Chat now with support
Chat with Support

Coexistence Manager for GroupWise 1.7.1 - FBC Configuration Guide

About the Coexistence Manager for GroupWise Documentation Determine your FBC scenario FBC Scenario #1 FBC Scenario #2 FBC Scenario #3 FBC Scenario #4 FBC Scenario #5 FBC Scenario #6 FBC Scenario #7 FBC Scenario #8 FBC Scenario #9 FBC Scenario #10 FBC Scenario #11 FBC Scenario #12 Appendix: FBC Planning Worksheet Appendix: Configuring and troubleshooting the FBC with PowerShell Appendix: Troubleshooting the FBC

4.1: Physically install the Coexistence Manager for GroupWise FBC components

For any given scenario and configuration, it is possible to install all Coexistence Manager for GroupWise F/B Connector components on a single server, as shown in the illustrations in the introductory chapter (Determine your FBC scenario) of this Guide. However, many production environments experience sufficient query volume to warrant separate servers to ensure optimal performance. The installation instructions here therefore describe how to install Coexistence Manager for GroupWise’s F/B Connector on two servers.

See the configuration map you made in step 1 above to determine which components should be installed to which servers for this scenario.

If you prefer that all subcomponents reside on a single server, simply combine the components of Coexistence Manager for GroupWise Server 1 and Coexistence Manager for GroupWise Server 2 as they are listed in step 1 above. All Coexistence Manager for GroupWise Free/BusyConnector subcomponents are installed by the AutoRun utility included in the Coexistence Manager for GroupWise product kit.

IMPORTANT: Before you install, on any computer that will host any Coexistence Manager for GroupWise FBC web subcomponent, remove the IIS DefaultWebSite: In the navigation tree at left, right-click DefaultWebSite, and then select Remove from the pop-up menu. Coexistence Manager for GroupWise requires a dedicated server for its own web subcomponents.

Use the AutoRun utility now to install all the necessary Coexistence Manager for GroupWise F/B Connector subcomponents on the computer(s) where you want them installed.

IMPORTANT: Remember, the Coexistence Manager for GroupWise AutoRun installer must be run on the computer where you want to install a particular subcomponent. If you are deploying the F/B Connector to two different computers, you must run the AutoRun installer twice—once on each computer.

Remember: For Exchange queries for GroupWise F/B information, the simplest approach is to dedicate a separate Coexistence Manager for GroupWise FBC Server 2 (as noted in step 1 above, for Exchange queries to GroupWise, and GroupWise replies) for each GroupWise server, with all the Coexistence Manager for GroupWise servers feeding into the single Exchange server.

It is technically possible, but somewhat more complicated, to configure a single instance of the GroupWise FBC Service, EWS and Autodiscover to process free/busy traffic to and from multiple GroupWise servers—an approach that requires more elaborate GroupWise configurations.

4.2: Obtain and install web services certificates

Coexistence Manager for GroupWise Web Server components must support HTTPS to accept SSL connections. The server on which these components are installed must have a certificate that Exchange trusts. The single certificate must cover the primary domain and all subdomains supported by the GroupWise Server. The certificate covers the Autodiscover and EWS web services.

Coexistence Manager for GroupWise includes an Autodiscover Certificate Wizard to automate much of the process of installing this necessary certificate for the Free/Busy Connector. The wizard can be launched from Coexistence Manager for GroupWise’s Management Console, on the Quest Web Services screen (under GroupWise Free/Busy Connector), as described in the procedure documented in the next subtopic below (see Using the Autodiscover Certificate Wizard to Obtain and Install a Certificate). Alternatively you can manually request and install a certificate, as described in the second subtopic below (see To Manually Request and Install a Certificate Using IIS 7.0–8.5).

Using the Autodiscover Certificate Wizard to Obtain and Install a Certificate

Even when using the wizard, you will still have to manually request the certificate, and then tell the wizard where the certificate file resides, so the wizard can install it for use with Coexistence Manager for GroupWise.

