Deploy Hybrid Calendar Service for On-Premises Microsoft Exchange

Document created by Cisco Documentation Team on Oct 7, 2015Last modified by Cisco Documentation Team on Aug 18, 2017
Version 91Show Document
  • View in full screen mode

Hybrid Calendar Service for On-Premises Microsoft Exchange


With Hybrid Calendar Service, you can connect your Microsoft Exchange environment to Cisco Spark. This integration makes it easier to schedule and join meetings, especially when mobile; no plugins are required.


Hybrid Calendar Service has no Cisco call control dependency—you can use this service to extend features to Cisco Spark users, even if you use a third-party UC solution.


To simplify scheduling a meeting, your users can type these values in the invite Location field of their calendar client:


    @spark to create a Cisco Spark space for meetings or to host the meeting through Cisco Spark.



    @webex or their personal meeting room URL to include a clickable link for their WebEx personal meeting room.


From Outlook, your users can share their out of office status to other users in Cisco Spark. As soon as a user sets an automatic reply and date range, other users can see the status in Cisco Spark in these locations:

  • In @mentions directed at the out of office user.


  • In the People space for that user.


  • In search results for that user's name.



    In the expanded people roster for a space.


Follow these tasks to

  • Prepare your calendar environment.


  • Register a connector host to the Cisco Collaboration Cloud.


  • Register your calendar environment to the Cisco Collaboration Cloud



    Enable users for Hybrid Calendar Service. Once enabled, they can share out of office status with Cisco Spark users and use simplified meeting scheduling in your organization.


We recommend that you read the Cisco Spark Hybrid Services Design Guide for a detailed overview of Cisco Spark Hybrid Services, including architectural and design information.

Figure 1. Exchange (on-premises and cloud), Connector, and Cisco Spark Cloud Components for Hybrid Calendar Service.

Refer to this diagram which shows the components of Hybrid Calendar Service architecture and where the connectors integrate the on-premises components with the cloud.

Figure 2. One Button to Push Topology.

Refer to this diagram if you want to use Hybrid Calendar Service and Cisco TMS to provide one button to push (OBTP) to collaboration meeting rooms (CMRs).


Management Connector

The management connector is included in the Expressway-C base. You use it to register an Expressway to the cloud and link the Expressway interface with Cisco Spark Control Hub. The management connector plays an important role as the coordinator of all connectors running on the Expressway server or cluster: It provides you with a single point of control for connector activities. The management connector enables cloud-based management of the on-premises connectors, handles initial registration with the cloud, manages the connector software lifecycle, and provides status and alarms.

For an HTTPS connection to be established between the management connector and the cloud, you must update the trust list on the Expressway-C connector host with certificates that were signed by certificate authorities in use by the Cisco Collaboration Cloud. You can allow the Cisco Collaboration Cloud to upload CA certificates to the Expressway-C trust store. Or, in the case where security policies prevent the Cisco Collaboration Cloud from uploading trusted certificate authority certificates on Expressway-C, you may upload them manually.

Calendar Connector


The Calendar Connectoris the on-premises component of the Hybrid Calendar Service. The connector runs on an Expressway-C host that you register to the Cisco Collaboration Cloud.


The Calendar Connector acts like a broker between the cloud and your Microsoft Exchange (on-premises), Office 365 (cloud), or both (Hybrid Exchange deployment). The connector acts on behalf of users, similar to the way a client application would access a user's calendar information. The connector uses the impersonation role (which you can restrict to a subset of users) and uses Exchange Web Services to:


    Autodiscover where users are homed



    Listen for notifications on a user's calendar



    Retrieve information on a user's calendar items



    Populate meeting invitations with details of Cisco Spark spaces and WebEx personal rooms.



The Hybrid Calendar Service is designed to minimize security concerns in a hybrid environment:


    The cloud cannot retrieve or access the Exchange credentials from the connector



    The cloud has no direct access to Exchange through the connector



    The connector does not access any user email or contacts



    The connector does not create search folders or other extra folders for the user



    The connector is not an Exchange Foreign connector



    The connector does not interact with the Exchange Hub transport server



    No AD schema extensions are required



In production Exchange, the Calendar Connector increases the CPU usage and load on the CAS and MBX servers. The impact on your Exchange environment depends on:


    Your Exchange deployment



    The number of configured users



    The number of @webex/@spark meetings per user per hour



    The size of calendars



We document a throttling policy designed to help manage the increased traffic.


