Coexistence Manager for GroupWise 1.7 - FBC Configuration Guide

4.1: Physically install the CMG FBC components

For any given scenario and configuration, it is possible to install all CMG F/B Connector components on a single server, as shown in the illustrations in the introductory chapter (Determine your FBC scenario) of this Guide. However, many production environments experience sufficient query volume to warrant separate servers to ensure optimal performance. The installation instructions here therefore describe how to install CMG’s F/B Connector on two servers.

See the configuration map you made in step 1 above to determine which components should be installed to which servers for this scenario.

If you prefer that all subcomponents reside on a single server, simply combine the components of CMG Server 1 and CMG Server 2 as they are listed in step 1 above. All CMG Free/BusyConnector subcomponents are installed by the AutoRun utility included in the CMG product kit.

IMPORTANT: Before you install, on any computer that will host any CMG FBC web subcomponent, remove the IIS DefaultWebSite: In the navigation tree at left, right-click DefaultWebSite, and then select Remove from the pop-up menu. CMG requires a dedicated server for its own web subcomponents.

Use the AutoRun utility now to install all the necessary CMG F/B Connector subcomponents on the computer(s) where you want them installed.

IMPORTANT: Remember, the CMG AutoRun installer must be run on the computer where you want to install a particular subcomponent. If you are deploying the F/B Connector to two different computers, you must run the AutoRun installer twice—once on each computer.

NOTE: The AutoRun installer automatically checks your environment to verify CMG prerequisites, but you can bypass the prerequisites check by running the installer from the command line and appending ignoreprerequisites=1 to the command string.

Remember: For Exchange queries for GroupWise F/B information, the simplest approach is to dedicate a separate CMG FBC Server 2 (as noted in step 1 above, for Exchange queries to GroupWise, and GroupWise replies) for each GroupWise server, with all the CMG servers feeding into the single Exchange server.

It is technically possible, but somewhat more complicated, to configure a single instance of the GroupWise FBC Service, EWS and Autodiscover to process free/busy traffic to and from multiple GroupWise servers—an approach that requires more elaborate GroupWise configurations.

4.2: Obtain and install web services certificates

CMG Web Server components must support HTTPS to accept SSL connections. The server on which these components are installed must have a certificate that Exchange trusts. The single certificate must cover the primary domain and all subdomains supported by the GroupWise Server. The certificate covers the Autodiscover and EWS web services.

CMG includes an Autodiscover Certificate Wizard to automate much of the process of installing this necessary certificate for the Free/Busy Connector. The wizard can be launched from CMG’s Management Console, on the Quest Web Services screen (under GroupWise Free/Busy Connector), as described in the procedure documented in the next subtopic below (see Using the Autodiscover Certificate Wizard to Obtain and Install a Certificate). Alternatively you can manually request and install a certificate, as described in the second subtopic below (see To Manually Request and Install a Certificate Using IIS 7.0–8.5).

Even when using the wizard, you will still have to manually request the certificate, and then tell the wizard where the certificate file resides, so the wizard can install it for use with CMG.

To use the Autodiscover Certificate Wizard to install the necessary web services certificate using IIS 7.0–8.5:

NOTE: If you need a multi-domain certificate: See To Create a SAN Certificate below.

NOTE: You can request a certificate using Web enrollment pages. For more information, see http://support.microsoft.com/kb/931351.

NOTE: To create an https binding for the web site using IIS 7.0–8.5: 1 From the Connection Pane in IIS, select QuestFreeBusy. 2 From the Actions Pane, select Bindings. 3 Select Add. Select https as the type for a secure site, and enter the IP address and port number. 4 Select the SSL certificate to pass the certificate into the computer account, and click View to view any certificate information.

This procedure lets you configure a single certificate to answer for multiple addresses. This is obviously necessary for a multi-/subdomain configuration, but also, for a single-namespace environment, to create a certificate that will cover both Autodiscover and the root domain.

First, you must enable the SAN (Subject Alternate Name) flag on your CA. On the machine running CA services, run these commands at the command prompt to enable the flag:

When the SAN flag is enabled, you can create the certificate:

Now bind your certificate to the HTTPS protocol on the QuestFreeBusy website:

4.3: Configure trusted sites for computers hosting F/B components

Log in as the CMG account to be used with the F/B Connector (if you haven’t already). Then, in Internet Options (via Windows Control Panel or IE Tools):

By default, CMG is installed with the log42net utility to generate log files of CMG components’ system activity. This information is critical to diagnosing any problems that may arise. Logging is enabled by default for all CMG components.

The default configurations will be suitable for almost all organizations and circumstances, but you can customize logging features if you like. The log42net utility may be configured to work a particular way with each CMG component. Configuration instructions are nearly identical from one component to another, so we present those details separately, in Appendix C of the CMG User Guide (not in this FBC Configuration Guide).

Use CMG’s Management Console to configure the Free/Busy Connector’s components—to identify the participating servers and their locations, register the necessary account access credentials, and set other operating parameters and preferences. See chapter 4 of the CMG User Guide for field notes and application notes for each screen in the F/B Connector Management Console.

NOTE: You may use PowerShell commands to configure CMG Free/Busy Connector components, instead of CMG’s Management Console as described here. For information about using PowerShell to configure the Free/Busy Connector, see Appendix B in this Guide: Appendix: Configuring and troubleshooting the FBC with PowerShell.

Step 5: Configure and test connections among GroupWise, Exchange and CMG's FBC Web Server

Before running any of CMG’s F/B Connector subcomponents, you must synchronize GroupWise users as Office 365 contacts, and Exchange users to GroupWise. CMG’s Directory Connector does not support directory synchronizations directly between GroupWise and Office 365. In this non-hybrid O365 scenario, however, you can configure Microsoft’s Azure AD Sync synchronization tool to synchronize a local AD with Office 365. See Microsoft’s Azure AD Sync tool documentation for instructions and guidance in configuring the Azure AD Sync tool for this purpose.

Make sure that the GroupWise SOAP web service is enabled (step 2 above), since that is also an environmental requirement for CMG’s Free/Busy Connector.

NOTE: GroupWise sometimes mistakenly generates F/B queries for addresses in the form user-domain-com@domain.com (instead of user@domain.com). Queries to such addresses will fail if AD does not recognize the address, so be sure to add that address form as an alias in AD for each Exchange user.

Configure and verify the link from Office 365 to the domains/subdomains supported by the GroupWise server. This procedure tests whether the certificate on the CMG Web Server is trusted by O365.

For FBC coexistence with Office 365, run Enable-OrganizationCustomization, and then create the availability address space by opening a PowerShell session and using the following commands:

You can use Network Load Balancing to permit multiple web servers to handle Autodiscover requests. This is optional, not required to deploy CMG. For more information, see this Microsoft article.

Configure DNS to point autodiscover.<smtpdomain.com> to the computer where CMG’s Autodiscover service is installed. For each domain, Exchange connects to predefined Autodiscover URLs using DNS host entries.

For Exchange to get free/busy information from the domain supported by a GroupWise server, through the CMG Free/Busy Connector, you must make the CMG Autodiscover Web Service resolvable to this URL: