Single Inbox Unity Connection 9.x Exchange 2013

We are UC/Collaboration guys and if you are like me, Exchange 2013 is not your expertise… but if you are handy with Exchange 2013 that is great, and maybe you can use the following post useful too.

Single Inbox Unity Connection 9.x Exchange 2013

Here are some useful links that I have found in order to get Single Inbox configured:

This is the main link:

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/9x/design/guide/9xcucdgx/9xcucdg032.html#pgfId-1141552

System Requirements:

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/9x/requirements/9xcucsysreqs.html

High level and pretty much what you need to do in order to complete the configuration:

  • Assign the application impersonation management role to the unified messaging services accounts.
  • Configure EWS limits for the unified messaging users (Exchange 2013 and Later).
  • Configure EWS limits for the unified messaging users (Exchange 2010 SP2 RU4 and Later).
  • Configure EWS limits for the unified messaging services accounts (Exchange 2010 SP2 RU3 and Earlier Releases).

For the actual procedures here is the link:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/9x/unified_messaging/guide/9xcucumgx/9xcucumg020.html

The one we are looking for in my particular case is the following:

Single Inbox without ViewMail for Outlook or with Other Email Clients

If you use another email client to access Unity Connection voice messages in Exchange, or if you do not install ViewMail for Outlook:

  • The email client treats Unity Connection voice messages like emails with .wav file attachments.
  • When a user replies to or forwards a Unity Connection voice message, the reply or forward also is treated like an email, even if the user attaches a .wav file. Message routing is handled by Exchange, not by Unity Connection, so the message is never sent to the Unity Connection mailbox for the recipient.
  • Users cannot listen to secure voice messages.
  • It may be possible to forward private voice messages. (When users use ViewMail for Outlook, ViewMail for Outlook prevents private messages from being forwarded.)

 

Creating the Account in Active Directory and Grant Permissions:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/9x/unified_messaging/guide/9xcucumgx/9xcucumg020.html#25466

Assigning the Application Impersonation Management Role to Unified Messaging Services Accounts (Exchange 2013 and Exchange 2010 Only)

To Assign the ApplicationImpersonation Management Role to Unified Messaging Services Accounts (Exchange 2013 and Exchange 2010 Only)

Step 1 Sign in to a server on which Exchange Management Shell is installed. Sign in using either an account that is a member of the Enterprise Admins group or an account that has permission to grant permissions on Exchange objects in the configuration container.

Step 2 Run the following command in Exchange Management Shell to assign the ApplicationImpersonation management role to the unified messaging services account for Exchange 2013 and Exchange 2010.

new-ManagementRoleAssignment -Name: RoleName -Role:ApplicationImpersonation -User:’ Account

where:

    • RoleName is the name that you want to give the assignment, for example, Unity ConnectionUMServicesAcct. The name that you enter for RoleName appears when you run get-ManagementRoleAssignment.
    • Account is the name of the unified messaging services account in domain\alias format.

Removing EWS Limits:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/9x/unified_messaging/guide/9xcucumgx/9xcucumg020.html#pgfId-1343905

Removing EWS Limits from Exchange 2010 Service Pack 2 RU4 and Later

Revised November 17, 2014

Microsoft has enabled the client throttling policy feature by default. If there is no throttling policy already configured, Microsoft Exchange applies a default policy to all users. The default throttling policy is tailored for end user’s load and not for an enterprise application like, Unity Connection using impersonation. If any Unity Connection users who are configured for unified messaging have mailboxes in Exchange 2010, configure the Exchange 2010 EWS limits for the unified messaging users mailbox by creating and applying a new mailbox policy to the unified messaging user mailbox account. If you do not configure EWS limits, messages may not be synchronized, and status changes (for example, from unread to read), changes to the subject line, and changes to the priority may not be replicated. In addition, attempts to access Exchange calendars and contacts may fail.

Note Prior to Exchange 2010 SP2 RU4, the throttling limit was calculated against the calling account (In Our Case Service Account). Starting with, Exchange 2010 SP2 RU4, this limit has been changed. Now, the charges are counted against the target mailbox instead of the calling account.

To Configure EWS Limits from Exchange 2010 Service Pack 2 RU4 and Later

Step 1 Sign in to a server on which Exchange Management Shell is installed. Sign in using either an account that is a member of the Enterprise Admins group or an account that has permission to grant permissions on Exchange objects in the configuration container.

Step 2 Create a new policy with the following EWS connections where Exchange mailboxes have more than 1000 messages, which includes voice messages and receipts. For Exchange mailboxes having 10000 messages, then the new throttling policy will be:

New-ThrottlingPolicy -Name “ <ConnectionUnifiedMessagingServicesPolicy> ” -EWSPercentTimeInCAS 300 -EWSPercentTimeInMailboxRPC 200 -EWSFindCountLimit 10000 -EWSPercentTimeinAD 100

where ConnectionUnifiedMessagingServicesPolicy is the name that you want to assign to the policy. Refer to the Table 2-5 to have detailed description on the throttling policy parameters.

Step 3 Apply the new policy to all the unified messaging user mailbox. For each user mailbox, run the following command:

Set-ThrottlingPolicyAssociation -Identity “ < ConnectionUnifiedMessagingusermailbox > ” -ThrottlingPolicy “ < ConnectionUnifiedMessagingServicesPolicy >

where:

  • ConnectionUnifiedMessagingusermailbox is the name of the user mailbox.
  • ConnectionUnifiedMessagingServicesPolicy is the name of the policy that you created in Step 2.

Step 4 Confirm that the mailbox is using the new policy:

Get-ThrottlingPolicyAssociation -Identity “ < ConnectionUnifiedMessagingusermailbox >” | findstr “ThrottlingPolicy”

Step 5 On each Exchange 2010 server that has the CAS role, restart the Microsoft Exchange RPC Client Access service.

Table 2-5 Recommended Throttle Policy Parameter Values With 10000 Items in User’s Mailbox

Field Policy Value To Be Used Description
EWSPercentTimeInCAS 300 Specifies the percentage of a minute that an Exchange Web Services user can spend executing the client access server code (PercentTimeInCAS).
EWSPercentTimeInMailboxRPC 200 Specifies the percentage of a minute that an Exchange Web Services user can spend executing mailbox remote procedure call (RPC) requests (PercentTimeInMailboxRPC).
EWSFindCountLimit 10000 Defines the maximum number of items from a FindItem or FindFolder operation that can exist in memory on the Client Access server at one time for one user.Note If in your deployment mailboxes have more than 10,000 messages, then you can adjust this parameter.
EWSPercentTimeinAD 100 Specifies the maximum amount of time that can be spent by a Client Access server when accessing Active Directory resources on behalf of a client account, per minute.

More stuff to be aware and to make sure it follows your security practice:

Go to your IIS Management Console and go for AutoDiscover

Screen Shot 2014-12-09 at 5.22.13 PM

Select Basic Authentication (again, this one needs to allign with your security practices)

Screen Shot 2014-12-09 at 5.22.29 PM

Now under SSL Settings remove the Require SSL Certificates (if security policy requires the use of SSL certificates, make sure Unity Connection has a the root and Signed certificate from your CA)

Screen Shot 2014-12-09 at 5.22.38 PM

Screen Shot 2014-12-09 at 5.22.48 PM

Also follow the same steps under your EWS directory.

I hope this helps someone out there on the field.

About the Author:

Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 13 years of experience, Andres is specialized in the Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.

You can follow Andres using Twitter, LinkedIn or Facebook

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s