Office Web Applications 2013 Installation and Configuration
I recently had the chance to do a full 2 server implementation of Office Web Applications (OWA, OWS, WAC, whatever you want to call it). I pulled from this article (http://technet.microsoft.com/en-us/library/jj219455(v=office.15).aspx ) which at the time of this writing, will get you just close enough to think you stand a chance but will leave you with a full on semi functional farm (if that), with a case of amnesia when it comes to certificate on the IIS site.
BTW, I am going with WAC. All the updates, patches, installs use it and it just makes it easier to identify them. Besides nobody outside of MS seems to have any clue what it means so it is a little more fun to torture folks.
Installation….wait lets talk SSL
First things first, let’s install the thing. Wait, before you do that, we need to talk certificates as in SSL. If you are thinking about not using them, stop thinking it. WAC lies outside your SharePoint, Outlook, Lync implementation. It is being sent your documents, your corporate IP, your HR forms, your engineering specs, etc etc. You do not want those transmitted HTTP unencrypted over the wire. Whether you are completely inside your firewall or external SSL is not optional. If you think it is, ask your users if they would mind you posting all their documents in SharePoint, Exchange, and Lync on the office walls. This takes your installation out of easy mode but it has to happen this way so deal with it. Sorry for the rant but it is way past time for IT professionals to take security seriously.
So now to your cert. You will need to request one. A lot of places have you do a self-signed one. In a word, NO. Get yourself a cert from either your Domain CA or form whomever you purchase them from. Have your internal and external references to your WAC farm tied to it (the ones SP, exchange, Lync will bind to), AND have it reference your WAC servers by FQDN (i.e. server1.contoso.com, server2.contoso.com). Make sure it has a certificate name AND a friendly name. This will require some lead time in most cases so I include it first.
Get the certificate and have it installed on every server in the WAC implementation.
Installation
Now we can install. First Prerequisites:
Install the following software prerequisites:
- Windows Server 2008 R2 Service Pack 1
- .NET Framework 4.5
- Windows PowerShell 3.0 (Part of the Windows Management Framework 3.0 installation)
- Platform update for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB2670838)Open the Windows PowerShell prompt as an administrator and run these commands to install the required roles and services.If not prompted, restart the server. A lot of the MS guidance does not list this as mandatory. You just added a ton of stuff to your server, restart it. Lastly, install one of the fun undocumented pre-requisites:
- Import-Module ServerManager Then, run this command: Add-WindowsFeature Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-App-Dev,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,Web-Security,Web-Windows-Auth,Web-Filtering,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Console,Ink-Handwriting,IH-Ink-Support
Assuming you have Windows 2008 R2 server: Update for Windows Server 2008 R2 x64 Edition (KB2592525). This guy ay give you a challenge in installing it. If it does try this guys solution: http://ucbeacon.blogspot.com/2013/03/kb2592525-installation-failed-this.html
Now we will follow the technet link I mentioned word for word in the bits install:
Complete these steps on any servers that will run Office Web Apps Server.
Download Office Web Apps Server from the Microsoft Download Center.
Do one of the following:
For Windows Server 2012 or Windows Server 2012 R2, open the .img file directly and run Setup.exe.
For Windows Server 2008 R2 SP1, use a program that can mount or extract .img files, then run Setup.exe.
On the Read the Microsoft Software License Terms page, select I accept the terms of this agreement and click Continue.
On the Choose a file location page, select the folder where you want the Office Web Apps Server files to be installed (for example, C:\Program Files\Microsoft Office Web Apps) and select Install Now. If the folder you specified doesn’t exist, Setup creates it for you.
When Setup finishes installing Office Web Apps Server, choose Close.
Download and install Office Web Apps Server SP1 (Recommended for Windows Server 2012 and Windows Server 2008 R2 SP1. Required for Windows Server 2012 R2.)
Check for the most current Office Web Apps Server updates by reviewing the list on the TechNet Update center for Office, Office servers, and related products.
Note: |
If you did not install Office Web Apps Server SP1, apply KB2810007. |
Step 3: Install language packs for Office Web Apps Server
Office Web Apps Server 2013 Language Packs let users view web-based Office files in multiple languages, whether they’re opened from SharePoint 2013 document libraries, Outlook Web Access (as attachment previews), and Lync 2013 (as PowerPoint broadcasts). Learn more about how the language packs work in Planning language packs for Office Web Apps Server.
To install the language packs, follow these steps.
Download the Office Web Apps Server Language Packs from the Microsoft Download Center.
