Deploying Office Online Server (OOS)

Planning for the Office Online Server to be used with Exchange Server 2016 and initial deployment steps. In this article we will cover all steps required to prepare the Active Directory to support Exchange Server 2016, and we will install all prerequisites required on the future Exchange Server box.

Deploying Office Online Server (OOS) (Part1)



Office Online Server (OOS), currently in preview (not to be used in production! Keep an eye on Microsoft Exchange blog to get the information when this role is released for production environments), renders documents that can be viewed and edited using a variety of browsers and devices. This new Microsoft server role can be used with several other products, such as: SharePoint, OneDrive, Shared Folders and even web sites.

Office Online Server (OOS) has been around for a while in Microsoft Unified Messaging family, the former name was Office Web Apps (WAC) and that version could be used with Exchange Server 2013. However, starting with Exchange Server 2016, this server role got a special place because it is responsible for supporting the Modern Attachments feature.

That is cool, but why is it so important for Exchange Server 2016? Well it all boils down to a new feature called Modern Attachments, where Outlook Web App and Outlook 2016 clients are able to reference files instead of adding them as attachments to the messages, which at the end of the day saves a lot of space on the Mailbox Databases. A good example is a 10MB file attachment on the Mailbox Database, but starting on Exchange Server 2016 that will be just a link, and the end-user will be able to view/edit the file from the source without having the need to download it.

In this article series we are going over the process to deploy the Office Online Server and some tweaks to improve the product and how to configure Exchange Server 2016 to integrate with this server role.

Planning for Office Online Server (OOS) Server

In order to understand where we can install the Office Online Server, the easier way is to list all places where the server should not be installed. Basically, the server cannot be collocated with other server roles, such as: Domain Controllers, IIS, SharePoint, Exchange Server, Skype for Business Server and SQL Server. Also, we must not have Office client installed on the Office Online Server.

Long story short, to keep things simple and consistent, reserve a server just for the Office Online Server, and to make sure that you have a high available environment, the recommendation is to have a minimum of two (2) servers using a Load Balancing solution.

The Certificate is always a discussion topic on any design for Exchange and Skype for Business, and the same applies for Office Online Server. A good thing is that we can find synergies on all those products and they can share the same certificate if we plan well. Here are some recommendations that will help you to design your Office Online Server environment, as follows:
  • Use a Public Certificate (you can use SAN or wildcard certificates) although the preference is to use SAN (Subject Alternative Names)
  • Most likely you will use a Subject Alternative Name (SAN) certificate which will support several names, and for Exchange you can start as simple as 2 names to support a single site (you may need additional names based on your Disaster Recovery, or in case of having multiple sites)
  • Depending of your environment you can use the same Public Certificate for several services, such as SharePoint, Exchange Server, Skype for Business, Active Directory Federation Services, Office Online Server and so forth. Just keep adding names and it will be cheaper and it will reduce the hassle of maintaining several individual certs for each service/application.
  • Active Directory is able to resolve your public domain internally. If you have an invalid FQDN (e.g.: company.local) you may want to use a split-brain DNS where your public domain is created internally and the name resolution of that public zone internally is using internal servers.

Exchange Server 2016 and transition process

If you have been using WAC (Office Web Apps) with Exchange Server 2013, then we need to go over some details before introducing Office Online Server in your environment.

The main rule is about supportability. For starters, Exchange Server 2013 supports Office Web Apps (WAC) however it does not support Office Online Server (OOS), on the other hand Exchange Server 2016 supports Office Online Server (OOS) but it does not support Office Web Apps (WAC).

The take away of the planning is to make sure that you build a high available solution for Office Online Server (OOS), and that will avoid issues in case of a failure on the Office Online Server. We have a situation where Exchange Server 2016 tries to use an Office Web Apps (WAC) which is not a supported scenario.

DNS Configuration…

Active Directory may have a valid FQDN (Full qualified Domain Name), based on a TLD (top-level domain) name, such as,, or in some cases non-valid FQDN, such as company.local, company.corp. Since in this article we are working about the Office Online Server and Exchange Server 2016, and for both you should already have a deployed and stable Active Directory environment, so it is safe to say that the train has left the station when the subject is defining FQDN for your domain, so work with what you have.

