In Exchange 2013 you could use the Office Web Apps server in combination with Exchange server to view attachments online, without having to download these attachments first to the local workstation. Exchange 2016 is the successor of Exchange 2013, Office Online Server (OOS) 2016 is the successor of Office Web Apps 2013.
For an optimal user experience in Outlook on the Web you want an Outlook Online Server to view attachments online. Instead of downloading the attachment to your client workstation (not ideal when working on a non-trusted workstation) you can view it in your browser, and your browser will show something like this:
So how does this work?
The OOS is a dedicated server which is positioned next to your Exchange 2016 server. It can be reached by internal clients and external clients, and it does render the attachments for the clients, so there’s communication between the clients and the Mailbox server, between the clients and the OOS and between the Mailbox server the OOS.
When a user receives an email with an attachment and is reading his email in OotW the following steps occur:
- In OotW the user clicks the attachment or the ‘View’ button.
- The Exchange retrieves discovery info for file type directly at the OOS.
- OOS returns the discovery info directly to the Exchange server with a unique URL.
- Exchange creates an <iframe>, loading the unique URL retrieved in the previous step. This is returned to the OotW client.
- The OotW client uses the unique URL (with a token) to access the OOS directly within the <iFrame>
- Exchange transfers the attachment directly to OOS.
- OOS renders the contents and returns this directly to the client.
These steps are shown in the following figure:
OOS has what’s called an endpoint, this is where clients connect to. An endpoint can be configured at the Mailbox server level or at the Exchange organization level. When setting it to a Mailbox server level you can configure it very granular. When using it at an organization level you only set it once, and this is used for all Exchange 2016 servers. If you have configured an OOS endpoint at a server level, but the OOS endpoint is not available, the client will retry the OOS endpoint set at the organization level.
Important to realize is that OOS needs to be accessible internally and externally. Since all communications is secured using SSL you need to be careful with SSL certificates. These need to be valid (and trusted!) on both the Exchange server and the OOS.
Installing Office Online Server
You can install OOS on Windows Server 2012 R2. Since this is the most common platform used at customers today I’ll for this one right now. When I can use Windows 2016 I’ll let you know.
So, install Windows 2012 R2, bring it up-to-date with all updates, make sure the .NET Framework 4.5.2 is installed and install the following prerequisite software using PowerShell:
Install-WindowsFeature Web-Server, Web-Mgmt-Tools, Web-Mgmt-Console, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Static-Content, Web-Performance, Web-Stat-Compression, Web-Dyn-Compression, Web-Security, Web-Filtering, Web-Windows-Auth, Web-App-Dev, Web-Net-Ext45, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Includes, InkandHandwritingServices, Windows-Identity-Foundation
When installed reboot the server.
The next step is to request and install a server certificate. This can be a regular certificate, no need to use a unified communications SSL certificate like you use on the Exchange server. You can use IIS Manager to create a new certificate.
When you’ve received the SSL certificate from your CA you can complete the certificate request. Make sure you give the certificate a friendly name, this name is used later in the process.
Installing OOS is very straight forward. Just start the setup application and follow the wizard, but the only the wizard will ask is the location where the binaries should be installed as shown in the following figure:
When the binaries are installed the actual server farm can be created, which is done using the following PowerShell command:
New-OfficeWebAppsFarm -InternalURL "https://office.exchangelabs.nl" -ExternalURL "https://office.exchangelabs.nl" -CertificateName "Office"
Please note the InternalURL and the ExternalURL, as well as the SSL certificate friendly name.
The installation of OOS is almost done now. The only thing left is to set the OOS endpoint. This can be set at the organizational level using the following Exchange PowerShell command:
Set-OrganizationConfig -WacDiscoveryEndpoint https://office.exchangelabs.nl/hosting/discovery
If you use this, you can leave the endpoint at the mailbox level empty.
Restart the Office on the Web app pool to activate the new setting using the following command on the Exchange server:
If you don’t want to use the endpoint at the organization level, for example if you still have Exchange 2013 servers in your organization, you can set in the Mailbox server level using the following PowerShell command:
Set-MailboxServer AMS-EXCH01 -WacDiscoveryEndpoint "https://office.exchangelabs.nl/hosting/discovery" Restart-WebAppPool MsExchangeOwaAppPool
To see if everything is up-and-running you can check if the endpoint is returning data. Using a browser, navigate to https://office.exchangelabs.nl/hosting/discovery and check the results. It should show something like this:
And then the most important part, test Outlook on the Web with the Office Online server. Just send an email with an Office attachment, open the email and click on the attachment. It should automatically load the attachment in your browser, like this:
7 thoughts on “Install Office Online Server 2016”
Great pots. I have installed OOS with Exchange 2016, blocked attachment using Direct Access setting, whihc works great, download are block and all office products are viewed using OOS, but the challenge i have is with jpg attachment, which are blocked , cannot be viewed, any idea how to allow image to just be viewed. Thanks Yemmi
JPG is blocked? Do you see the JPG attachment at all, do you get an error message or something? Never noticed anything strange here…
Thank you for replying, the email have the jpg attached but with a Red forbidden sign, we are just trying to block attachment but allowing our users to open and edit Office files using OOS and be able to view files such as jpg, view but not download.
There’s something wrong with your environment I’m afraid. I can see a JPG attachment in preview, and when I click on it the JPG opens fine in OOS, just as expected. Can you open other documents in OOS?
That is a good news , ity means it can be done and it is just a misconfiguration.
I created a custom web app policies with both direct file Access options unchecked,and applied it to a test user,
configured OOS server
set -WacDiscoveryEndpoint to point to oos server address on all exchange servers, not org elevel
conmfirmed AllowedFileTypes for the custom policy i created includes jpg.
the result allows the test user to be blocked from downloading any files or documents, but allows preview and edit using oos for the office docs such as excel and word
Hi again, i am not sure you can use OOS to preview jPG attachment.
see link below:
sorry what i meant is yes the test user preview and edit office documents but can not download them, but unfortunately any attached image such as jpg is blocked