Run WebAppsServerLP_en-us_x64.exe.
In the Office Web Apps Server Language Pack 2013 Wizard, on the Read the Microsoft Software License Terms page, select I accept the terms of this agreement and select Continue.
When Setup finishes installing Office Web Apps Server, choose Close.
Important: |
To install language packs after the Office Web Apps Server farm is created, you must remove a server from the farm, install the language pack on it, and then add the server back to the farm.
For a language pack to work correctly, you’ll need to install it on all servers in the farm. |
So lastly, Look for and push in any additional updates that are out there for the product at the time you are reading this. It is monumentally easier to install now rather than later.
Configure WAC
Now that the installs are done, it is time to configure. So this is where I advise read this carefully:
You will be using the New-OfficeWebAppsFarm commandlet. Before I mentioned you will be using SSL and you will have your own cert. This is one of those areas the current technet is wrong. Despite the wording that CertificateName is optional, that is not true. I should say, it is not true if you do not want your servers throwing out the SSL bindings to the WAC sites on 80 and 809 and if you do not want your users screaming about 404 errors instead of previews or viewing docs. Also, if you want to avoid manually adding the certificate to each web app on each WAC server on every reboot, and major farm PowerShell command, you will include this value.
The call goes like this:
Copy
New-OfficeWebAppsFarm -InternalUrl “https://server.contoso.com” -ExternalUrl “https://wacweb01.contoso.com” –EditingEnabled –CertificateName “certname”
So I left of the SSL Offloading command. Why? Again, documents..plain text..bad. Even if it is JUST from your load balancer to the server. Even if you get a compelling argument about how much more efficient it is on the NLB. How it is designed for it. Bad. You are most likely running virtualized, beef up your WAC boxes or add more but SSL on the WAC box.
Test your farm creation by hitting your machines discovery URL (HTTP and HTTPS) from another server/workstation. This url is your internal URL parameter + “hosting/Discovery”. In the example call I provided this would be https://server.contoso.com/hosting/discovery . If this gives you a 404, or does anything but give you a shiny pile of XML, then your farm is either not sucessfully created or you have a networking issue. Do not add any additional servers or attempt to link SharePoint, Exchange, or Lync to it until you resolve this.
Add additional Servers
So now you are ready to add additional servers to the WAC farm. You will use the New-OfficeWebAppsMachine commandlet. You will run this on the machine you are adding to the farm, not the ones that are already in the farm. The new server will reach out to the server specified in the “MachineToJoin” parameter. That’s right. You are not specifying the machine that is joining the farm (you do that by executing the command ON the machine you are trying to join to the farm). You are specifying the machine that your are going to join to. For this reason MachineToJoin much be your FQDN for that machine. As an example:
New-OfficeWebAppsMachine -MachineToJoin “server1.contoso.com”
You should get a confirmation that the server was added successfully. You can double check this by using the Get-OfficeWebAppsFarm commandlet if your servers are not all listed in the farm, then you have an issue.
Troubleshooting
So I could (and probably will) write an entire post on troubleshooting. So this is just a quick heads up. Get Fiddler. It is the best way to trace HTTP errors within your farm. I would not leave it on a production server long term but for troubleshooting, use it.
WAC ULS logs. My least favorite feature of this app. The logs are “hidden” in c:\programData\Microsoft\OfficeWebApps\Data\Logs\ULS. This is a hidden folder. You will need to either type in that location manually or set your explorer to show hidden files and folders. (Many thanks to: http://blogs.msdn.com/b/zwsong/archive/2013/04/16/where-would-you-find-uls-logs-on-office-web-apps-owa-2013-server.aspx for the ULS location).
Note: While in that folder set you may notice a few xml files. This is where WAC keeps a lot of it configuration information (it does not have a SQL box like SharePoint to use). There are numerous posts that send you into these files to edit them. Don’t. Best case, WAC will overwrite them. Worst case, you will mess up your WAC configuration and get to tear it down and do it all over again.
Event Viewer is you next best friend. Check Setup, Security, and Application logs for issues. I found WAC loves to send some very scary message there. It once loaded mine with Kerberos SPN errors when I misspelled the server name in the New-OfficeWebAppMachine command. Don’t freak on the error, just carefully analyze them. A WAC farm is really a pretty simple beast once you get to know it.
Wrapping it up
So that’s it. Hopefully, this gave you some useful information. I tried to include the things I wish I knew going into it. The certificate name feature and the cert settings were my favorite sticking point. Good luck and please feel free to post any additional pointers in the comments section. WAC is an awesome capability.