Planning for the Office Online Server to be used with Exchange Server 2016 and initial deployment steps. In this article we will cover all steps required to prepare the Active Directory to support Exchange Server 2016, and we will install all prerequisites required on the future Exchange Server box.
Introduction
Office Online Server (OOS), currently in preview (not to be used in production! Keep an eye on Microsoft Exchange blog to get the information when this role is released for production environments), renders documents that can be viewed and edited using a variety of browsers and devices. This new Microsoft server role can be used with several other products, such as: SharePoint, OneDrive, Shared Folders and even web sites.
Office Online Server (OOS) has been around for a while in Microsoft Unified Messaging family, the former name was Office Web Apps (WAC) and that version could be used with Exchange Server 2013. However, starting with Exchange Server 2016, this server role got a special place because it is responsible for supporting the Modern Attachments feature.
That is cool, but why is it so important for Exchange Server 2016? Well it all boils down to a new feature called Modern Attachments, where Outlook Web App and Outlook 2016 clients are able to reference files instead of adding them as attachments to the messages, which at the end of the day saves a lot of space on the Mailbox Databases. A good example is a 10MB file attachment on the Mailbox Database, but starting on Exchange Server 2016 that will be just a link, and the end-user will be able to view/edit the file from the source without having the need to download it.
In this article series we are going over the process to deploy the Office Online Server and some tweaks to improve the product and how to configure Exchange Server 2016 to integrate with this server role.
Planning for Office Online Server (OOS) Server
In order to understand where we can install the Office Online Server, the easier way is to list all places where the server should not be installed. Basically, the server cannot be collocated with other server roles, such as: Domain Controllers, IIS, SharePoint, Exchange Server, Skype for Business Server and SQL Server. Also, we must not have Office client installed on the Office Online Server.
Long story short, to keep things simple and consistent, reserve a server just for the Office Online Server, and to make sure that you have a high available environment, the recommendation is to have a minimum of two (2) servers using a Load Balancing solution.
The Certificate is always a discussion topic on any design for Exchange and Skype for Business, and the same applies for Office Online Server. A good thing is that we can find synergies on all those products and they can share the same certificate if we plan well. Here are some recommendations that will help you to design your Office Online Server environment, as follows:
- Use a Public Certificate (you can use SAN or wildcard certificates) although the preference is to use SAN (Subject Alternative Names)
- Most likely you will use a Subject Alternative Name (SAN) certificate which will support several names, and for Exchange you can start as simple as 2 names to support a single site (you may need additional names based on your Disaster Recovery, or in case of having multiple sites)
- Depending of your environment you can use the same Public Certificate for several services, such as SharePoint, Exchange Server, Skype for Business, Active Directory Federation Services, Office Online Server and so forth. Just keep adding names and it will be cheaper and it will reduce the hassle of maintaining several individual certs for each service/application.
- Active Directory is able to resolve your public domain internally. If you have an invalid FQDN (e.g.: company.local) you may want to use a split-brain DNS where your public domain is created internally and the name resolution of that public zone internally is using internal servers.
Exchange Server 2016 and transition process
If you have been using WAC (Office Web Apps) with Exchange Server 2013, then we need to go over some details before introducing Office Online Server in your environment.
The main rule is about supportability. For starters, Exchange Server 2013 supports Office Web Apps (WAC) however it does not support Office Online Server (OOS), on the other hand Exchange Server 2016 supports Office Online Server (OOS) but it does not support Office Web Apps (WAC).
The take away of the planning is to make sure that you build a high available solution for Office Online Server (OOS), and that will avoid issues in case of a failure on the Office Online Server. We have a situation where Exchange Server 2016 tries to use an Office Web Apps (WAC) which is not a supported scenario.
DNS Configuration…
Active Directory may have a valid FQDN (Full qualified Domain Name), based on a TLD (top-level domain) name, such as company.ca, company.com, or in some cases non-valid FQDN, such as company.local, company.corp. Since in this article we are working about the Office Online Server and Exchange Server 2016, and for both you should already have a deployed and stable Active Directory environment, so it is safe to say that the train has left the station when the subject is defining FQDN for your domain, so work with what you have.
Based on Microsoft’s recommendations it is easier to play with a valid FQDN when using products from Unified Communications family, such as: Skype for Business, Exchange Server and Office Online Server. There are a couple of reasons, one of the most compelling is that Public Certificates are issued only to valid FQDN, and in that case it is easier to point all Exchange Web Services to valid FQDN and use DNS (Internal and Public) to point the clients to the right server. Your current environment is in one of the situations below, so use the scenarios below to define where to configure your DNS to support Office Online Server.
