Foreword

Without Office Online Server integration, the Word document can be downloaded, but it cannot be displayed directly:

Installation

Under Server 2012 R2, the necessary prerequisites must first be installed, the easiest way as always is with Powershell:

Install-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Static-Content,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,InkandHandwritingServices,Windows-Identity-Foundation

The following packages are also required:

• .NET Framework 4.5.2 Download
• Visual C++ Redistributable for Visual Studio 2015

.NET Framework 4.5.2 should already have been installed on a fully updated server via Windows Update. Alternatively, it can be downloaded and installed manually as described in the link above.

Now the Office Online Server installation can begin. The installation is self-explanatory:

The installation is now complete, continue with the configuration.

Configuration of Office Online Server

After the successful installation on Office Online Server, a certificate is first required for the new farm. In my case, I want to publish the farm under office.frankysweb.de, so only the corresponding DNS entry needs to be configured on the certificate. In this case, I get a certificate from my internal CA with the following settings:

Wichtig ist an dieser Stelle der Anzeigename unter dem Reiter „Allgemein“, er wird für die Konfiguration der Farm benötigt:

Of course, a certificate from a public CA can also be used. If you also want to use an internal CA, you can follow this article as far as possible:

• Exchange 2013: SAN certificate and internal certification authority (CA)

Instead of the Exchange Server, the Office Online Server is then authorized on the template. Once the certificate has been issued, the new farm can be created:

The farm is created with the following command:

New-OfficeWebAppsFarm -InternalURL "https://office.frankysweb.de" -ExternalURL "https://office.frankysweb.de" -CertificateName "Office Online Server"

Internal and external URLs are the same in my case. It is also advisable to use split DNS here so that internal and external names are the same.

Two new websites should now have been created in IIS, the website with the name HTTP80 is bound to the certificate just created:

You can test whether everything has worked up to this point by accessing the Discovery website:

https://office.frankysweb.de/hosting/discovery

If an XML file is displayed, it has worked and Exchange can be configured:

Exchange 2016 configuration

The configuration of Exchange 2016 is now done quickly. The following command marries Office Online Server with Exchange 2016:

Set-OrganizationConfig -WacDiscoveryEndpoint "https://office.frankysweb.de/hosting/discovery"

Now the pool only needs to be restarted for the configuration to take effect:

Restart-WebAppPool MsExchangeOwaAppPool

In OWA (oder Outlook on the Web) ist jetzt bei Office Dokumenten neben der Schaltfläche „Herunterladen“ auch „Anzeigen“ verfügbar:

Mit einem Klick auf „Anzeigen“ wird dann Word Online direkt in Outlook on the Web gestartet.

This works fine internally, but not yet from the outside. The Office Online server must be accessible externally via port 443 (HTTPS).

However, if, like me, you only have a public IP and have already assigned port 443 to Exchange, you will inevitably have a problem here, and I have not tried whether Office Online can also be accessed via a different port. But if you are the lucky owner of a Sophos UTM with a web server protection license, you can also offer other services under port 443 in addition to Exchange.

In this article, I have already described it for Exchange 2016 using Sophos UTM 9.4:

https://www.frankysweb.de/sophos-utm-9-4-waf-und-exchange-2016/

In addition to the Exchange entries, the certificate must also contain the Office Online Server name. In my case, this means the following names:

• mail.frankysweb.de
• autodiscover.frankysweb.de
• office.frankysweb.de

The corresponding configuration for Office Online Server can be found below:

Configuration Sophos UTM 9.4

To enable Office Online Server via Sophos UTM Webserver Protection (WAF), a firewall profile must first be created:

The following filter rules must be ignored:

950109
950120
981173
981176
981204
973302
973347
973335
973334

A real web server must now be created:

And now the virtual web server can be created:

A corresponding HOST-A entry must now be created in the public DNS (in my case office.frankysweb.de with the public IP of the UTM).