- ADDS – Active Directory Domain Services.
- Lync Server 2013 or Skype For Business deployed in the environment
- ADCS – Active Directory Certificate service for certificates request based in predefined templates
Do the same below to all servers that will run WAC (OWA – office web apps)
- Open a PowerShell as Administrator and then copy and paste
- Add-WindowsFeature NET-HTTP-Activation,NET-Non-HTTP-Activ,NET-WCF-HTTP-Activation45,Web-Includes,Web-Static-Content,Web-Windows-Auth,Web-Mgmt-Console,InkAndHandwritingServices -source r:\sources\sxs -restart
- Download Office Web Apps from http://www.microsoft.com/en-us/download/details.aspx?id=35489
- Download Office Web Apps updates from http://support.microsoft.com/kb/2760445
- Install also NLB feature on all servers that will run WAC (OWA – Office web apps)
Requesting needed certificates for WAC (Office Web Apps)
In the first node of this FARM generate the certificate request using mmc.exe , Certificates, Personal and then go to all tasks, advanced operations and select “Create Custom Request”
Windows + R \ mmc.exe <enter>
Follow the instructions bellow.
Select Custom Request and click next
At Custom Request select the “web server” template, and at “request format” check PKCS #10 and click next
Select properties once you have “web server” at Active Directory Enrollment Policy and click properties
Select Custom Request and click next
At general TAB name the certificate “officeweb” and click apply
At the subject TAB select “common name” at type and give the CN name to this certificate
Hm11.home.intranet and click ADD
At “Alternative name” select DNS as type
Fill with the following names:
Officeweb.home.com.br (your external url that is going to be used to answer the request for WAC)
Officeweb.home.intranet (your internal url that is used to answer for internal request inside your ADDS network/netbios domain)
And also add the host names of the servers where WAC FARM is running.
At the “Private Key” TAB select the key size as 2048
Check “make private key exportable” and click ok or apply
After this click NEXT and select the folder to save the request file yourcertreqname.req and click save.
Be sure that your folder path is correct and the file has its own name and file extension .REQ and click FINISH
Now you can request your certificate at your internal CA (certificate authority) in AD forest.
Access your internal CA url to request the certificate
Select “request a certificate”
Select “advanced certificate request”
Select the option “Submit a certificate request by using a base-64 encoded CMC or PKCS #10, or submit a neweal request by using a base-64 encoded PKCS #7 file”
Open the certificate request file in NOTEPAD, copy the entire data and paste it at the “saved request” \ Base-64-encoded certificate request
Wait to processed and then select DER endoced or Base 64 encoded and click “download certificate”, if you prefer you can click at “download certificate chain” and this file contains the CA root certificates of your CA tree.
Import the certificate in the 1st server of the FARM
After that you can export this certificate with its private key to use it (import it) at the 2nd FARM server.
ATENTIONS: for each server joined at this FARM you need to name it at the DNS type at the request certificate done in the first steps of this article.
At the first server of the FARM run the following command in the powershell as administrator
where “office” in red is the “subject name” used during the certificate request.
For each new server joined at this FARM execute the following command
New-OfficeWebAppsMachine –MachineToJoin “hm11.home.intranet”
If everything is ok at this moment you can run the “get-officewebappsfarm” command to verify the servers that are joined at this FARM.
*sometimes you won’t resolve the server’s name of all servers joined at the FARM and a good Solution is to import again the certificate at IIS or direct using MMC.exe \ certificates \ personal.
At the first server joined at the FARM, open a browser and hit the following addresses
https://hm11.home.intranet/hosting/discovery/ – local server name
https://officeweb.home.com.br/hosting/discovery/ – external url
from a remote server (not a FARM server)
https://<server_XXX>.home.intranet/hosting/discovery/ (server name/hosting/discovery/)
https://officeweb.home.com.br/hosting/discovery/ (external url name/hosting/discovery/) -> this is the name used at the Lync and Skype 4 Business topology publishing.
Validate the NLB function
Shutdown one of the servers joined at this FARM (or only disconnect the NIC or virtual NIC)
Hit the external URL from internet of a remote host https://officeweb.home.com.br/hosting/discovery/
The answer should be like the following.
Use the topology builder at shared components (office web apps servers)
Set it to officeweb.home.com.br, your external URL (visible internally and externally)
Publish the topology and follow the instructions
*for LAB please create a dns zone named home.com.br for internal resolution, at this lab we have 2 dns zones in ADDS home.intranet (ADDS integrated zone) and home.com.br (your external valid