Category Archives: Skype for Business

Exchange 2016 + Skype For Business + New Certificate = Errors?

Leave a reply

Changing an expired SSL certificate is easy in Exchange 2016 using the EMC.  A simple click or two, and boom… new certificate!

Unless you have integrated Skype for Business IM into your OWA.

Symptoms
1st Symptom: User Complaints
2nd Symptom: Your exchange logs the following event:

The certificate specified by the InstantMessagingCertificateThumbprint parameter of the Outlook Web App virtual directory wasn’t found in the local certificate store.
Certificate thumbprint:

Yup.. you have a couple of more steps to complete.

STEP#1: Get the new thumbprint

  1. Launch Exchange Management Shell as an Administrator
  2. Execute
    Get-ExchangeCertificate
  3. Copy the Thumbprint of the certificate that has registered the “W” service
    NOTE: That same certificate may have registered other services like the certificate example below, which has registered IPUWSC services.
    image

STEP#2: Update the OWA virtual directory with the new thumbprint

  1. Launch Exchange Management Shell as an
    Administrator
  2. Execute
    get-owavirtualdirectory | Set-OwaVirtualDirectory -InstantMessagingCertificateThumbprint [THE NEW THUMBPRINT]

STEP#3: Update the OWA configuration file

  1. Open the OWA configuration file located at
    C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\OWA\web.config
  2. Search the configuration file for “IMCertificateThumbprint”
    Important: If the key does not exist in the web.config, proceed to STEP#3A below
  3. Change the key thumbprint to the new thumbprint value
    <add key=”IMCertificateThumbprint” value=”[THE NEW THUMBPRINT” />
  4. Restart IIS and test IM in OWA
  5. Your Done!  Stop here!

STEP#3A: Update Setting Overrides

  1. Launch Exchange Management Shell as an Administrator
  2. Execute
    Get-SettingOverride
  1. You should get an output like the following
    image
    Closely note the following values
    – Id   {In the example above, the value is OWA-SKYPE-INTEGRATION
    – Parameters, specifically the IMServerName value {In the example above, the value is SRVSKYPE15FE.corp.armgasys.com
  2. Execute
    Set-SettingOverride -Identity [ID NAME] -Parameters @(“IMServerName=[SERVER NAME]”,”IMCertificateThumbprint=[THE NEW THUMBPRINT]”)
  3. Make sure everything is refreshed by executing the following command
    Get-ExchangeDiagnosticInfo -Server $ENV:COMPUTERNAME -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh
  4. Restart IIS and test IM in OWA

Good Luck!