Lync Server 2013 and Skype for Business Server 2015 – WAC (Office Web Apps Server) – Part 1: Installing and configuring

27.03.2013: Updated to the latest version of Office Web Apps Server.

Lync Server 2013 WAC is a new requirement in the Lync Server 2013 deployment. You’ll have to have this server is you want to be able to share PowerPoint presentations.

The installation and configuration of this server is quite easy,  let’s take a look:


First, download the Microsoft Office Web Apps Server from here and the update from here. While it downloads, we can configure the other prerequisites.

If you’re using Windows Server 2008R2, please download Microsoft’s .Net Framework 4.5, download Windows Management Framework 3.0, and download KB2592525, which will allow you to run the applications in a Server 2008R2 environment.

Install all of the above, Then, run this using an elevated PowerShell:

Import-Module ServerManager
Add-WindowsFeature Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-App-Dev,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,Web-Security,Web-Windows-Auth,Web-Filtering,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Console,Ink-Handwriting,IH-Ink-Support

Restart the server if you’re prompted to do so.

If you’re using Windows Server 2012, it’s even easier; Just run the following from an elevated  PowerShell (Server 2012 imports the relevant PS modules automatically, so you don’t have to use the “Import-Module” command) :

Add-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Static-Content,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,InkandHandwritingServices

Restart the server if you’re prompted to do so.

Install the Microsoft Office Web Apps Server:

For Server 2012, double-click the .img file and run “Setup.exe”.

For Server 2008R2, open the .img file with any software of your choice and run “Setup.exe”

Restart the server if you’re prompted to do so and install the update.

Create a certificate:

Like most Lync services, you’re required to assign a certificate to this service as well.

We’ll use the IIS Manager to do that:

Launch the IIS Manager and scroll down to “Server Certificates”:

In the “Server Certificates” window, click on “Create Domain Certificate” in the Action pane:

In the “Create Certificate” window, fill the details of your server and organization. Note that the “Common Name” must be in the “Server.Domain.Local” format:

In the next window, choose you CA, and give your certificate a friendly display name – We’ll use that name later:

When you click “Finish”, you’ll see you have a new certificate:

Configure the WAC Server:

From an elevated PowerShell, run the following command:

New-OfficeWebAppsFarm -InternalURL “https://LyncWAC.YourDomain.Local” –CertificateName “My WAC Server”

In -CertifiacteName, enter the friendly name you gave your certificate earlier.

The result should look like this:

To check that, open a web browser and go to https://LyncWAC.YourDomain.Local/hosting/discovery, you should get this result:

If you get an error, try fixing your .Net Framework 3.5 components with this command:

%systemroot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -iru,

Then, run iisreset /restart /noforce.

Your WAC Server is ready!

Add the Server to Lync Topology:

Open the Lync Server Topology Builder, expand “Shared Components”,right click “Office Web Apps Servers”, and choose “New Office Web Apps Server…”:

In the new window, type your server’s FQDN. the wizard will fill-in the discovery address:

Press OK, and the server is in your topology:

Associate your  Front-End pools with your Office Web Apps Server, publish the topology, and you’re done!

See how to publish your WAC server in Part 2 of this post

33 thoughts on “Lync Server 2013 and Skype for Business Server 2015 – WAC (Office Web Apps Server) – Part 1: Installing and configuring

  1. Hi Y0ay,
    Nice post, how ever can you please let me know the below:
    1. i will deploy two office web apps servers and will be load balanced by HLB, do i have to configure the internal url and external url as well.
    2. As per Microsoft technet article while defining internal url you have to provide the server fqdn even if you are using more then 1 server what if i will not put server fqdn instead i will choose another name
    3. our internal dns name is different then extenral one but in our internal dns server we have external domain name zone as well where owa A records are created and pointed to CAS servers, what if i will create internal and external url same will it be fine with the link
    4.If i want that those users are who are logged in outside can also view ppt presentations then should i require a dedicated public ip, external certificate and DNS A record for office web apps server
    5. if i will choose internal and external url different then do i have to add all office web apps server names as well as external and internal urls in the SAN name of the certificate

    1. Hi Salahuddin,
      Thanks for your feedback.
      1. You have to configure an internal url to enable internal access and an external url to enable external access. (This is relevant to your question #4: External users will have to use an external address which you will need to publish in DNS and using a reverse proxy – I will post on that in a few days.)
      2. You can choose another internal name that is different form your server’s name and assign it to your HLB. However, you’ll have to make sure your internal certificate is configured with all the right names. (server1.domain.local, server2.domain.local, HLB.domain.local)
      3. You will result in pointing your users to a wrong service. I recommend using a different name, whether internal or external.
      4. External users will have to use an external address which you will need to publish in DNS and using a reverse proxy – I will post on that in a few days.
      5. Your External certificate has to be configured with your external FQDN. Since you are referring to a single name from the web, that’s all you need. Your Internal certificate should be configured with the names of all your internal servers. This is very similar to Exchange certificates – The internal certificates should have all the internal names and the external certificate should have only the names published externally.

