Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2010-07-13
Microsoft Exchange Server 2010 Unified Messaging (UM) and Microsoft Office Communications Server 2007 can be deployed together to provide voice messaging, instant messaging, enhanced user presence, audio/video conferencing, and an integrated e-mail and messaging experience for users in your organization. This topic discusses how to configure Exchange 2010 Unified Messaging and Communications Server 2007 to support these features.
Looking for more information about Communications Server 2007? See the reference and Help documentation for Communications Server 2007 in the Office Communications Server and Client Documentation Rollup.
Deploying Exchange Unified Messaging and Communications Server 2007
Exchange 2010 Unified Messaging combines voice messaging and e-mail messaging into a single messaging infrastructure. Communications Server 2007 Enterprise Voice takes advantage of the Unified Messaging infrastructure to provide voice mail, subscriber access, call notification, and auto attendant services.
Before you can implement these services or features, you must do the following:
- Install Communications Server 2007 in the same Active Directory
directory service topology as the Unified Messaging servers.
- Deploy the following Exchange 2010 server roles:
- Unified Messaging server role The
Unified Messaging server connects Exchange 2010 with Communications
- Hub Transport server role The Hub
Transport server routes e-mail messages from the Unified Messaging
server to user mailboxes.
- Client Access server role The Client
Access server hosts client protocols, such as POP3, IMAP4, HTTPS,
Outlook Anywhere (formerly known as RPC over HTTP), the
Availability service, and the Autodiscover service. The Client
Access server also hosts Exchange Web Services.
- Mailbox server role The Mailbox server
hosts user mailboxes.
For more information about the server roles included in Exchange 2010, see Getting Started With Exchange 2010. For more information about how to install each server role included in Exchange 2010, see Understanding a New Installation of Exchange 2010.
- Unified Messaging server role The Unified Messaging server connects Exchange 2010 with Communications Server 2007.
- Install and configure Communications Server 2007 in your
organization as follows:
- Install Communications Server 2007 on servers in your
- Install a certificate that's valid and signed by a
certification authority (CA) on the Communications Server 2007
- Make sure that the certificate that you installed on the
Communications Server 2007 servers is trusted by the Unified
- Confirm that at least one Communications Server 2007 pool
object is created during installation.
- Install Communications Server 2007 on servers in your organization.
Certificate Configuration Recommendations
You must have a certificate that's trusted by both the computers running Exchange and Communications Server 2007. In an environment that has Communications Server 2007 and Exchange 2010 Unified Messaging, use the following guidelines for deploying a trusted certificate:
- Import a certificate that's valid and signed by a CA. This
should be a trusted third-party commercial certificate or a public
key infrastructure (PKI) certificate and should be imported on the
Communications Server 2007 computers and the Exchange servers that
have the Unified Messaging and Client Access server roles
- The most simple certificate deployment scenario is to import
the same third-party commercial or PKI certificate to each Exchange
2010 server that has the following server roles installed: Unified
Messaging, Client Access, and Hub Transport. Also, install this
trusted certificate on each computer running Communications Server
2007. This will help simplify your certificate deployment and
reduce the administrative overhead associated with deploying
certificates. However, you must obtain a trusted certificate that
supports subject alternative names.
Note: If you use a SIP secured or Secured dial plan, a trusted certificate is required between the Unified Messaging servers and the IP gateways. A trusted certificate is also required if a direct Session Initiation Protocol (SIP) connection is used. If you use a SIP secured or Secured dial plan, you can use the same trusted certificate used between Communications Server 2007 computers and the Unified Messaging, Client Access, and Hub Transport servers.
- Although you can install the Unified Messaging server role and
other Exchange 2010 server roles on the same computer, when you
deploy Communications Server 2007, we recommend that you install
the Unified Messaging server role on a computer that won't be
running other Exchange 2010 server roles. If another server role is
installed on the same computer as the Unified Messaging server
role, the Microsoft Exchange Unified Messaging service may
select the incorrect certificate and be unable to use mutual
Transport Layer Security (mutual TLS) to encrypt traffic. This
occurs because of limitations with subject alternative names found
For example, if you install the Unified Messaging server role first, and then later install the Client Access server role on the same server, the Microsoft Exchange Unified Messaging service will use the certificate created by the Client Access server role instead of the certificate created when the Unified Messaging server role was installed. This is because the Microsoft Exchange Unified Messaging service looks for the certificate in the trusted root store that has the most time left before it will expire.
- Because the trusted certificate uses mutual TLS to establish an
encrypted channel with Communications Server 2007 and with Client
Access, Hub Transport, and Unified Messaging servers, the name on
the certificate used during mutual TLS negotiation must match the
fully qualified domain name (FQDN) of the server that presents the
After you install the required server roles in your Exchange 2010 organization, there's a recommended sequence of steps that you must perform on the Exchange Unified Messaging environment and in your Communications Server 2007 environment to correctly deploy Enterprise Voice and Exchange 2010 Unified Messaging. Exchange 2010 Unified Messaging is used to provide call answering, Outlook Voice Access, and auto attendant services. Communications Server 2007 enables more advanced features found in Enterprise Voice services. The following figure illustrates the recommended deployment path for implementing Enterprise Voice services found with Exchange 2010 Unified Messaging and Communications Server 2007.
