Exchange 2010 Free/Busy Interop
Setting Up Free Busy Interop With Exchange 2010
- Windows Server 2008 with SP2/ Windows Server 2008R2 with Exchange 2010 SP2. [Tested using Typical install of Exchange 2010]
- Zimbra Collaboration Suite 6.x or later.
Note:- In the following procedure we will consider '@exchange10.lab' the domain of the users on Exchange 2010 server and '@zimbra.lab' is the domain of the users on Zimbra server.
- 1 What we need from Exchange 2010 Server So We Can Configure Zimbra Server
- 2 Steps To Do On Zimbra Server To Configure Free/Busy Interop So Zimbra Users Can View Free/Busy Information Of Exchange 2010 server User
- 3 Steps To Do On Exchange 2010 Server So Exchange Users Can View Free/Busy Information Of Zimbra Server User
- 4 What we need from Zimbra Server So Exchange 2010 Server Users Can View Free/Busy Information Of Zimbra Server Users
What we need from Exchange 2010 Server So We Can Configure Zimbra Server
1. Create a service account on MS Exchange 2010 server, which will be used in configuring the Free/Busy Interop setting on ZCS server. * Create a new user account that will be used for the Exchange Server Service Account; this user must be a member of the Local Administrators Group on the local server. * Assign the following permissions to the account: * Act as part of the operating system. * Logon as a service. * Restore Files and Directories. * Assign the same password as the current service account. Service account name that we will use during this procedure is 'Interop2010'.
2. Ensure that this Service Account 'Interop2010' can update Exchange Free-Busy folder. You may do this by using the following EMS Command:- [PS] C:\> add-publicfolderclientpermission -identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)" –user interop2010 -accessrights owner
3. Make sure your server have a commercial certificate or if a self-signed certificate is installed on your server you need to export the CA ROOT certificate from Exchange server. * In case of commercial certificate, no need to export anything as ROOT certificate of commercial certificate will be deployed on Zimbra server. * In case of Self-Signed certificate deployed on your server you need to export the CA ROOT certificate and import it on Zimbra Server so Zimbra Server can identify the Certificate. For that you need to do following steps:- * On Exchange server, Go to Start->Run->mmc * On the popup windows go to File->Add/Remove Snap-in... * Select Certificates from Available Snap-in and click on Add. * On the popup window select 'Computer account' and click Next->Next->OK * Certificate(Local Computer) will be added in MMC. Now, expand Certificate->Personal->Certificates and you will see a root CA certificate on right side. * Select the certificate, right click->export and proceed with exporting of certificate, make sure you export the certificate in 'DER encoded binary x.509(.CER)' format. You will have to copy this exported .CER file to Zimbra server, you can use WinSCP for this or you can use any other medium to copy this file to Zimbra Server.
4. 'legacyExchangeDN' attribute value, which we will need to configure Free/Busy interop on Zimbra Server, Use the ADSIEDIT tools on the AD/Exchange server find this. You may find out the legacyExchangeDN by following this method. * On the AD/Exchange Server, click START > Run > Type adsiedit.msc * Select your Domain’s Node and expand the tree until you reach the node “CN=Users”. Now expand this node to find the container “CN=<Your Service Account Name>” (e.g. “CN=interop2010”). * Right click this container and select “Properties” to open the properties screen. * Scroll down on the Popup window to locate the legacyExchangeDN attribute. Click on “Edit” * From the “String Attribute Editor” window obtain (copy) the part of the string appearing before “/cn=Recipients/cn=interop2010”. The copied string should look something like “/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)”. Keep this string safe; we will use it further down to configure the Zimbra System. * Close all the windows, keep in mind not to modify any attribute values appearing in the ADSIEDIT Interface.
Steps To Do On Zimbra Server To Configure Free/Busy Interop So Zimbra Users Can View Free/Busy Information Of Exchange 2010 server User
- You can configure Free/Busy interop on Zimbra Server using Admin Console or using Command Line, we will cover both below:-
* First way using Admin Console:- * Login to Admin Console using Global Administrator and go to Global Settings->Free/Busy Interop tab. * Here you will have to fill the data in each field:- * Microsoft Exchange Server URL : This is the web URL to the Exchange Web Services (e.g https://exchange-server/ews/exchange.asmx) * Microsoft Exchange Authorization Scheme: Select Basic from the dropdown menu, currently we only support 'Basic' Authentication with Exchange 2010. * Microsoft Exchange Server Type: Select EWS from the dropdown menu, as we are configuring the Free/Busy Interop for Exchange 2010 we need 'EWS', 'WebDAV' is not supported on Exchange 2010. * Microsoft Exchange User Name and Password: This is the user credentials of service account that we created on Exchange server i.e 'firstname.lastname@example.org'. * O and OU used in legacyExchangeDN attribute: Value of this will be the value copied from 'legacyExchangeDN' attribute value, which must be like “/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)”. * Save the setting, and then click on 'Check Settings' to confirm if the settings are working or not, you must see 'Check OK'. * Now, if your Exchange server is running on Self-Signed Certificate then you will get 'SSL_HANDSHAKE_FAILED' error when you click on 'Check Settings', for this you will have to deploy the CA ROOT Certificate on Zimbra server. * We have already exported the CA ROOT Certificate in Step 2 in 'Steps To Do On Exchange 2010 Server' section, and had copied that on Zimbra server say on '/root' folder. * You need to deploy this using following command:- # cd /root # /opt/zimbra/bin/zmcertmgr addcacert exchange.cer were exchange.cer is the certificate that we exported from Exchange server. * Once this is deployed you need to restart Zimbra MailboxD service so the CA is recognized using following command:- # su - zimbra $ zmmailboxdctl restart * Once this is restarted, click on 'Check Settings' and check the result.