Requirements for Hybrid Calendar Service

Product   Release 
Any Cisco Spark paid offer Any paid offer
Cisco Expressway—download from at no charge We recommend the latest release of Expressway for connector host purposes. See here for the version support statement.
Microsoft Exchange

2010 SP3, 2013, 2016

Cisco WebEx—Use for @webex scheduling only; not required for @spark (If purchasing Cisco Spark Advanced Meetings, Cisco WebEx does not need to be purchased, because its capabilities are already included in Cisco Spark Advanced Meetings.) WBS29.13 and later (WBS31 or later is required for sites that use Cisco Spark-integrated single sign-on.)

Complete the Prerequisites for Hybrid Calendar Service

1    Allow time to configure the impersonation account. See "Exchange Impersonation Account" below to understand the role of the account and for answers to common questions that related to security
2    Install or make sure you're running a supported calendar environment, as described in Requirements for Hybrid Calendar Service.
3    Ensure that users are listed in Active Directory and have a discoverable mailbox in the organization's Exchange server.
4    Provide the following port access:
  • Port access for HTTPS or secure web sockets outbound from Expressway to *, *, *, and * TCP port 443 (secure)
  • Port access for EWS outbound from Expressway to Exchange: TCP port 443 (secure) or TCP port 80 (nonsecure)
  • Port access for LDAP outbound from Expressway to Active Directory: TCP port 636 (secure) or TCP port 389 (nonsecure)
  • Port access for Microsoft Global Catalog search: TCP port 3269 (for Global Catalog search secured by SSL) or TCP port 3268 (for unsecured Global Catalog search).
5    For @webex functionality, configure or use a Cisco WebEx Meeting Center site with CMR Cloud.
6    To make One Button to Push (OBTP) available for Unified CM-registered endpoints managed by TMS on @spark or @webex meetings:
  • Set up Cisco TMS 15.0 and Cisco TMSXE 5.0 or higher with Microsoft Exchange integration. See here to view the Cisco Collaboration Meeting Rooms (CMR) Hybrid Configuration Guide (TMS 15.0 - WebEx Meeting Center WBS30) . TMS and XE require no additional configuration to support Hybrid Calendar Service
  • To make conference rooms schedulable in Microsoft Outlook/Exchange, configure them in XE as if you were using on-premises conferencing. To configure rooms in Exchange, use the Cisco TelePresence Management Suite Extension for Microsoft Exchange Administration Guide available here.
  • Understand the licensing requirements:

      TMS and XE Licensing is the same as if using on-premises resources. You require enough licenses to cover the number of endpoints that will use OBTP. A TMS license is needed to manage the endpoint and to push the speed dial button on the touchpad at the time of the scheduled conference. A TMS-XE license is needed for the endpoint to be scheduled in Exchange.


  • OBTP works with Hybrid Calendar Service (@spark or @webex) and Productivity Tools plugin for meeting invitations:

      Hybrid Calendar Service (@spark or @webex) populates the user attribute "TMS:ExternalConferenceData" with the SIP URI for TMS to set the OBTP dial string.



      Productivity Tools plugin populates the attribute "UCCapabilities" attribute with the SIP URI for TMS to set the OBTP dial string.



If you have on-premises conferencing, you can add OBTP with CMR cloud and run both at same time. We support OBTP functionality only; auto connect is not available.

Related Information

Complete the Expressway-C Connector Host Prerequisites for Cisco Spark Hybrid Services


Use this checklist to configure a Expressway-C connector host for Cisco Spark Hybrid Services before you register it to the Cisco Collaboration Cloud to run hybrid services.

Before You Begin 

We recommend that the Expressway-C be dedicated to hosting connectors for Cisco Spark Hybrid Services. You can use the Expressway-C connector host for other purposes, but that can change the supported number of users. See the capacity information below so that you can plan your deployment accordingly.

1    Obtain full organization administrator rights before you register your Expressway(s),and when you access to administer your organization services to Cisco Collaboration Cloud.
2    Plan your connector capacity and follow the supported Expressway scalability recommendations:
  • For Hybrid Calendar Service (Exchange) on a dedicated Expressway-C:

      Calendar Connector supports one cluster with up to two Expressway-C nodes.



      Calendar Connector can under-provision users. If a single node fails, the system has extra capacity for all users to fail over to the working node. If one of the nodes fails in the cluster, the discovery and assignment services move users to the working node in approximately 30 seconds.



      The service catches up on any missed notifications if there is an outage.


Table 1 Dedicated Expressway-C

Function on the Expressway-C


Medium OVA




Calendar Connector (on-premises Exchange)


15000 users




Calendar Connector (On-premises Exchange)


5000 users


Coresident with call connector


Call Connector


5000 users




Call Connector


5000 users


Coresident with calendar connector

Table 2 Shared Expressway-C

Function on the Expressway-C

Small OVA

Medium OVA


Calendar Connector (On-Premises Exchange)

500 users


1000 users (normal operation); 2000 users (simplex failure)

Coresident with call connector, and signaling and media

Call Connector

500 users


1000 users (normal operation); 2000 users (simplex failure)

Coresident with calendar connector, and signaling and media

SIP Signaling and Media for Hybrid Services

500 users


1000 users (normal operation); 2000 users (simplex failure)


Coresident with calendar connector and call connector

3    Deploy the Expressway-C connector host in a cluster to account for redundancy.  

Cisco Spark Hybrid Services are highly available if Microsoft Exchange, Unified CM, and Cisco Expressways are deployed in a cluster. The same guidelines that apply to Cisco VCS and Expressway apply for the Expressway-C connector host clustering.

4    Follow these requirements for the Expressway-C connector host.
  • Install the minimum supported Expressway software version. See the "Management Connector Release Notes" in the related links below for more information.
  • Install the virtual Expressway OVA file according to the Cisco Expressway Virtual Machine Installation Guide (X8.7), after which you can access the user interface by browsing to its IP address. You can find the document in the list of Cisco Expressway Install and Upgrade Guides on
  • You do not require a release key, or an Expressway series key, to use the virtual Expressway-C for the Cisco Spark Hybrid Services. You may see an alarm about the release key. You can acknowledge to remove it from the interface.
  • Use the Expressway web interface in a supported browser: Internet Explorer 8 or 9 (not in compatibility mode), Firefox 3 or later, or Chrome.

    The interface may work in other browsers, but they are not officially supported. You must enable JavaScript and cookies to use the Expressway web interface.

5    If this is your first time running Expressway, you get a first-time setup wizard to help you configure it for Cisco Spark Hybrid Services. In some versions, if you check the Hybrid Services option in the wizard, you may see a note about the need for a dedicated service. To use the Expressway-C connector host for coresident connectors and SIP signaling and media for hybrid traffic, you may have to bypass the Cisco Spark Hybrid Services option in the configuration wizard.
  1. When the wizard starts, choose Proceed without selecting services. For a coresidence scenario, you may have to uncheck other services first before you can choose this option.
  2. Paste the text from your release key email.
  3. Continue with the configuration wizard.
6    Follow these configuration requirements for the Expressway-C connector host. See the Cisco Expressway Basic Configuration Deployment Guide, in the list of Cisco Expressway Configuration Guides on, for details.
  • Basic IP configuration (System > Network interfaces > IP)
  • System name (System > Administration)
  • DNS settings (System > DNS)
  • NTP settings (System > Time)
  • New password for admin account (Users > Administrator accounts, click Admin user then Change password link)
  • New password for root account (Log on to CLI as root and run the passwd command)
7    Follow these master peer configuration steps:
  • Configure the Expressway as a cluster master peer before you register it, even if you do not currently intend to install an extra peer.
  • Register for and configure Cisco Spark Hybrid Services on the master peer of the Expressway-C cluster. However, each peer in the cluster independently downloads and install connectors, and independently connect to Cisco Cloud Collaboration Services using the cluster's shared configuration.
  • Follow the minimum settings required to configure a master peer, but see the Cisco Expressway Cluster Creation and Maintenance Deployment Guide (X8.7) at for details:

      On System > Clustering > Cluster name, enter the FQDN that resolves in DNS to the FQDNs of the peers



      System > Clustering > Peer 1 IP address should be the IP address of this Expressway



      System > Clustering > Configuration master should be 1.



      System > Clustering > Cluster pre-shared key should be a memorable secret (you'll need to enter it on future peers).


8    If you have not already done so, open required ports on your firewall. All traffic between Expressway-C and the Cisco Collaboration Cloud is HTTPS or secure web sockets. TCP port 443 must be open outbound from the Expressway-C to *, *, and *
9    Obtain the details of your HTTP proxy if your organization uses one to access the internet. The proxy must support either no authentication or basic authentication, because these are the only authentication types supported by the Expressway
  • We tested and verified Squid 3.1.19 on Ubuntu 12.04.5.
  • We have not tested auth-based proxies.
10    Review these points about certificate trust. You can choose the type of secure connection when you begin the main setup steps.  

    Cisco Spark Hybrid Services requires a secure connection between Expressway-C and Cisco Collaboration Cloud.


    You can let Cisco Collaboration Cloud manage the root CA certificates for you. However, if you choose to manage them yourself, be aware of certificate authorities and trust chains; you must also be authorized to make changes to the Expressway-C trust list.



    Access to the Expressway CA trust list may also be required if you want to secure the connections between Expressway-C and Microsoft Exchange, or between Expressway-C and Microsoft® Active Directory®, when configuring the Calendar Connector.



Set Up an Impersonation Account for On-Premises Microsoft Exchange


Before You Begin
  • You must choose a mail-enabled account to use as the service account. (The account doesn't have to be an administrator, but it must have a mailbox.)


  • If you limited the set of users that are synchronized with Active Directory using LDAP filters, you may want to limit the impersonation by using a new or existing management scope in Exchange.


  • For instructions and more detailed information from Microsoft on management scopes and impersonation, see:
1    Sign in to a server on which Exchange Management Shell is installed. Sign in with one of the following accounts:
  • An account that is a member of the Enterprise Admins group.
  • An account that can grant permissions on Exchange objects in the configuration container.
2    Run the following command in Exchange Management Shell:

new-ManagementRoleAssignment -Name:RoleName -Role:ApplicationImpersonation -User 'ServiceUserName'

  • RoleName is the name that you want to give the assignment, for example, CalendarConnectorAcct. The name that you enter for RoleName appears when you run get-ManagementRoleAssignment.


  • ServiceUserName is the name of the account you selected, in domain\alias format.



Configure a Throttling Policy and Apply it to the Impersonation Account

A custom throttling policy helps the Calendar Connector work smoothly:

    In Exchange Server 2013 and 2016, the policy removes EWS limits from the impersonation account, to avoid maxconcurrency issues.



    In Exchange Server 2010, the policy overrides the default policy. The default is tailored for user load, not for an enterprise application.


1    In Exchange Management Shell, create the policy.
  • For Exchange Server 2013 or 2016, enter:

    New-ThrottlingPolicy -Name "CalendarConnectorPolicy" -EWSMaxConcurrency unlimited -EWSMaxBurst unlimited -EWSRechargeRate unlimited -EWSCutOffBalance unlimited -EWSMaxSubscriptions 5000

  • For Exchange Server 2010, enter:

    New-ThrottlingPolicy -Name "CalendarConnectorPolicy" -EWSMaxConcurrency $null -EWSPercentTimeInAD 100 -EWSPercentTimeInCAS 500 -EWSPercentTimeInMailboxRPC 300 -EWSMaxSubscriptions 5000 -EWSFastSearchTimeoutInSeconds 60 -EWSFindCountLimit 1000

2    If you're using Exchange Server 2013 or 2016, and the impersonation account does not have a mailbox, run the following command:      

Enable-Mailbox "impersonation account" -Database "database name"

3    Apply the new policy to the impersonation account:      

Set-ThrottlingPolicyAssociation -Identity "impersonation account" -ThrottlingPolicy "CalendarConnectorPolicy"

  • "impersonation account" is the name of the impersonation account you're using as the service account for the Calendar Connector.


  • CalendarConnectorPolicy is the name of the policy that you created in Step 2.


4    Confirm that the mailbox is using the new policy:      

Get-ThrottlingPolicyAssociation -Identity "impersonation account" | findstr "ThrottlingPolicy"

5    On each Exchange 2010 server that has the CAS role, restart the Microsoft Exchange RPC Client Access service.
What to Do Next


Register the Expressway-C Connector Host to the Cisco Collaboration Cloud


Register the Expressway-C Connector Host to the Cisco Collaboration Cloud


Cisco Spark Hybrid Services use software connectors to securely connect the Cisco Spark service to your organization's environment. Use this procedure to register your Expressway-C.


After you complete the registration steps, the connector software is automatically deployed on your on-premises Expressway-C (the software connector host).

Before You Begin           

    Sign out of any existing Expressway-C connections that are open in other browser tabs.



    If you're registering a cluster, register the master peer. You don't need to register any other peers, because they register automatically when the master registers. If you start with one node set up as a master, subsequent additions do not require a system reboot.



    If your on-premises environment proxies the outbound traffic, you must first enter the details of the proxy server on Applications > Hybrid Services > Connector Proxy and then complete this procedure. Doing so is necessary for successful registration.



    The Cisco Collaboration Cloud rejects any attempt at registration from the Expressway web interface. You must register your Expressway through Cisco Spark Control Hub.



    If the registration process times out, or fails for another reason (for example, you must fix certificate errors or enter proxy details), you can restart registration in Cisco Spark Control Hub.