      Hope this helped!

  2. Hi Y0av,
    Thanks for your quick response,
    what i have undertstood from your answer is as below
    1. While creating a farm and defining internal url i can define wac.domain.local (which is different then the server names) is it correct or in the internal url i have to mention only one server name and then join the other server
    2. I should have two certificates one internal and one external certificate (provided by 3rd party Digicert), in internal certificate i should add server1, server2 as well as wac.domain.local, in the external certificate it will
    3. On which IP address i should point to the A record of office wab server, can it be lync simple url ip address or it has to be a dedicated public ip address.
    I am not publishing lync and wac server through TMG in this case all request will come to the hlb which means both certificates should be imported to hlb so that internal and external users will not get the warning.

    1. Hi Salahuddin,
      1. You’re correct. the internal url can point to your HLB internal FQDN, the certificate should be configured with all internal names.
      2. Correct.
      3. Internal: points to your HLB FQDN. External: points to a new Name with a dedicated IP. You can’t use the Lync simple name rules here because they’re being to port TCP4443 and the rule for WAC leaves the traffic on port TCP443.

  3. thank you very much great help, last questions,
    for lync web scheduler what will be the url will it be the external url of lync with which address books will be downloaded or will it be a seperate url
    for example will it be or will it be
    if it will be then again do i have to put this name in the external certificate SAN Name, and again i will require another dedicated public IP for this url.
    for WAC server external cert i think i can utilize the same SAN certificate in which i can just add external fqdn of wac name is it correct

  4. Hi,
    Thanks for this article.

    I followed it step by step, except for the certification part.
    Anyway I still can add it to my topology, but the problem is that I can’t associate it to my front-end server. I don’t even have the option available. Any idea on this ? For more information, I run LYNC2013 standard edition. This part works well. The XML part is good too.

    1. In Topology builder, when yo scroll down to “Shared Components”, don’t you have an “Office Web Apps Servers” container?

      1. I do have it, and i added my wac server, but still can’t associate it to my frontend server…

  5. Hi,
    I’m trying to configure Office WebApps 2013 – I have installed pre requirements as and now I’m trying to add new server farm “New-OfficeWebAppsFarm –InternalURL http://OWAPILOT –AllowHttp -EditingEnabled” but I have an error ‘Logon failure – unknown user name or bad password’ – how to solve this? Please guide me

    Using Windows Server 2008 SP1

    Installed .Net Framework 4.5, Windows Poweshell 3.0, KB2592525
    and Office Web Apps Server

    I am running Powershell as Admin and Executing the Following Code:

    PS C:\Users\Administrator> New-OfficeWebAppsFarm -InternalURL http://OWAPILOT -AllowHttp -EditingEnabled

    Got this Output:

    New-OfficeWebAppsFarm : Logon failure: unknown user name or bad password.
    At line:1 char:1
    + New-OfficeWebAppsFarm -InternalURL http://OWAPILOT -AllowHttp -EditingEnabled
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [New-OfficeWebAppsFarm], AuthenticationException
    + FullyQualifiedErrorId : System.Security.Authentication.AuthenticationException,Microsoft.Office.Web.Apps.Administration.NewFarmCommand

    Note: I didn’t installed any certificates as you suggested, Will that caused this log on error.. Please suggest

    Thanks, anbu

    1. Hi Anbu,
      You don’t need a certificate here if you’re not using HTTPS to connect to this server.
      At this point, I recommend removing the webfarm you created and re-installing the Office WEb Apps Server, then re-creating the webfarm.
      Let me know how you’re getting along!