* Second way using Command Line:- $ zmprov mcf zimbraFreebusyExchangeURL 'https://exchange-server/EWS/exchange.asmx' zimbraFreebusyExchangeAuthUsername 'email@example.com' zimbraFreebusyExchangeAuthPassword '<password>' zimbraFreebusyExchangeAuthScheme 'basic' zimbraFreebusyExchangeServerType 'ews' zimbraFreebusyExchangeUserOrg '/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)'
Note:- There is no way to test the setting in command line as we can do in GUI, so once you issue the command, to test the settings you will have to go to the Admin Console->Global Settings->Free/Busy Interop and click on Check Settings.
At this point, login to Zimbra Web Client and create a event and add one exchange user in the attendee list and you must be able to see the free/busy information of that Exchange user.
Steps To Do On Exchange 2010 Server So Exchange Users Can View Free/Busy Information Of Zimbra Server User
* Make Exchange 2010 server aware of the presence of “Public Folders” in the Zimbra domain. You may do this by using the following EMS Command:- [PS] C:\> Add-AvailabilityAddressSpace -forestname zimbra.lab -accessmethod publicfolder
* Create a "Zimbra" OU in Active Directory. Make sure all your Zimbra users are created as “Exchange 2010 Mail Contact Objects” in this OU. As a BEST PRACTICE, to reduce the risk of a collision in namespace a suffix can be added to denote a Zimbra account (i.e. “_zimbra”). You may create a this user by using the following EMS Command: [PS] C:\> New-MailContact -ExternalEmailAddress 'SMTP:firstname.lastname@example.org' -Name 'user_zimbra' -Alias 'user_zimbra' -OrganizationalUnit 'exchange10.lab/Zimbra' -FirstName 'user_zimbra' -Initials -LastName
* For each of the mail-contact objects that you create here, set one of the available/not-set “Exchange Extension Attributes (extensionAttribute1 to extensionAttribute15)” to an optional tag (say “_zimbra”). * On the AD/Exchange Server, click START > Run > Type adsiedit.msc * Select your Domain’s Node and expand the tree until you reach the node “CN=Zimbra”. Now expand this node to find the container “CN=user_zimbra”. * Right click this container and select “Properties” to open the properties screen. * Scroll down on the Popup window to locate the extensionAttribute1 attribute. Click on “Edit” * Under Value field you will see <not set>, delete that and enter '_zimbra' and click 'OK' to set this value. * As you have opened this property window also locate 'legacyExchangeDN' attribute and make sure the value is something like '/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=use_zimbra', sometime you may see some value at the end of 'cn=user_zimbra', something like '/cn=user_zimbra 13b' or something else, edit and make sure the the value is only '/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=use_zimbra' * Close all the windows and close ADSIEdit.msc.
Exchange configuration part is over at this point, now we need to make sure Zimbra Server is ready to POST Free/Busy Information in Exchange 2010 Servers Public Folder so Exchange can pick it up and disaply when user do a lookup.
What we need from Zimbra Server So Exchange 2010 Server Users Can View Free/Busy Information Of Zimbra Server Users
- On Zimbra Server, we need to do only one setting and that is adding an attribute 'zimbraForeignPrincipal' for each user, value of this attribute must be the user name of a contact that exists on Exchange Server. In 'Steps To Do On Exchange 2010 Server So Exchange Users Can View Free/Busy Information Of Zimbra Server User' section above we created a mail contact for each Zimbra user, which is 'user_zimbra', we need to use this value to configure 'zimbraForeignPrincipal' attribute on Zimbra server, you can do this using following command:-
$ zmprov ma email@example.com zimbraForeignPrincipal ad:user_zimbra
Once you set this attribute for a user, ask user to create one appointment in his mailbox from Zimbra Web Client and look at /opt/zimbra/log/mailbox.log. You'll see a request made to a URL that looks like this:- http://<exchange URL>/public/NON_IPM_SUBTREE/SCHEDULE%2B%20FREE%20BUSY/EX:_xF8FF_o=First%20Organization_xF8FF_ou=First%20Administrative%20Group/USER-_xF8FF_cn=RECIPIENTS_xF8FF_cn=user_zimbra.EML
This line means that the Free/Busy information for the user is posted on Exchange 2010 Server in Public Folder and can be viewed on Exchange Server when you invite 'user_zimbra' contact in attendee list.
'user_zimbra' is a contact on Exchange Server who's mail address is 'firstname.lastname@example.org'.
Once you finish this step users in Exchange 2010 Server will be able to see Free/Busy Information of users residing on Zimbra Server and vice-a-verse.