To use the Autodiscover Certificate Wizard to install the necessary web services certificate using IIS 7.0–8.5:

1
In Coexistence Manager for GroupWise’s Management Console, on the Quest Web Services screen (under GroupWise Free/Busy Connector): Click the Autodiscover Certificate Wizard button to launch the wizard.
To get a certificate from a public CA: Go to the web site of the public CA, and follow their instructions to request a certificate. At some point you will paste into the request form the text you copied from the wizard (in step 2 above).
a
From a web browser, enter https://<Local_Certification_Authority_computer>/certsrv
b
Click Request a certificate, then click Advanced certificate request.
c
Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64- encoded PKCS #7 file.
e
In the Certificate Template box, select Web Server.
f
Click Submit.
g
Select Base 64 Encoded, then select Download certificate.
4
Back in the Autodiscover Certificate Wizard: Click Next.
2
From the Actions Pane, select Create Certificate Request.
3
Enter autodiscover.<smtpdomain> or <smtpdomain> for the primary domain and all required subdomains. Then click Next.
To get a certificate from a public CA: Go to the web site of the public CA, and follow their instructions to request a certificate.
a
From a web browser, enter https://<Local_Certification_Authority_computer>/certsrv
b
Click Request a certificate, then click Advanced certificate request.
c
Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64- encoded PKCS #7 file.
e
Copy and paste the text from the certificate request into the Saved Request box when you selected Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
f
In the Certificate Template box, select Web Server.
g
Click Submit.
h
Select Base 64 Encoded, then select Download certificate.
2
From the Actions Pane, select Complete Certificate Request.
3
Select Add. Select https as the type for a secure site, and enter the IP address and port number.

This procedure lets you configure a single certificate to answer for multiple addresses. This is obviously necessary for a multi-/subdomain configuration, but also, for a single-namespace environment, to create a certificate that will cover both Autodiscover and the root domain.

First, you must enable the SAN (Subject Alternate Name) flag on your CA. On the machine running CA services, run these commands at the command prompt to enable the flag:

When the SAN flag is enabled, you can create the certificate:

1
Open IIS on the machine running F/B and select the server. Scroll to the bottom, open Server Certificates, and click on Create Certificate Request.
2
For the common name, enter something appropriate for your larger domain. For example, for a domain alejandro.xyzcorp.com, the common name on the certificate is *.xyzcorp.com. (This is somewhat generic, as we will later add specific namespaces to the certificate.)
5
Open the certificate web enrollment page for the CA of your domain— e.g., https://hostname/certsrv. Then select Request a Certificate, and then select Advanced Certificate Request.
6
Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
7
In the Base-64-encoded certificate request box, paste all of the text that you copied from the text file in step 4 above.
8
For the Certificate Template, select Web Server.
9
In the Additional Attributes box, enter any alternate-domain information in this format:
... with &dns=dns.name appended for each alternate domain you want the certificate to handle.
For a single-namespace environment: Enter the autodiscover and root domain, like this:
For a multi-/subdomain environment: You can enter as many domains as you like:
10
Select the DER encoded radio button, and then select Download certificate chain.
12
Go back to IIS and click Complete Certificate Request.
13
For the Filename containing the certification authority’s response, click the Browse button and select the certificate you just saved. (Be sure to change the file type to *.* instead of *.cer, or you won’t see the file you saved—since it is a .P7B extension.) Type a friendly name that is easy to remember and identify so you can find your certificate on the list later. You should then see your new certificate on the list.
15
Click the Details tab, and scroll down to Subject Alternative Name. Highlight this field, and you should see all of your domains in the Details box.

Now bind your certificate to the HTTPS protocol on the QuestFreeBusy website:

2
In the Actions pane on the right, select Bindings.
3
Select https and click Edit.
4
In the Edit Site Binding window, in the SSL certificate drop-down list: Select the certificate you just created.
5

4.3: Configure trusted sites for computers hosting F/B components

Log in as the Coexistence Manager for GroupWise account to be used with the F/B Connector (if you haven’t already). Then, in Internet Options (via Windows Control Panel or IE Tools):

1
Click the Security tab, then select Trusted sites and click the Custom level... button.
2
In Settings, scroll down to User Authentication | Logon, and click the radio button for Automatic logon with current user name and password.
3
Click OK to save the selection and return to the Security tab.
5
Click OK to save your new Security settings and dismiss the Internet Options dialog box.