Based on Microsoft’s recommendations it is easier to play with a valid FQDN when using products from Unified Communications family, such as: Skype for Business, Exchange Server and Office Online Server. There are a couple of reasons, one of the most compelling is that Public Certificates are issued only to valid FQDN, and in that case it is easier to point all Exchange Web Services to valid FQDN and use DNS (Internal and Public) to point the clients to the right server. Your current environment is in one of the situations below, so use the scenarios below to define where to configure your DNS to support Office Online Server.
  • If you have an invalid FQDN (e.g.: company.local, company.corp) you can create a valid FQDN zone at the DNS level (create as Primary Zone and store in Active Directory to guarantee the replication to all Domain Controllers), this format is also known as split-brain DNS. After creating the new zone that matches your valid FQDN, just add the names that will be used by Exchange Services, OOS, ADFS, and so forth as hosts on that new zone. 
  • If you already have a valid FQDN, then it is just matter of adding new entries for the new services that you defined on your certificate
Either way, you just need to create a new host (A or AAAA) using the defined Office Online Server name and in this article series we will be using as shown in Figure 01.

         Figure 01


Deploying Office Online Server (OOS)

The process to install the Office Online Server requires a few software components and the following list has a summary of the required software and is using the proper installation order. We are going over each component in this section.
The first step is to install Windows Server features, and that can be done using the following cmdlet listed below (Figure 02). After installing those new features, a restart of the server is recommended before moving forward with the next step.

Install-WindowsFeature Web-Server, Web-Mgmt-Tools, Web-Mgmt-Console, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Static-Content, Web-Performance, Web-Stat-Compression, Web-Dyn-Compression, Web-Security, Web-Filtering, Web-Windows-Auth, Web-App-Dev, Web-Net-Ext45, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Includes, InkandHandwritingServices 

    Figure 02

The second step is to execute the Microsoft Visual C++ 2015 Redistributable (x64), and the installation process is straight forward. In the initial page (Figure 03), just select I agree to the license terms and conditions and click on Install.

                    Figure 03

After downloading the ISO file, double click on it and the content will be mounted on a drive letter of the server. Click on the new drive, and then on setup.exe that can be found on the root of that new drive (Figure 04)

                          Figure 04

In the initial page of the wizard, if you are in agreement with the license contract, select I accept the terms of this agreement and click on Continue.

In the second page, define the installation location which by default is C:\Program Files\Microsoft Office Web Apps and click on Install now to start the installation process, as shown in Figure 05.

   Figure 05
The installation process is that simple, the final page should be similar to Figure 06 where the setup informs the administrator that the server has been installed, click on Close.

    Figure 06

At this point we have the server installed but it is not fully functional, in the next article of our series we will be configuring the Public Certificate and assigning the DNS name that we defined on the Office Online Server.

Adding an Exchange Server 2016 to an existent Organization (setup wizard)

The process to add additional Exchange Server 2016 servers is always the same, and it does not matter if it is an Exchange Organization running only 2016, or running legacy versions (Exchange 2010 or 2013).
Using Windows Explorer, go to the Exchange 2016 installation folder, right-click on setup.exe and then click on Run as administrator (Figure 01).

                                                      Figure 01

In the Check for Updates? page. If there are any available updates the Exchange 2016 setup can check and download those updates to be used in the current installation process. Select Connect to the Internet and check for updates and click next.

In the Downloading Updates page. A list of the updates found, or a message saying that no updates were found will be displayed, either way. Click on Next.
In the Introduction page (Figure 02). An Exchange Server 2016 welcome page will be displayed, nothing to configure here, just click next.

               Figure 02
In the License Agreement page. After reading and accepting the license agreement, select I accept the terms in the license agreement and click next.

In the Recommended Settings page. The administrator can define usage feedback (information about utilization is sent to the product team for future improvements) and online checking for errors will be enable or disable. In this article we are using the default value which is Use recommended settings, click next.
In the Server Role Selection page (Figure 03). Here is the biggest change when compared with Exchange Server 2013, in the new architecture of the product there are only two roles available: Mailbox and Edge Transport role. Select Mailbox Role, and click Next.

Note:We are selecting Automatically install Windows Server roles and features that are required to install Exchange Server for safety reasons, however we installed all prerequisites following the instructions of the first article of this series.

               Figure 03

In the Installation Space and Location page. The disk space requirements and availability will be displayed, we will use default settings to store the Exchange 2016 Installation which is C:\Program Files\Microsoft\Exchange Server\V15, click next.

In the Malware Protection Settings page. By default, the malware protection is enabled, we will leave default values and then click next.

In the Readiness Checks page (Figure 04). All Warning and Errors items will be listed, if there are no error messages being listed, then the setup process can continue. We got a warning about MAPI over HTTP which is not currently enabled. Click on install to start the installation process.

If you are curious about the checks performed by the Exchange Server 2016 Setup, the following link will provide a detailed information for all checks:

                  Figure 04
The final page of the Exchange 2016 setup will be similar to the Figure 05, where the setup confirms the completion of the installation process, click on Finish.