      1. Good afternoon.
        I have the same problem.

        Team – New-OfficeWebAppsFarm – InternalUrl “” – ExternalUrl “” – SSLOffloaded – EditingEnabled

        Result in the magazine of appendices:

        The message in the magazine:

        Name of the faulty appendix: Microsoft.Office.Web.AgentManager.exe, version: 15.0.4481.1000 time mark: 0x50ee5ebe
        Name of the faulty module: clr.dll, version: 4.0.30319.18034 time mark 0x50b5a783
        Exception code: 0xc00000fd
        Mistake shift: 0x000000000005e6b7
        Identifier of faulty process: 0x11e0
        Time of start of the faulty appendix: 0x01ce4419036015c1
        Way of the faulty appendix: C:\Program Files\Microsoft Office Web Apps\AgentManager\Microsoft.Office.Web.AgentManager.exe
        Way of the faulty module: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
        Report code: 41a53348-b00c-11e2-85c9-00155d004720

        Prompt how to solve this problem.
        Thanks in advance.

      2. Hi Vladimir,
        This looks purely like an OS error or an installation package error.
        I’d try downloading the installation media again (Don’t forget the update as well), or running this on a different machine.

  6. Hello,
    I tried to install Office Web Apps on Windows Server 2012. If I follow official TechNet Article, the Framework .NET 3.5 is not listed, but if I don’t install it Office Web Apps doesn’t work. Do you know why this ?

    1. Hi Luca,
      .NET Framework 3.5 is not a prerequisite for installing Office Web Apps Server on Windows Server 2012.
      You can follow the instructions in this post to install the prerequisites.
      Let me know if you have any other issues.

    1. The WAC Server has to be a dedicated server for Office Web Apps. You cannot install it on an existing Lync server.

    1. Did you assign the WAC server to your Front-end server?
      Have you noticed it’s published right in the event viewer?

  7. Dear y0av,

    thank you very much great articles, they are really help me a lot.

    i have some questions which i hope you can help me answering them:

    1- do I have to install language pack or it’s optional?
    2- can I integrate WAC 2013 with Lync 2010 or Exchange 2010?
    3- can I include external URL in Lync SSL cert and import it in IIS and TMG?
    4- what –AllowHttp used for ?
    5- what – SSLOffloaded used for?


    1. Hi Rhala,

      1- Installing language packs is optional and based on the configuration of your server.
      2- You cannot integrate WAC with Lync 2010 – This option does not exist. Same goes for Exchange 2010.
      3- Yes.
      4- AllowHttp is if you would like to allow non-encrypted (HTTPS) sessions to your server.
      5- SSLOffloaded is used when you have a load balancer that terminates the HTTPS session.

      You can refer to Microsoft’s documentation for this.

      Hope this helps 🙂

  8. Thanks a lot, it’s really help, and for that i have another questions 🙂

    i hope you have time to help me for the below as well:

    1- Which languages included in “Language pack” and which languages come with the default installation?

    2- We use internal WAC server name to configure Lync and Exchange, then how Lync and exchange will know the external URL if the users access from outside?

    3- How I can use internal cert for internal URL and another external for external URL, i mean how to do this in IIS?

    4- While create the certificate requiest, the “Common Name” must be in the “Server.Domain.Local” format, so do i have to include the internal name or external URL?

    5- can i use the last update “” directly to install WAC? or i have to install RTM package and then the update? and do i have to install the last update only or all the updates released?

    thanks a lot.

  9. I have followed all the required steps as per technet, but when I tried to use it I couldn’t so I searched for the error I found that I have hundreds of errors in the event Viewers. so I searched and found your blog and noticed Luca Fabbri who said that his issue fixed when he installed .Net 3.5 and that’s what happened with me when I installed it and then it’s working.

  10. Hi y0av must ehco the sentiments of some people here you are awesome and have decided to follow your posts in the lync deployment.
    Now for the tasks at hand.
    I am able to get an XML for my external wac address however the certificate is showing that of the Internal server. Is that alright ? I installed a wildcard certificate on both IIS server and Wac server.

    1. Hi Richard,
      Thanks for the kind words!
      I’d recommend using a dedicated certificate for your internal server and a 3rd party certificate for your internet-facing servers.
      Is your wildcard certificate a 3rd party public certificate? Can you confirm that you’re hitting the IIS ARR server when accessing from the internet?

  11. Oustanding. Just what I needed to fix my broken OWA. I reinstalled it and renewed my certificate. This helped me to get going. Thanks!

  12. Hi, Thanks a lot for this very informative wac article. We’re planning to change the IP addresses of already installed wac servers. Do I have to publish again the topology after changing the ip and rebooting the wac servers ?

    1. Hi,
      If you’re only changing the IP address there’s nothing you need to do except for changing the A record address on your DNS.
      There’s no change to the topology, but you might see some warnings until the new IP address is replicated and cleared from all machine’s cache.
      You don’t need to republish your topology.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.