We are UC/Collaboration guys and if you are like me, Exchange 2013 is not your expertise… but if you are handy with Exchange 2013 that is great, and maybe you can use the following post useful too.
Single Inbox Unity Connection 9.x Exchange 2013
Here are some useful links that I have found in order to get Single Inbox configured:
This is the main link:
System Requirements:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/9x/requirements/9xcucsysreqs.html
High level and pretty much what you need to do in order to complete the configuration:
- Assign the application impersonation management role to the unified messaging services accounts.
- Configure EWS limits for the unified messaging users (Exchange 2013 and Later).
- Configure EWS limits for the unified messaging users (Exchange 2010 SP2 RU4 and Later).
- Configure EWS limits for the unified messaging services accounts (Exchange 2010 SP2 RU3 and Earlier Releases).
For the actual procedures here is the link:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/9x/unified_messaging/guide/9xcucumgx/9xcucumg020.html
The one we are looking for in my particular case is the following:
Single Inbox without ViewMail for Outlook or with Other Email Clients
If you use another email client to access Unity Connection voice messages in Exchange, or if you do not install ViewMail for Outlook:
- The email client treats Unity Connection voice messages like emails with .wav file attachments.
- When a user replies to or forwards a Unity Connection voice message, the reply or forward also is treated like an email, even if the user attaches a .wav file. Message routing is handled by Exchange, not by Unity Connection, so the message is never sent to the Unity Connection mailbox for the recipient.
- Users cannot listen to secure voice messages.
- It may be possible to forward private voice messages. (When users use ViewMail for Outlook, ViewMail for Outlook prevents private messages from being forwarded.)
Creating the Account in Active Directory and Grant Permissions:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/9x/unified_messaging/guide/9xcucumgx/9xcucumg020.html#25466
Assigning the Application Impersonation Management Role to Unified Messaging Services Accounts (Exchange 2013 and Exchange 2010 Only)
To Assign the ApplicationImpersonation Management Role to Unified Messaging Services Accounts (Exchange 2013 and Exchange 2010 Only)
Step 1 Sign in to a server on which Exchange Management Shell is installed. Sign in using either an account that is a member of the Enterprise Admins group or an account that has permission to grant permissions on Exchange objects in the configuration container.
Step 2 Run the following command in Exchange Management Shell to assign the ApplicationImpersonation management role to the unified messaging services account for Exchange 2013 and Exchange 2010.
new-ManagementRoleAssignment -Name: RoleName -Role:ApplicationImpersonation -User:’ Account ‘
where:
- RoleName is the name that you want to give the assignment, for example, Unity ConnectionUMServicesAcct. The name that you enter for RoleName appears when you run get-ManagementRoleAssignment.
- Account is the name of the unified messaging services account in domain\alias format.
Removing EWS Limits:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/9x/unified_messaging/guide/9xcucumgx/9xcucumg020.html#pgfId-1343905
Removing EWS Limits from Exchange 2010 Service Pack 2 RU4 and Later
Revised November 17, 2014
Microsoft has enabled the client throttling policy feature by default. If there is no throttling policy already configured, Microsoft Exchange applies a default policy to all users. The default throttling policy is tailored for end user’s load and not for an enterprise application like, Unity Connection using impersonation. If any Unity Connection users who are configured for unified messaging have mailboxes in Exchange 2010, configure the Exchange 2010 EWS limits for the unified messaging users mailbox by creating and applying a new mailbox policy to the unified messaging user mailbox account. If you do not configure EWS limits, messages may not be synchronized, and status changes (for example, from unread to read), changes to the subject line, and changes to the priority may not be replicated. In addition, attempts to access Exchange calendars and contacts may fail.
Note Prior to Exchange 2010 SP2 RU4, the throttling limit was calculated against the calling account (In Our Case Service Account). Starting with, Exchange 2010 SP2 RU4, this limit has been changed. Now, the charges are counted against the target mailbox instead of the calling account.
To Configure EWS Limits from Exchange 2010 Service Pack 2 RU4 and Later
Step 1 Sign in to a server on which Exchange Management Shell is installed. Sign in using either an account that is a member of the Enterprise Admins group or an account that has permission to grant permissions on Exchange objects in the configuration container.
Step 2 Create a new policy with the following EWS connections where Exchange mailboxes have more than 1000 messages, which includes voice messages and receipts. For Exchange mailboxes having 10000 messages, then the new throttling policy will be:
New-ThrottlingPolicy -Name “ <ConnectionUnifiedMessagingServicesPolicy> ” -EWSPercentTimeInCAS 300 -EWSPercentTimeInMailboxRPC 200 -EWSFindCountLimit 10000 -EWSPercentTimeinAD 100
where ConnectionUnifiedMessagingServicesPolicy is the name that you want to assign to the policy. Refer to the Table 2-5 to have detailed description on the throttling policy parameters.
Step 3 Apply the new policy to all the unified messaging user mailbox. For each user mailbox, run the following command:
Set-ThrottlingPolicyAssociation -Identity “ < ConnectionUnifiedMessagingusermailbox > ” -ThrottlingPolicy “ < ConnectionUnifiedMessagingServicesPolicy > “
where:
- ConnectionUnifiedMessagingusermailbox is the name of the user mailbox.
- ConnectionUnifiedMessagingServicesPolicy is the name of the policy that you created in Step 2.
Step 4 Confirm that the mailbox is using the new policy:
Get-ThrottlingPolicyAssociation -Identity “ < ConnectionUnifiedMessagingusermailbox >” | findstr “ThrottlingPolicy”
Step 5 On each Exchange 2010 server that has the CAS role, restart the Microsoft Exchange RPC Client Access service.
Table 2-5 Recommended Throttle Policy Parameter Values With 10000 Items in User’s Mailbox
Field | Policy Value To Be Used | Description |
EWSPercentTimeInCAS | 300 | Specifies the percentage of a minute that an Exchange Web Services user can spend executing the client access server code (PercentTimeInCAS). |
EWSPercentTimeInMailboxRPC | 200 | Specifies the percentage of a minute that an Exchange Web Services user can spend executing mailbox remote procedure call (RPC) requests (PercentTimeInMailboxRPC). |
EWSFindCountLimit | 10000 | Defines the maximum number of items from a FindItem or FindFolder operation that can exist in memory on the Client Access server at one time for one user.Note If in your deployment mailboxes have more than 10,000 messages, then you can adjust this parameter. |
EWSPercentTimeinAD | 100 | Specifies the maximum amount of time that can be spent by a Client Access server when accessing Active Directory resources on behalf of a client account, per minute. |
More stuff to be aware and to make sure it follows your security practice:
Go to your IIS Management Console and go for AutoDiscover
Select Basic Authentication (again, this one needs to allign with your security practices)
Now under SSL Settings remove the Require SSL Certificates (if security policy requires the use of SSL certificates, make sure Unity Connection has a the root and Signed certificate from your CA)
Also follow the same steps under your EWS directory.
I hope this helps someone out there on the field.
About the Author:
Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 13 years of experience, Andres is specialized in the Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.