               Figure 05


  Deploying Office Online Server (OOS) (Part2)


Adding an Exchange Server 2016 into an existent Organization (command-line)

We will explore the second method to install Exchange Server 2016 which is using the command-line. It is important to know that all options (and more to be honest) that you have on the Exchange Server 2016 Setup wizard, you also have available on the command-line. In order to identify all options for any specific action, we can use setup.exe /? to obtain more information and the switches available.

If you just want to install an Exchange Server 2016 with a Mailbox role using default values, the following command line will be enough (Figure 06).

Setup.exe /Mode:Install /Role:Mailbox /IAcceptExchangeServerLicenseTerms

    Figure 06


Certificate issues after adding a new Exchange Server 2016…

When the topic is certificate the recommended best practice is to use a Public Certificate and split-brain DNS. By doing that, a single set of namespace can be used for both internal and external web services on Exchange Server (the rule applies for Exchange 2016/2013/2010 and 2007).

In the current scenario of this article series, we have an Exchange Server 2013 configured to use for all web services, and the DNS has an entry for that same host pointing out to the Exchange Server 2013 server. However, after completing the installation of the new Exchange Server 2016 the error message (Figure 07) will start to pop-up on some of the clients, and if we look closely we will see the name of the Exchange Server 2016 that we have just introduced in our Exchange Organization.

                               Figure 07

The reason is because any new Exchange Server 2016 (the same rule applies to older versions of the product) will configure the AutoDiscoverServiceInternalURI attribute with the FQDN (Full Qualified Domain Name) of the server and since the certificate does not match that name, the result is that certificate error. That issue will occur on the internal network on the Active Directory site where the new Exchange Server 2016 was installed.

In Exchange Server 2016 we have a new cmdlet to retrieve the internal autodiscover which is the Get-ClientAccessService (the former Get-ClientAccessServer is still valid but it will be removed in a future version).

In order to identify what is causing the issue in the configuration, we will run the following cmdlet and the results are shown in Figure 08.

Get-ClientAccessService | ft Name,AutoDiscoverServiceInternalURI -AutoSize

    Figure 08
The faster way to solve the issue is to change the AutoDiscoverServiceInternalURI from the new server to point out to the existent and valid URL, this way the clients will no longer receive certificate pop-up messages, and all traffic will go to that host.

After installing the certificate on the new Exchange Server 2016 and certifying that the new server is ready for prime time, the administrator can change the entry to point out to the new Exchange Server 2016 box, and at that time the clients will not notice the change.
In order to change the URL, the following cmdlet can be used:

Set-ClientAccessService -AutoDiscoverServiceInternalURI


Creating the Exchange Organization through setup wizard

An Exchange Organization is created during the initial installation of an Exchange Server, and the Organization is at the Forest Level and it will stay in your Active Directory forever (you can remove the configuration manually but that is not the point).

If that is the first time ever that Exchange Server is being installed, an additional step is required which is the definition of the Organization Name. That setting will show up as a new page during the wizard (Figure 09). That new page will be located between Installation Space and Location page and Malware Protection Settings page.

The installation process when creating a new organization and an additional server are the same (the only exception is the additional page).

                   Figure 09


Checking the installation and basic troubleshooting…

Independent of the process used to install Exchange Server 2016, there are a couple of basic steps that can be used to test the brand new server. The first thing that the administrator will notice after the installation of the product is a new set of icons on the application list (Figure 10), and we will be using Exchange Management Shell to perform a couple of tests.

                                          Figure 10

A basic cmdlet for troubleshooting and to get an overall status of the service is Test-ServiceHealth and we can see it in action in Figure 11. This cmdlet will list all services required for each component and it will help the administrator to identify services that are not running.

    Figure 11
In some cases, the Exchange Server 2016 setup may fail, and in order to identify the issue the first step is to check the log files created during the installation process, and they can be found at C:\ExchangeSetupLogs folder (Figure 12). Those log files will have a lot of information about the process, and if you take your time going through those files you probably will be able to pin point the issue.

                 Figure 12



We went over the initial requirement to install Office Online Server (OOS) and the installation of the product and we have performed additional steps to configure the server. After working on the Active Directory preparation and prerequisites, we have completed our series going over the process to install Exchange Server 2016 using both methods (command-line and setup wizard), and we finished the article by showing how the administrator can check the services after installation, avoid certificates pop-ups and checking the logs created during the installation.


Deploying Office Online Server (OOS) (Part3)

Integrating Office Online Server with Exchange Server 2016 at mailbox and organization level.

