Office Web Apps Server Certificate For External

Similar Messages

• Office Web Apps server not working externally

  Hopefully someone with a functional OWA server can help.  When my users try to share a presentation, whiteboard, or poll as an external user or to an external user (coming through Edge), the content fails to share and this error occurs:
  "We can't connect to the server for presenting right now"
  The server functions internally fine and content shares perfectly.  The OWA server has a certificate from an internal CA and it is published through a TMG reverse proxy.  When I hit the discovery URL, it works fine and triggers the reverse proxy
  rule.  However, when I try to share content, it does not hit the rule.
  Thanks for your help!
  Jim

  Hi,
  Looks like the external lync clients can't connect the office web app server. So please check if you publish the web office app to internet correctly.
  Please refer this document about Publishing Office Web Apps Server Using a Reverse Proxy Server:
  http://technet.microsoft.com/en-us/library/jj204665.aspx
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Sean Xiao
  TechNet Community Support

• High Availibity solution for office web app server 2013 for Sharepoint 2013

  I have a scenario with the three nodes SP1 , SP2 and DR-SP with server 2012 standard, each running SharePoint 2013 enterprise, All of three nodes are members of single SharePoint farm that spans two data centers.Primary Data Center have two nodes SP1 , SP2
  and DR data center have one node DR-SP of share point 2013.
  For Office webapp server i have two nodes OWA1, and DR-OWA with server 2012 standard, that spans between two data centers.Primary Data Center have OWA1 and DR data center have one node DR-OWA of office web app server.
  Currently i have configured office web app on  primary data center node OWA .How i can enable high availability of office web app server in case of primary data center outage.Please guide.

  WAC servers on a single farm must be in the same data center. The WAC configuration you've proposed is unsupported. Build a separate WAC farm in the secondary data center and attach it to the SharePoint farm only in the event of a disaster.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Office web apps server 2013 - launching search on loading page

  Hello!
  I use Office Web Apps Server 2013 for viewing documents on internal portal (it is not SharePoint, and documents is read only) with automatic generating links. Links are generated according instruction
  on http://<OWA host>/op/generate.aspx (for example, http://<OWA host>/op/view.aspx?src=<path to file>).
  I have some questions:
  1) In some cases, when a document is openedI want
  immediately start the search with some terms.
  Can I give terms
  to search in url params in generated url? For example, http://<OWA host>/op/view.aspx?src=<path to file>#search=<terms>?
  Is there any other
  way to run a search on page load?
  2) I want to use multi-term search (when my search query is 'tame tamed taming', and
  all individual words ('tame', 'tamed', 'taming')
  are highlighted in document).
  Is there a way to do it?
  3)I want to use whole-word search (when my search query is'act', and words 'practice' or 'action' are not
  highlighted in document).
  Is there a way to do it?

  Hi Jazzy.em
  Thanks for posting in MSDN forum.
  This forum is for developers discussing developing issues about
  apps for Office. Since the issue is more about Office web app, I suggest that you get more effective response from
  Office 365 forum.
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.
  Thanks for your understanding.
  Regards & Fei
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Office Web Apps Server SSL Certificate

  Hi
  I am deploying Office Web App Server for Integration with Lync 2013. I opted for secure communication with SSL Certificate. I want this server available to internal and external users.
  I am little confused over CA for Issuance of SSL Certificate. On most of the forums, I found SSL Certificate to be issued by Internal CA. If so, will this also work for external users?
  If not, then plz guide me for Generating Certificate Request on Office Web App Server to be submitted to External CA for Issuance of Certificate.
  Regards.