- If you have an invalid FQDN (e.g.: company.local, company.corp) you can create a valid FQDN zone at the DNS level (create as Primary Zone and store in Active Directory to guarantee the replication to all Domain Controllers), this format is also known as split-brain DNS. After creating the new zone that matches your valid FQDN, just add the names that will be used by Exchange Services, OOS, ADFS, and so forth as hosts on that new zone.
- If you already have a valid FQDN, then it is just matter of adding new entries for the new services that you defined on your certificate
Either way, you just need to create a new host (A or AAAA) using the defined Office Online Server name and in this article series we will be using oos.montreallab.info as shown in Figure 01.
Deploying Office Online Server (OOS)
The process to install the Office Online Server requires a few software components and the following list has a summary of the required software and is using the proper installation order. We are going over each component in this section.- The future Office Online Server should have all Windows Updates in place before moving to the next topic
- Install Windows Features required by Office Online Server
- Install Visual C++ Redistributable for Visual Studio 2005
- Install the Office Online Server (OOS) Preview bits
Install-WindowsFeature Web-Server, Web-Mgmt-Tools, Web-Mgmt-Console, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Static-Content, Web-Performance, Web-Stat-Compression, Web-Dyn-Compression, Web-Security, Web-Filtering, Web-Windows-Auth, Web-App-Dev, Web-Net-Ext45, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Includes, InkandHandwritingServices
The second step is to execute the Microsoft Visual C++ 2015 Redistributable (x64), and the installation process is straight forward. In the initial page (Figure 03), just select I agree to the license terms and conditions and click on Install.
After downloading the ISO file, double click on it and the content will be mounted on a drive letter of the server. Click on the new drive, and then on setup.exe that can be found on the root of that new drive (Figure 04)
In the initial page of the wizard, if you are in agreement with the license contract, select I accept the terms of this agreement and click on Continue.
In the second page, define the installation location which by default is C:\Program Files\Microsoft Office Web Apps and click on Install now to start the installation process, as shown in Figure 05.
The installation process is that simple, the final page should be similar to Figure 06 where the setup informs the administrator that the server has been installed, click on Close.
Figure 06
At this point we have the server installed but it is not fully functional, in the next article of our series we will be configuring the Public Certificate and assigning the DNS name that we defined on the Office Online Server.
Adding an Exchange Server 2016 to an existent Organization (setup wizard)
The process to add additional Exchange Server 2016 servers is always the same, and it does not matter if it is an Exchange Organization running only 2016, or running legacy versions (Exchange 2010 or 2013).Using Windows Explorer, go to the Exchange 2016 installation folder, right-click on setup.exe and then click on Run as administrator (Figure 01).
In the Check for Updates? page. If there are any available updates the Exchange 2016 setup can check and download those updates to be used in the current installation process. Select Connect to the Internet and check for updates and click next.
In the Downloading Updates page. A list of the updates found, or a message saying that no updates were found will be displayed, either way. Click on Next.
In the Introduction page (Figure 02). An Exchange Server 2016 welcome page will be displayed, nothing to configure here, just click next.
In the License Agreement page. After reading and accepting the license agreement, select I accept the terms in the license agreement and click next.
In the Recommended Settings page. The administrator can define usage feedback (information about utilization is sent to the product team for future improvements) and online checking for errors will be enable or disable. In this article we are using the default value which is Use recommended settings, click next.
In the Server Role Selection page (Figure 03). Here is the biggest change when compared with Exchange Server 2013, in the new architecture of the product there are only two roles available: Mailbox and Edge Transport role. Select Mailbox Role, and click Next.
Note:We are selecting Automatically install Windows Server roles and features that are required to install Exchange Server for safety reasons, however we installed all prerequisites following the instructions of the first article of this series.
In the Installation Space and Location page. The disk space requirements and availability will be displayed, we will use default settings to store the Exchange 2016 Installation which is C:\Program Files\Microsoft\Exchange Server\V15, click next.
In the Malware Protection Settings page. By default, the malware protection is enabled, we will leave default values and then click next.
In the Readiness Checks page (Figure 04). All Warning and Errors items will be listed, if there are no error messages being listed, then the setup process can continue. We got a warning about MAPI over HTTP which is not currently enabled. Click on install to start the installation process.