This is the third part of this article, and so far, we started this by installing an Office Online Server (OOS) on a Windows Server 2012 R2 server. In the second article we performed the installation of the product, including the Public Certificate configuration. In this article we are going to go over the integration process with Exchange Server 2016 which can be configured in two different levels: server or organization level.

As we discussed before, Office Online Server (OOS) can be integrated with other products from the Microsoft Unified Communications family, such as Exchange Server 2016, Skype for Business Server and SharePoint.

Using either integration method, we need to use a URL to configure on Exchange Server and that URL is the Office Online Server address using https (since we configured the public certificate). We will add /hosting/discovery, in our article series therefore the complete address would be as shown in Figure 01. This can also be used to check if the server is working properly after the installation process.

Figure 01

Before diving into the integration at the server level, let’s see how the Exchange Server 2016 handles attachments when there is no Office Online Server around. In Figure 02, the user receives a message with a word document and the only way to read the content of the attachment is by downloading the file and opening it with a Word application (or at least Word View app), which is the way that we have been doing for many years now. That however that requires bandwidth to download the file from the server and also software requirements (Word) on the desktop side.

 Figure 02


Configuring the integration at Server level…

The Server level integration is easier to configure and as the name implies must be configured on a server basis. Logged on the Exchange Server 2016, open Exchange Management Shell and run the Set-MailboxServer cmdlet (Figure 03). After the configuration we need to restart the Web Application Pool. The entire sequence is described below and also in Figure 03. Besides the required cmdlets we also check the configuration before and after the changes.

Set-MailboxServer –WACDiscoveryEndPoint
Restart-WebAppPool MSExchangeOWAAppPool
Get-MailboxServer | select Name,Wac*

   Figure 03

The name to enter on the WACDiscoveryEndPoint parameter is the URL of the Office Online Server (OOS) plus the /hosting/discovery string, the same thing that we used to test the environment at the beginning of this article.

After configuring the integration, we can open the same mailbox that we used at the beginning of this article. Now we have two options: the traditional download but we also have the option View which will use the Office Online Server capabilities (Figure 04).

  Figure 04

The View option from the previous step will bring the document rendered by the Office Online Server, as shown in Figure 05.

    Figure 05

If we look at the right-side we will see a couple of useful features when using Office Online Server, such as Print, Find and even Translate. A brief summary of those features are explained below.
  • Print feature will create a PDF of the document and from there you can open and print it
  • Find feature is self-explanatory, and it lists all instances of the string being searched on the left side (at least for the Word document)
  • Translate is a pretty cool feature, the translation happens on the fly (it may take some time depending on the size of the document) and it is really user-friendly, just hit Translate, select the language and voilĂ !
  • Download as PDF feature can be found on the (more options) area where the user may not want to print, then he can just download an offline copy as PDF.
Important note:
If you are getting errors Viewing documents, make sure that the certificate on Exchange Server is valid. Sometimes the administrator only configures the OOS side and not having a valid and proper certificate configured on the Exchange side may cause errors.

Configuring integration at Organization level…

Integration at Organization Level creates a supportability issue when there are still Exchange Server 2013 running on the environment. The best way to think about configuring at the organization level is, if you have a pure Exchange Server Organization running only Exchange Server 2016, then configuration at organization level may not be a problem. In some scenarios you may still want to use the server level (especially in Disaster Recovery/Failover Site scenarios) depending of the scenario.

If you have a small organization or perhaps a larger organization located in a single site, where all servers can point to the same Office Online Server (OOS), then the Organization level is for you. The configuration is simple, just run the following cmdlet on your environment (replace the for the URL of your Office Online Server) and the cmdlet in action is shown in Figure 06.

Get-OrganizationConfig | select WAC*
Set-OrganizationConfig -WacDiscoveryEndpoint
Get-OrganizationConfig | select WAC*

    Figure 06

Note:In case you have configured the integration at server level, we can always clear that information using the following cmdlet

Set-MailboxServer -WACDiscoveryEndpoint $null



In this third article of our series, we finally enabled the integration between Office Online Server (OOS) and Exchange Server 2016, and by doing that we enabled one great feature of this new release which is the Modern Attachment feature.

Using such feature, we can bring more capabilities to the end-users where they can easily print from the brand new interface of Outlook Web App, generate PDFs, find content, even translate on the fly without downloading the file to the local computer and by doing that we can save bandwidth and avoid having Office installed on the desktop in some scenarios.

In the next part of this article, we will cover the editing capabilities using Office Online Server, possible design when using more than a datacenter, load balancing and high availability of the solution.

1 comment:

  1. Is there a way to connect the print to a REAL Print option- rather than just open as a pdf to print???


Powered by Blogger.