  Hi,
  Thanks for your posting in this forum.
  I have moved this thread in Lync Server 2013-Management, Planning, and Deployment forum for more dedicated support.
  Thanks for your understanding.
  Best Regards,
  Wendy
  Wendy Li
  TechNet Community Support

• Office web apps server (2013) certificate issue

  If the name of the farm is different from the name of the individual office web apps server machine is there any way to deploy office web apps server with a single domain SSL certificate? 
  My office web apps server is working, but reporting itself unhealthy, apparently due to the fact that the SSL cert is for the name of the farm and that is different from the name of the machine. 
  Errors are 2004, 1004, 2156, 1156, "could not establish trust relationship for the SSL/TLS secure channel"
  Going to the farm's discovery URL in the browser works fine, but going to the machine name (plus /hosting/discovery) gives an SSL error because the name of the farm is not the same as the name of the machine. 
  Is there any way to make it use the farm's URL instead of the machine's URL in its own internal watchdog operations? Or any way to make it use a self signed certificate on the machine's URL for it's own health checks and still use the legitimate purchased
  SSL cert for user access? Or any other way you can think of to use a $5.99/yr single domain certificate instead of a $89.99/yr multiple domain certificate? 
  Bill Coulter

  I am experiencing this same issue.  The OWA server has sp1 installed.  In the OWA event logs I am getting health fails for 2 events and as best I can tell it seems to be related to this issue.
  We are also using a single godaddy certificate with a non machine name FQDN.  Both internal and external url's of the OWA farm are set to this same name.
  The problem only seems to occur with the 'Proofing Watchdog' (See events below).
  Has anyone got any update on whether this is supposed to be fixed ?
  <?xml version="1.0" encoding="utf-16"?>
  <HealthReport xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <HealthMessage>ProofingWatchdog reported status for Proofing in category 'PositiveWeb'. Reported status: Spelling attempt exception for "good": System.Net.WebException: The underlying connection was closed: Could not establish
  trust relationship for the SSL/TLS secure channel. ---&gt; System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
  <?xml version="1.0" encoding="utf-16"?>
  <HealthReport xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <HealthMessage>ProofingWatchdog reported status for Proofing in category 'NegativeWeb'. Reported status: Spelling attempt exception for "baad": System.Net.WebException: The underlying connection was closed: Could not establish
  trust relationship for the SSL/TLS secure channel. ---&gt; System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
     at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception 

• Office Web Apps server for Lync DNS question

  We are going to deploy an Office Web Apps server for our Lync 2013 clients, available internally and externally. We do not have a split-horizon DNS so it is not possible for wac.foo.com to have a different IP for internal vs. external clients. What is the
  best setup for our scenario? It looks like we can only add one address in the Lync topology builder, so would it make sense to send everybody to the external wac.foo.com regardless of whether they are internal vs. external? Or is there a better option?
  Thanks,
  Matt

  It might be easiest to use pin-point DNS.  Create an internal zone called wac.foo.com with a blank A record that points to the internal IP address of the OWAS/WAC server.  This way, wac.foo.com will resolve to the correct
  internal address, but you're not setting up a split zone for the rest of foo.com.
  This trick can come in handy for publishing other items without recreating the entire zone, it's a nice one to keep in your back pocket.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Office web apps Server for Sharepoint 2013

  Hello,
  I used the following article to install office web apps server and hook it up to a test sharepoint server:
  http://technet.microsoft.com/en-us/library/jj219455(v=office.15).aspx. The OWAS service was verified as working by loading:
  https://owas.companyname.com/hosting/discovery
  For the sharepoint configuration phase, the following commands were run on the sharepoint machine:
  1) New-SPWOPIBinding -ServerName "owas.companyname.com"   -- (owas.companyname.com) is the host name of the owas server)
  2) Get-SPWOPIZone
  3) Set-SPWOPIZone -zone "external-https"
  However, office documents are still launching in the desktop office applications, not in the browser. Any ideas of what else I may need to do?
  thanks,
  Sherazad

  Hi  ,
  According to your description, my understanding is that you fail to configure Office Web Apps for your SharePoint 2013.
  How about run Get-SPWOPIZone? If you can get a result, it says that your  SharePoint  have connected with Office Web Apps.
  Then you can run below command to  change the zone to internal-https.
  Set-SPWOPIZone -zone "internal-https"
  Reference:
  http://technet.microsoft.com/en-us/library/ff431687(v=office.15).aspx 
  http://stevegoodyear.wordpress.com/sharepoint-2013-build-guide/office-web-apps-2013-server-install-and-configuration/
  Thanks,
  Eric
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
  contact [email protected]
  Eric Tao
  TechNet Community Support

