OWA and contacts greyed out RRS feed

  • General discussion

  • All,

    I thought I would take a couple of minutes and share my experience with the whole Lync and OWA “contacts greyed out” experience and what resolved my issues. 

    In a word..certificate. 

    My situation was like many other posts I found where the "chicklets" were there but in about 1 minute the contact list would show an error. 

    In my case, I felt all of the necessary communicator parts were installed correctly or the “chicklets” wouldn’t be there at all.  All of my users could IM using the client without an issue, so I knew I had to be close.  There are several posts if you goog…err bing owa-lync and one of them was a follow up post on doing the initial install of owa-lync.  The initial post from Ilse(?) was the install, but what helped most was the follow up post that shows how to use OC 2007’s analyzer with Lync that helped.  Once I figured out that you had to install the vc+++2008 for x64, I finally was able to analyze the Lync logs and found the same issue that person showed in their example.  My certs for now are all internal so I knew they were all trusted from server to server, but when I requested the cert I didn’t use the fqdn of the exchange box.  So I went back, requested a new cert specifying the fqdn name as the subject and then used that cert for the IIS portion of exchange.  After restarting IIS, I figured things would work, but they didn’t, still the same OWA “greyed out contacts error” message.  Ran the Lync logging tools and this time there weren’t any errors at all.  Went and checked the event logs and found event ID 14366 explaining several invalid incoming certs from my exchange box’s IP.  Turns out that when I made-requested the new san cert, while I did put the internal fqdn of the exchange server as the subject, I didn’t include it in the SAN list…oops.  Requested a new san cert, and added the fqdn of the exchange box in the san list and now everything works.

    Don’t know if this is the “correct” way of doing things, but this is the process I used to replace the cert.  All of this is on the exchange box.

    1.     Change cert for exchange IIS to new san cert with correct subject name and san list

    a.     All in exchange management console

    b.     Stop and restart IIS

    2.     Get thumbprint for exchange IIS service

    a.     Exchange management console Get-exchangecertificate

    b.     Copy thumbprint for the cert on IIS service

    3.     Update existing OWA Virtual Directory with new Thumbprint

    a.     Get-OwaVirtualDirectory –Server exchange | Set-OwaVirtualDirectory  -InstantMessagingCertificateThumbprint <certificate thumbprint that we copied earlier>

    b.     Re-run Get-OwaVirtualDirectory –Server exchange       to ensure the new thumbprint exists

    c.      Reset IIS

    4.     Enroll same cert on the Lync front end server.

    Another thing I found out, if you miss-copy the cert thumbprint, it will let you put it in the owavirtualdirectory field anyway.  In that case you will notice an event ID on the exchange box saying something about The certificate specified by the InstantMessagingCertificateThumbprint parameter of the Outlook Web App virtual directory wasn't found in the local certificate store.  Oops.


    Anyhow, hope this will help someone who is almost there and needs a couple of places to look.




    • Changed type Sharon.ShenModerator Thursday, December 15, 2011 11:24 AM Cx share experience,not a question
    Tuesday, December 13, 2011 11:57 PM

All replies

  • Hi,R,

    Great post!Thank you very much for kindly share the experience with us,I am sure lots of people will save their time with seeing your post.

    And If you post it with the type "General discussion" it would be better since it's not a question. :P




    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, December 15, 2011 11:23 AM