Note:
If you are curious about the checks performed by the Exchange Server 2016 Setup, the following link will provide a detailed information for all checks: https://technet.microsoft.com/EN-US/library/jj150508(v=exchg.160).aspx.
The final page of the Exchange 2016 setup will be similar to the Figure 05, where the setup confirms the completion of the installation process, click on Finish.
Adding an Exchange Server 2016 into an existent Organization (command-line)
We will explore the second method to install Exchange Server 2016 which is using the command-line. It is important to know that all options (and more to be honest) that you have on the Exchange Server 2016 Setup wizard, you also have available on the command-line. In order to identify all options for any specific action, we can use setup.exe /? to obtain more information and the switches available.If you just want to install an Exchange Server 2016 with a Mailbox role using default values, the following command line will be enough (Figure 06).
Setup.exe /Mode:Install /Role:Mailbox /IAcceptExchangeServerLicenseTerms
Certificate issues after adding a new Exchange Server 2016…
When the topic is certificate the recommended best practice is to use a Public Certificate and split-brain DNS. By doing that, a single set of namespace can be used for both internal and external web services on Exchange Server (the rule applies for Exchange 2016/2013/2010 and 2007).In the current scenario of this article series, we have an Exchange Server 2013 configured to use webmail.patricio.ca for all web services, and the DNS has an entry for that same host pointing out to the Exchange Server 2013 server. However, after completing the installation of the new Exchange Server 2016 the error message (Figure 07) will start to pop-up on some of the clients, and if we look closely we will see the name of the Exchange Server 2016 that we have just introduced in our Exchange Organization.
The reason is because any new Exchange Server 2016 (the same rule applies to older versions of the product) will configure the AutoDiscoverServiceInternalURI attribute with the FQDN (Full Qualified Domain Name) of the server and since the certificate does not match that name, the result is that certificate error. That issue will occur on the internal network on the Active Directory site where the new Exchange Server 2016 was installed.
In Exchange Server 2016 we have a new cmdlet to retrieve the internal autodiscover which is the Get-ClientAccessService (the former Get-ClientAccessServer is still valid but it will be removed in a future version).
In order to identify what is causing the issue in the configuration, we will run the following cmdlet and the results are shown in Figure 08.
Get-ClientAccessService | ft Name,AutoDiscoverServiceInternalURI -AutoSize
The faster way to solve the issue is to change the AutoDiscoverServiceInternalURI from the new server to point out to the existent and valid URL, this way the clients will no longer receive certificate pop-up messages, and all traffic will go to that host.
After installing the certificate on the new Exchange Server 2016 and certifying that the new server is ready for prime time, the administrator can change the entry webmail.patricio.ca to point out to the new Exchange Server 2016 box, and at that time the clients will not notice the change.
In order to change the URL, the following cmdlet can be used:
Set-ClientAccessService
Creating the Exchange Organization through setup wizard
An Exchange Organization is created during the initial installation of an Exchange Server, and the Organization is at the Forest Level and it will stay in your Active Directory forever (you can remove the configuration manually but that is not the point).If that is the first time ever that Exchange Server is being installed, an additional step is required which is the definition of the Organization Name. That setting will show up as a new page during the wizard (Figure 09). That new page will be located between Installation Space and Location page and Malware Protection Settings page.
The installation process when creating a new organization and an additional server are the same (the only exception is the additional page).
Checking the installation and basic troubleshooting…
Independent of the process used to install Exchange Server 2016, there are a couple of basic steps that can be used to test the brand new server. The first thing that the administrator will notice after the installation of the product is a new set of icons on the application list (Figure 10), and we will be using Exchange Management Shell to perform a couple of tests.
A basic cmdlet for troubleshooting and to get an overall status of the service is Test-ServiceHealth and we can see it in action in Figure 11. This cmdlet will list all services required for each component and it will help the administrator to identify services that are not running.
In some cases, the Exchange Server 2016 setup may fail, and in order to identify the issue the first step is to check the log files created during the installation process, and they can be found at C:\ExchangeSetupLogs folder (Figure 12). Those log files will have a lot of information about the process, and if you take your time going through those files you probably will be able to pin point the issue.
Conclusion
We went over the initial requirement to install Office Online Server (OOS) and the installation of the product and we have performed additional steps to configure the server. After working on the Active Directory preparation and prerequisites, we have completed our series going over the process to install Exchange Server 2016 using both methods (command-line and setup wizard), and we finished the article by showing how the administrator can check the services after installation, avoid certificates pop-ups and checking the logs created during the installation.