• Load balancing and HA for office web apps server Lync 2013

  Hi,
      I have 12000 users, 3 FE servers in a pool, 2 edge server in a pool, HA required, IM/presence, A/V, WEb conferencing required. plan to have 2 office web apps server a farm with HA, below are my queries
  1.  which type of load balancing i need....DNS or HLB for office web app servers? if its HLB then is it mandatory?
  2. i have already 2 HLB for FE pool .. one for externa url , one for internal URL...can i use the same HLB for office web app servers ?
  3. one more question regarding EDGE pool load balancing, can i use the same HLB  in EDge pool also that i am using for FE pool?

  Hi,
  1.  which type of load balancing i need....DNS or HLB for office web app servers? if its HLB then is it mandatory?
  WebApps runs on https and you cannot load balance http traffic using DNS load balancing. you need to have a HLB.
  2. i have already 2 HLB for FE pool .. one for externa url , one for internal URL...can i use the same HLB for office web app servers ?
  you can use the same HLB for that
  3. one more question regarding EDGE pool load balancing, can i use the same HLB  in EDge pool also that i am using for FE pool?
  for that one, you probably need a separate HLB.  
  Z-Hire -- Automate Lync User Account creation process ( AD / Exchange / Lync )

• High availability for Lync 2013 persistent chat server and office web app server

  I have 1500 users, need HA in primary data center and DR also. looking for HA and DR solution for persistent chat server and office web app server.
  is below correct?
  1. 2 persistent chat server in a pool of primary data center and 1 in DR.  can this be reduced or any changes?
  2. 2 Office web app server in a pool of primary data center and 1 in DR.  can this be reduced or any changes?
   also do i need HLB for both roles?

  1) In Lync Server 2013, there are improvements in both high availability and disaster recovery:
  High availability improvements: SQL Server mirroring is used to provide high availability for the Persistent Chat Server content database and Persistent Chat compliance database within a data center (in-site).
  Disaster recovery improvements: Persistent Chat Server supports a stretched pool architecture that enables a single Persistent Chat Server pool to be stretched across two sites (that is, a single logical pool in the topology, with servers in the pool physically
  located across two sites). SQL Server Log Shipping is used for cross-site disaster recovery.
  For more information about high availability and disaster recovery, see
  Configuring Persistent Chat Server for High Availability and Disaster Recovery in the Deployment documentation.
  2) for HA & DR, you can 2 Office web app server in a pool of primary data center and 1 in DR. and You will need HLB for office web app servers
  http://blogs.technet.com/b/meamcs/archive/2013/03/27/office-web-apps-2013-multi-servers-nlb-installation-and-deployment-for-sharepoint-2013-step-by-step-guide.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• Office Web Apps server security question

  Hello,
  According to this technet article Microsoft appears to recommend against allowing both external and internal users access to your OWA server.
  http://technet.microsoft.com/en-us/library/jj219435(v=office.15).aspx#viewers
  "Files that are intended to be viewed through a web browser by using Online Viewers must not require authentication. In other words, the files must be available publicly because Online Viewers can’t perform authentication when it is retrieving files.
  We strongly recommend that the Office Web Apps Server farm that you use for Online Viewers is only able to access either the intranet or the Internet, but not both. This is because Office Web Apps Server doesn’t differentiate between requests for intranet
  and Internet URLs. Somebody on the Internet could request an intranet URL, for example, causing a security leak if an internal document is viewed."
  Just trying to make sense of this.  I am building a new Lync 2013 environment and I definitely want my internal users to be able to leverage the OWA server.  So does that mean I should not publish that server to the internet?  And if I do
  not, does that mean my users will not be able to share a powerpoint presentation at all to external users?  If this is all true and I'm understanding this correctly, does this mean that most implementations choose one or the other? Or does Lync not
  use these "Online Viewers" so I can just disable them and users will still be able to share powerpoint presentations with external users?
  Thanks for any help you can provide for this confusion.