By default, Coexistence Manager for GroupWise is installed with the log42net utility to generate log files of Coexistence Manager for GroupWise components’ system activity. This information is critical to diagnosing any problems that may arise. Logging is enabled by default for all Coexistence Manager for GroupWise components.

The default configurations will be suitable for almost all organizations and circumstances, but you can customize logging features if you like. The log42net utility may be configured to work a particular way with each Coexistence Manager for GroupWise component. Configuration instructions are nearly identical from one component to another, so we present those details separately, in Appendix C of the Coexistence Manager for GroupWise User Guide (not in this FBC Configuration Guide).

Use Coexistence Manager for GroupWise’s Management Console to configure the Free/Busy Connector’s components—to identify the participating servers and their locations, register the necessary account access credentials, and set other operating parameters and preferences. See chapter 4 of the Coexistence Manager for GroupWise User Guide for field notes and application notes for each screen in the F/B Connector Management Console.

Step 5: Configure and test connections among GroupWise, Exchange and Coexistence Manager for GroupWise's FBC Web Server

Before running any of Coexistence Manager for GroupWise’s F/B Connector subcomponents, you must synchronize GroupWise users as Office 365 contacts, and Exchange users to GroupWise. Coexistence Manager for GroupWise’s Directory Connector does not support directory synchronizations directly between GroupWise and Office 365. In this non-hybrid O365 scenario, however, you can configure Microsoft’s Azure AD Sync synchronization tool to synchronize a local AD with Office 365. See Microsoft’s Azure AD Sync tool documentation for instructions and guidance in configuring the Azure AD Sync tool for this purpose.

Make sure that the GroupWise SOAP web service is enabled (step 2 above), since that is also an environmental requirement for Coexistence Manager for GroupWise’s Free/Busy Connector.

NOTE: GroupWise sometimes mistakenly generates F/B queries for addresses in the form user-domain-com@domain.com (instead of user@domain.com). Queries to such addresses will fail if AD does not recognize the address, so be sure to add that address form as an alias in AD for each Exchange user.

Configure and verify the link from Office 365 to the domains/subdomains supported by the GroupWise server. This procedure tests whether the certificate on the Coexistence Manager for GroupWise Web Server is trusted by O365.

For FBC coexistence with Office 365, run Enable-OrganizationCustomization, and then create the availability address space by opening a PowerShell session and using the following commands:

New-AvailabilityConfig –OrgWideAccount <username@domain.onmicrosoft.com>
[replace <username@domain.onmicrosoft.com> with your O365 admin account]
$domain = "<domain.onmicrosoft.com>"
[replace <domain.onmicrosoft.com> with your SMTP domain name in Office 365]
$adminUserId = "<username@domain.onmicrosoft.com>"
[replace <username@domain.onmicrosoft.com> with your O365 admin account]
$adminCredsId = "<username@domain.onmicrosoft.com>"
[replace <username@domain.onmicrosoft.com> with your O365 admin account]
$adminCredsPassword = "<YourPassword>"
[replace <YourPassword> with your Office 365 admin password]

You can use Network Load Balancing to permit multiple web servers to handle Autodiscover requests. This is optional, not required to deploy Coexistence Manager for GroupWise. For more information, see this Microsoft article.

Configure DNS to point autodiscover.<smtpdomain.com> to the computer where Coexistence Manager for GroupWise’s Autodiscover service is installed. For each domain, Exchange connects to predefined Autodiscover URLs using DNS host entries.

For Exchange to get free/busy information from the domain supported by a GroupWise server, through the Coexistence Manager for GroupWise Free/Busy Connector, you must make the Coexistence Manager for GroupWise Autodiscover Web Service resolvable to this URL:

Related Documents