Chat now with support
Chat with Support

Coexistence Manager for Notes 3.8.4 - FBC Scenarios Guide

About the CMN Documentation Introduction On-premises Exchange or hybrid O365 using shared (single) namespace On-premises Exchange or hybrid O365 using separate namespaces Non-hybrid O365 using shared (single) namespace Non-hybrid O365 using separate namespaces Appendix: FBC Planning Worksheet Appendix: Troubleshooting the FBC

Step 3: Configure the Exchange side

Configure domains, permissions and other server parameters and attributes so they will be able to work with CMN’s Free/Busy Connector.

If you are configuring FBC for a hybrid Office 365: Remember that the FBC for a hybrid O365 is configured only between Notes/Domino and the local on-premises Exchange, while synchronization of the local Exchange to O365 is configured apart from CMN (and documented separately by Microsoft). Configuration of CMN’s FBC for a hybrid O365 is therefore the same as configuring for a local on-premises Exchange—as described here.

To configure the Exchange side for multiple subdomains

CMN’s Free/Busy Connector can facilitate the flow of free/busy information among multiple subdomains supported by both the Exchange and Domino servers. To support this scenario, run the Add-AvailabilityAddress­Space cmdlet on the Exchange server or Office 365 for each Domino SMTP domain supported.

Step 4: Configure CMN's FBC Web Server

Step 4: Configure CMN’s FBC Web Server

To configure CMN’s FBC Web Server:
4-1: Physically install the CMN FBC components
4-2: Obtain and install web services certificates
4-3: Configure trusted sites for computers hosting F/B components
4-4 (optional): Configure logging for F/B components
4-5: Configure CMN’s FBC for shared/single namespace (equivalent domains)
4-6 (conditional): Configuring CMN’s FBC for Domino clusters
4-7: Run CMN’s Management Console to configure FBC components

4-1: Physically install the CMN FBC components

All CMN FBC components are installed by the AutoRun utility that accompanies the CMN product kit.

The AutoRun installer automatically checks the environment to verify CMN prerequisites, but you can bypass the prerequisites check by running the installer from the command line and appending ignoreprerequisites=1 to the command before executing.

For a typical configuration:
On the CMN FBC Web Server: Run AutoRun to install the Autodiscover, EWS and the Domino FBC Service on the CMN FBC Web Server.
On either the same CMN FBC Web Server or a separate CMN Exchange FBC Server: Run AutoRun to install the CMN Exchange FBC Service.
To configure CMN’s F/B Connector for multiple Domino servers

For Exchange queries for Domino F/B information, the simplest approach is to dedicate a separate CMN FBC server for each Domino server, with all the CMN servers feeding into the single Exchange server. It is technically possible, but somewhat more complicated, to configure a single instance of the Domino FBC Service, EWS and Autodiscover to process free/busy traffic to and from multiple Domino servers—an approach that requires more elaborate Domino configurations.

4-2: Obtain and install web services certificates

CMN Web Server components must accept SSL connections from the mail systems. The server on which these components are installed must have a certificate that Exchange trusts. The single certificate must cover the primary domain and all subdomains supported by the Notes Server. The certificate is valid for the Autodiscover and EWS web services.

You can obtain a certificate from either of two sources:
from a local certification authority (CA) if you are using an on-premises Exchange server
— OR —
from a public CA, like Verisign or Microsoft Active Directory Certificate Services, if you are using Exchange in a hosted environment.
 
* 
NOTE: You can request a certificate using Web enrollment pages. For more information, see http://support.microsoft.com/kb/931351.

If you need a multi-domain certificate: See To create a SAN certificate.

When you receive the certificate, you must install it on the appropriate server.

To configure the certificate for multi-domain support

The Free/Busy Connector can facilitate the exchange of free/busy information among multiple subdomains supported by both the Exchange and Domino servers. For a multi-domain scenario, ensure the certificate used on the CMN Web Server has subject alternate names for all associated autodiscover host names.

To request and install a certificate using IIS 7.0
To request a certificate using IIS 7.0:
1
From Internet Information Services, click Server Certificates.
2
From the Actions Pane, select Create Certificate Request.
3
Enter autodiscover.<smtpdomain> or <smtpdomain> for the primary domain and all required subdomains. Then click Next.
4
Accept the defaults, and click Next.
5
Specify the file name, and click Finish.
6
Request a certificate using a local CA or public CA. For more information, see To request a certificate from a local CA or To request a certificate from a public CA.
To install the certificate using IIS 7.0:
1
From Internet Information Services, click Server Certificates.
2
From the Actions Pane, select Complete Certificate Request.
3
Select the saved certificate file, and enter a friendly name for the certificate, then click OK.
 