  No, you should publish to both internal and Internet on the same server, it's just how it's done with Lync.  You can't really have two with Lync for this purpose anyway.  Users will upload PowerPoint presentations to it when it's time to share,
  no editing is possible, and the risk is generally minimal.  You can shorten the cache time to help if you're concerned.
  Regardless, from the article:
  http://technet.microsoft.com/en-us/library/jj219442(v=office.15).aspx setting OpenFromUrlEnabled "Turns on or off the ability to use Online Viewers to view Officefiles from a URL or UNC path.".  This is set to false and turned off by default.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Office Web Apps server / Lync server 2013

  Hi I have installed a Lync 2013 Server and Office Web Apps Server. Configured Lync topology, Office Web Apps farm and certificates.
  However when i start the services i get this error message in the log saying Office Web Apps discovery failed.
  Event ID:      41033
  Description:
  Office Web Apps Server (WAC) discovery failed, PowerPoint content is disabled.
  Attempted Office Web Apps Server discovery Url:
  Received error message: Invalid Uri syntax for WAC configuration
  The number of retries: 1,
  Cause: Office Web Apps Server may be unavailable or network connectivity may have been compromised.
  Resolution:
  Check HTTPS connectivity from this box to the Office Web Apps Server deployment using the discovery Url.
  I can access the OWAS server Url from Lync Server
  Connecting to the HTTPS discovery URL is working fine, and brings up the XML-page (after i click "show all content").
  The two servers are located on the same internal network, DNS resolves fine both ways, and no firewall rules blocks any connections between the two. Can anyone please help me figure this out?
  Only identical problem found online is here (Invalid Uri syntax for WAC configuration):
  http://blogs.technet.com/b/dodeitte/archive/2012/09/10/office-web-apps-server-amp-lync-server-2013.aspx
  He resolved the problem by assigning a new OAuthTokenIssuer certificate. This however did not fix the problem in my case.
  Regards
  Sverre A. Veel

  Hi,
  In addition, please make sure you have restarted front end and office web apps server after reissuing the certificate.
  Kent Huang
  TechNet Community Support

• Using Office Web Apps Server 2013 without SharePoint, Lync, or Exchange

  I'm trying to use the Office Web Apps Server 2013 as an online viewer of Office documents (using the Online Viewer). I've set up a New-OfficeWebAppsFarm with editing disabled, no UNC paths, and an external URL with SSL Offloaded to my Load balancer.
  I don't want to use it with SharePoint, Lync or Exchange. Just use it to view documents online (similar to Google Docs Viewer).
  However, when I point the Office Web Apps Server to a remote file online (e.x. a DOC hosted on a website), I get an error opening it.
  I've checked the health statuses of my OWA Servers, and it says Healthy.
  When I check the Event viewer of my OWA Server, I see 501 WOPI errors:
  Could not contact WOPI End Point. Error details - 'NotImplemented url - https://sample-owa-url.com/oh/wopi/files/@/wFileId?wFileId=http%3A%2F%2Fwww%2Eimr%2Esandia%2Egov%2Fimrtemplate%2Edoc&access_token=1&access_token_ttl=0'.
  It seems OWA is trying to connect to the path /oh/wopi/files....  but the server is responding NotImplemented.
  What do I have to get this to work?
  Thanks for any help!

  Did you ever find an answer? I have the exact same Issue.
  I have 2 WAC servers behind a load balancer with SSL offloaded to the LB. Both servers report healthy with Get-OfficeWebAppsMachine
  Works fine with SharePoint 2013.
  When I use it with a remote file, served using HTTP with no authentication (anonymous), I get a generic "Sorry there was a problem and we can't open this document..." error.
  In the ULS and event viewer, I see the WOPI error and 501 which basically says:
  Could not contact WOPI End Point. Error details - 'NotImplemented url - https://sample-owa-url.com/oh/wopi/files/@/wFileId?wFileId=http%3A%2F%2Fwww%2Blah%2Ecom%2FWordDocument%2Edocx&access_token=1&access_token_ttl=0'.
  I also sometimes see this:
  <HealthMessage>WordViewerWfeWatchdog reported status for WebWordViewer in category 'WfeRedirect'. Reported status: /default.aspx returned a 404, which means that we didn't have where to redirect.</HealthMessage> 
  The very interesting part s that I have a dev server, with OWA (WAC) installed, thats not going through a LB and does not use SSL, that works just fine with the same public url word document.

• Office web App Server Not Working Properly

  Hello Everyone,
  We have published Office Web Apps server externally through reverse proxy and it has some issues. Now if we browse the link
  https://owas.schs.sharjah.ae/hosting/discovery (Internally) or
  https://owa.schs.sharjah.ae/hosting/discovery (Externally) I get the XML Page.
  Now when I try to browse any other pages in the directory for example
  https://owa.schs.sharjah.ae/op/generate.aspx or another Url like
  https://owa.schs.sharjah.ae/m/Presenter.aspx whether it is browsed internally and externally I get the error file not found '404' but the files do exist in the directory.
  No idea on how to solve this issue, any help on this matter is really appreciated.
  Regards,
  Sheldon
  MVI - Most Valuable Indian

  What specific issue are you having?
  Are you wanting to use the WAC to open files using the URL? If so, have you set OpenFromUrlEnabled to true? You can
  check this using Get-OfficeWebAppsFarm cmdlet and Set-OfficeWebAppsFarm OpenFromUrlEnabled $true cmdlet.
  I have several Office WebApp instances that I've deployed for Lync PowerPoint sharing where the setting is not enabled and I am also unable to browse to those pages, but PowerPoint sharing works fine.
  If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer" | Blog
  www.lynced.com.au | Twitter
  @imlynced

• OWA Blank Attachment Preview with Office Web Apps Server

  Environment:  Exchange 2013 CU3 / Office Web Apps Server 2013
  OS:  Windows Server 2012 R2
  After implementing Office Web Apps server per the Integration with Exchange 2013 instructions, attachment previews in OWA show up as blank windows.  The pop up says Opening your mailbox, then goes blank.  I have the WAC endpoint configured in Exchange,
  I can access the discovery URL from the Exchange servers, and I am seeing event 142.  Some forums say that these events should be in the CAS application logs.  I am seeing mine in the Mailbox server app logs.  Has anyone seen a similar issue.
   I have also attempted to view the ULS logs on the Office Web Apps server, but I don't see anything that looks like a rendering request.  But, I also don't know what that request would look like.  The Exchange and Office Web Apps server are
  in the same network with no firewall in between them The local firewalls have also been turned off, so any type of blockage should not be the issue.

  I dont want to be happy too soon, but i think for me this did the trick:
  from time to time, this event appeared in the application eventlog:
  Source: MSExchange Certificate Deployment
  Event ID: 2005
  Task Category: General
  Level: Warning
  Keywords: Classic
  Description:
  Federation or Auth certificate not found: ED2C3E86EBE821AAC2C0DEA85CAB5787E2CAC5F3. Unable to find the certificate in the local or neighboring sites. Confirm that the certificate is available in your topology and if necessary, reset the certificate on the Federation
  Trust to a valid certificate using Set-FederationTrust or Set-AuthConfig. The certificate may take time to propagate to the local or neighboring sites.
  The solution was found here: http://community.spiceworks.com/topic/512374-missing-the-microsoft-exchange-server-auth-certificate
  1. New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn= Microsoft Exchange Server Auth Certificate" -DomainName "*.yourdomain.com" -FriendlyName "Microsoft Exchange Server Auth Certificate" -Services smtp
  Do not accept to replace the SMTP certificate when prompted
  2. Note the thumbprint of the new certificate. Let us assume it is 7A39541F8DF58D4821967DD8F899B27410F7C081
  3. $a=get-date
  4. Set-AuthConfig -NewCertificateThumbprint 7A39541F8DF58D4821967DD8F899B27410F7C081 –NewCertificateEffectiveDate $a
  Accept to continue despite the fact that the certificate effective date is not 48 hours into the future
  5. Set-AuthConfig –PublishCertificate
  6. Make sure to remove any potential reference to the previous certificate (which might not exist anymore) by doing Set-AuthConfig -ClearPreviousCertificate
  Maybe this helps some of you too.