Deploying Exchange 2010 Unified Messaging and Communications Server 2007
For more information about Communications Server 2007 and to download the reference and Help documentation for Communications Server 2007, see Office Communications Server and Client Documentation Rollup.
There are several steps that you must complete to configure Exchange 2010 Unified Messaging to work with Enterprise Voice in Communications Server 2007. You must do the following:
- Create one or more Exchange 2010 Unified Messaging SIP Uniform
Resource Identifier (URI) dial plans that each map to a
corresponding Communications Server 2007 location profile. An
Enterprise Voice location profile must be created for each Exchange
UM dial plan. You can use the Get-UMDialPlan cmdlet to
obtain the FQDN of a SIP URI dial plan. For more information about
how to create a SIP URI dial plan, see Create a UM Dial
Important: When you are integrating Exchange Unified Messaging and Office Communications Server, you'll probably find it unnecessary to configure dialing rules or dialing rule groups in Exchange Unified Messaging. Office Communications Server is designed to perform call routing and number translation for users in your organization, and will also do this when the calls are made by Exchange Unified Messaging on behalf of users.
- Install a certificate on the Unified Messaging servers that's
valid and signed by a CA, and then restart the
Microsoft Exchange Unified Messaging service on each Unified
- Encrypt the Voice over IP (VoIP) traffic by configuring the SIP
URI dial plan as SIP secured or Secured. For more information about
how to configure the security settings on a UM dial plan, see
Security on a UM Dial Plan. For more information about VoIP
security and configuring mutual TLS, see Understanding Unified
Messaging VoIP Security.
Although a UM dial plan can be configured as SIP secured or Secured, we recommend that you configure the dial plan as Secured to enable Microsoft Office Communicator 2007 Phone Edition devices to work correctly. This is recommended because of the default encryption level settings configured in Communications Server 2007. A Communicator Phone Edition device will only work if the encryption settings are configured as shown in the following table. This table shows the relationship between the encryption settings for both Communications Server 2007 and UM dial plans.
Encryption settings for Communicator Phone Edition
Communications Server 2007 UM dial plan
Encryption required (default)
- Add the servers running the Unified Messaging server role to
the SIP dial plan. To enable the server to answer incoming calls,
you must add the Unified Messaging server to a dial plan. For more
information about how to add a Unified Messaging server to a dial
plan, see Add a
UM Server to a Dial Plan.
- Create a SIP address for the users who will use Enterprise
Voice. For more information about how to create a SIP address for a
UM-enabled user, see Enable a User for
Unified Messaging. Or if you want to change the SIP address for
a UM-enabled user, see Modify a SIP Address for
a UM-Enabled User.
Important: Users who are associated with a SIP URI dial plan cannot receive incoming faxes. This is because incoming voice and fax calls are routed through a mediation server and faxing isn't supported when using a mediation server.
- Open the Exchange Management Shell and run the exchucutil.ps1
script located in the <Exchange Installation folder>\Exchange
Server\Script folder. The exchucutil.ps1 script does the
- Grants Communications Server 2007 permission to read Exchange
UM Active Directory objects, specifically, the SIP URI dial plan
objects created in the previous task. For more information about
how to configure permissions on Active Directory objects, see
How to Use ADSI Edit to Apply Permissions.
- Creates a UM IP gateway in Active Directory for each
Communications Server 2007 pool or for each server running
Communications Server 2007 Standard Edition that hosts users who
are enabled for Enterprise Voice. For more information about how to
create a UM IP gateway, see Create a UM IP
- Creates an Exchange UM hunt group for each IP gateway. The hunt
group pilot identifier will be the name of the dial plan associated
with the corresponding gateway. The hunt group must specify the
Exchange 2010 Unified Messaging SIP dial plan used with the UM IP
gateway. For more information about how to create a UM hunt group,
see Create a UM
- Grants Communications Server 2007 permission to read Exchange UM Active Directory objects, specifically, the SIP URI dial plan objects created in the previous task. For more information about how to configure permissions on Active Directory objects, see How to Use ADSI Edit to Apply Permissions.
You must also complete the following tasks to configure Communications Server 2007 to work with Exchange 2010 Unified Messaging:
- Create location profiles. The location profile name must match
the FQDN of the corresponding UM dial plans.
- Assign location profiles to Communications Server 2007
- Deploy and configure media gateways and mediation servers.
- Define telephone usages, voice policies, and outbound call
- Configure the users for Enterprise Voice services.
- Run the ocsumutil.exe command that creates the contact
objects for subscriber access and for the auto attendant. It also
validates that there's a location profile name that matches the
FQDN of the Exchange UM dial plan.
Note: When you install Communications Server 2007, the msRTC-SIPLine attribute is added to Active Directory. If you haven't installed Communications Server 2007 in your environment, this attribute isn't added to Active Directory, and caller ID name resolution across dial plans in a single forest and in cross-forest scenarios won't work correctly unless you configure Unified Messaging proxy addresses for users who aren't UM-enabled.
For more information about how to perform the tasks that must be completed for Communications Server 2007, see Office Communications Server and Client Documentation Rollup.
After you configure the Communications Server 2007 and the Unified Messaging servers, you must enable the user to use Communications Server 2007 and install Communicator on the user's client computer.
|Sending and receiving faxes using T.38 or G.711 isn't supported in an environment when Unified Messaging and Office Communications Server are integrated.|