* 
 To create an https binding for the web site using IIS 7.0:
1
From the Connection pane in IIS, select Default Web Sites.
2
From the Actions pane, select Bindings.
3
Select Add. Select https as the type for a secure site, and enter the IP address and port number.
4
Select the SSL certificate to pass the certificate into the computer account, and click View to view any certificate information.
To request and install a certificate using IIS 6.0
To request a certificate using IIS 6.0:
1
From Internet Information Services (IIS) Manager dialog box, right-click Default Web Site, and select Properties.
2
From the Directory Security tab, select Server Certificate to open the Web Server Certificate Wizard.
3
Click Next.
4
Select Create a new certificate request, and click Next.
5
Select Prepare the request now, but send it later, and click Next.
6
Accept the defaults. Ensure Select cryptographic service provider (CSP) for this certificate is checked, and click Next.
7
Select Microsoft RSA SChannel Cryptographic Provider, and click Next.
8
Select or enter your organization’s name and organizational unit, and click Next.
9
Enter autodiscover.<smtpdomain>or— <smtpdomain> as the common name, for the primary domain and all required subdomains. Then click Next.
10
Enter the geographical information, and click Next.
11
Specify a file name to save the certificate request, and click Next.
12
Review the information, and click Next. Then click Finish.
13
Request a certificate using a local CA or public CA. For more information, see To request a certificate from a local CA or To request a certificate from a public CA.
To install the certificate using IIS 6.0:
1
From Internet Information Services (IIS) Manager dialog box, right-click Default Web Site, and select Properties.
2
From the Directory Security tab, select Server Certificate to open the Web Server Certificate Wizard, and click Next.
3
Select Process the pending request and install the certificate, and click Next.
4
Browse to the location of the text file, and click Next.
5
Leave the default port as 443, and click Next.
6
Review the certificate summary. Click Next, then click Finish.
7
From Internet Information Services (IIS) Manager dialog box, right-click Default Web Site, and select Properties.
8
From the Directory Security tab, select Edit.
9
Select the Require secure channel check box, and click OK.
To request a certificate from a local CA
1
From a web browser, enter https://<Local_Certification_Authority_computer>/certsrv
2
Click Request a certificate, then Advanced certificate request.
3
Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
4
Open the text file where you save the certificate request.
5
Copy and paste the text from the certificate request into the Saved Request box when you selected Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
6
In the Certificate Template box, select Web Server. Click Submit.
7
Select Base 64 Encoded, then select Download certificate.
8
Save the file.
To request a certificate from a public CA

Go to the web site of the public CA, and follow their instructions to request a certificate.

To create a SAN certificate

This procedure lets you configure a single certificate to answer for multiple addresses. For your single-namespace environment, this creates a certificate that will cover both Autodiscover and the root domain.

First, you must enable the SAN (Subject Alternate Name) flag on your CA. On the machine running CA services, run these commands at the command prompt to enable the flag:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc

When the SAN flag is enabled, you can create the certificate:

1
Open IIS on the machine running F/B and select the server. Scroll to the bottom, open Server Certificates, and click on Create Certificate Request.
2
For the common name, enter something appropriate for your larger domain. For example, for a domain alejandro.xyzcorp.com, the common name on the certificate is *.xyzcorp.com. (This is somewhat generic, as we will later add specific namespaces to the certificate.)
3
Accept the defaults and enter a name for the request.
4
Open the certificate request you just created, and select and copy all of the text.
5
Open the certificate web enrollment page for the CA of your domain—e.g., https://hostname/certsrv. Then select Request a Certificate, and then select Advanced Certificate Request.
6
Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
7
In the Base-64-encoded certificate request box, paste all of the text that you copied from the text file in step 4 above.
8
For the Certificate Template, select Web Server.
9
In the Additional Attributes box, enter any alternate-domain information in this format:
san:dns=dns.name[&dns=dns.name]
... with &dns=dns.name appended for each alternate domain you want the certificate to handle.
For your single-namespace environment, enter the autodiscover and root domain, like this:
san:dns=autodiscover.xyzcorp.com&dns=xyzcorp.com
When you are finished, click Submit.
10
Select the DER encoded radio button, and then select Download certificate chain.
11
Enter a name for this.
12
Go back to IIS and click Complete Certificate Request.
13
For the Filename containing the certification authority’s response, click the Browse button and select the certificate you just saved. (Be sure to change the file type to *.* instead of *.cer, or you won’t see the file you saved—since it is a .P7B extension.) Type a friendly name that is easy to remember and identify so you can find it later on the list. You should then see your new certificate on the list.
14
Select your new certificate and click View.
15
Click the Details tab, and scroll down to Subject Alternative Name. Highlight this field, and you should see all of your domains in the Details box.

Now bind your certificate to the HTTPS protocol on the default first website:

1
On the CMN F/B computer, in IIS Manager: Select Default Web Site.
2
In the Actions pane on the right, select Bindings.
3
Select https and click Edit.
4
In the Edit Site Binding window, in the SSL certificate drop-down list: Select the certificate you just created.
5
Click OK.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating