote host  https://officeweb.home.com.br/hosting/discovery/

The answer should be like the following.

Configuring (Office Web Apps) at Lync 2013/Skype 4 Business

At the Lync/Skype For Business front end server

Use the topology builder at shared components (office web apps servers)

Set it to officeweb.home.com.br, your external URL (visible internally and externally)

Publish the topology and follow the instructions

*for LAB please create a dns zone named home.com.br for internal resolution, at this lab we have 2 dns zones in ADDS home.intranet (ADDS integrated zone) and home.com.br (your external valid
dns zone).