1    From the customer view in, go to Services, click Set up on the card for the hybrid service you're deploying, and then click Next.
2    Choose a method to register the Expressway-C:
  • For a new connector host—choose the first radio button, click Next, and then enter your Expressway-C IP address or fully qualified domain name (FQDN) so that Cisco Collaboration Cloud creates a record of that Expressway-C and establishes trust. Specify a name, too.
  • For an existing connector host—choose the second radio button, and then choose the node or cluster from the drop-down that you previously registered. You can use it to run more than one hybrid service.
3    For new registrations, click Next, and then click the link to open your Expressway-C. You can then sign in to load the Connector Management window.
4    Decide how you want to update the Expressway-C trust list:          

A check box on the welcome page determines whether you will manually append the required CA certificates to the Expressway-C trust list, or whether you allow Cisco Collaboration Cloud to add those certificates for you.    


Choose one of the following options:

  • Check the box if you want Cisco Collaboration Cloud to add the required CA certificates to the Expressway-C trust list.
    When you register, the root certificates for the authorities that signed the Cisco Collaboration Cloud certificates are installed automatically on the Expressway-C. This means that the Expressway-C should automatically trust the certificates and be able to set up the secure connection.

    If you change your mind, you can use the Connector Management window to remove the Cisco Collaboration Cloud CA root certificates and manually install root certificates.      

  • Uncheck the box if you want to manually update the Expressway-C trust list. See the Expressway-C online help for the procedure.     

    When you register, you will get certificate trust errors if the trust list does not currently have the correct CA certificates. See Certificate Authorities that Must be Trusted by Your Existing Environment for Cisco Spark Hybrid Services.          

5    Click Register. After you're redirected to Cisco Spark Control Hub, read the on-screen text to confirm that Cisco Collaboration Cloud identified the correct Expressway-C.
6    After you verify the information, click Allow to register the Expressway-C for Cisco Spark Hybrid Services.      

    After the Expressway-C registers successfully, the Cisco Spark Hybrid Services window on the Expressway-C shows the connectors downloading and installing. The management connector automatically upgrades itself if there is a newer version available, and then installs any other connectors that you selected for the Expressway-C connector host.



    Each connector installs any new interface windows. You can use these to configure and activate that connector. You can access them on the Applications > Hybrid Services menu on your Expressway-C connector host.



Troubleshooting Tips

If registration fails and your on-premises environment proxies the outbound traffic, review the Before You Begin section of this procedure.

Append the Exchange CA Certificate to the Expressway Trusted CA List


If you want to verify the certificates presented by the Exchange Server, then the Expressway trust list must contain the certificate of the CA that signed the Exchange Server certificate. The CA certificate may already be in the trust list; use this procedure on each Expressway cluster to check the list and append the certificate if necessary.


If you're using a custom domain, make sure that you add the CA certificate for the domain certificate issuer to the Expressways.

Before You Begin   

You must import certificates to each Expressway-C.

1    On the Expressway-C connector host, go to Maintenance > Security certificates > Trusted CA certificate.
2    Review the CA certificates in the trust list to check if the correct CA certificate is already trusted.
3    To append any new CA certificates:
  1. Click Browse (or the equivalent in your browser) to locate and select the PEM file.     
  2. Click Append CA certificate.     

The newly appended CA certificate appears in the list of CA certificates.

4    To replace an existing CA certificate with an updated one, for a particular issuer and subject:    
  1. Check the check box next to the Issuer details.
  2. Click Delete.
  3. Append the replacement certificate as described above.

Certificate Authorities that Must be Trusted by Your Existing Environment for Cisco Spark Hybrid Services



The table lists the Certificate Authorities that your on-premises or existing environment must trust when using Cisco Spark Hybrid Services.


If you opted to have Cisco Collaboration Cloud manage the required certificates, then you do not need to manually append CA certificates to the Expressway-C trust list.




The issuers used to sign the Cisco Collaboration Cloud host certificates may change in future, and the table below may then be inaccurate. If you are manually managing the CA certificates, you must append the CA certificates of the issuing authorities that signed the currently valid certificates for the hosts listed below (and remove expired/revoked CA certificates).


Cloud hosts signed by this CA


Issuing CA            


Must be trusted by


For this purpose



       O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root            



To ensure Expressway downloads connectors from a trusted host      


Common Identity (CI) service

O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority            

Windows Server 2003 or Windows Server 2008 hosting the Directory Connector




To synchronize users from your Active Directory with Cisco Collaboration Cloud and to authenticate Cisco Spark Hybrid Services users


Cisco Spark      

O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority            





Link the Calendar Connector to Microsoft Exchange


The Calendar Connector installs automatically after you register your Expressway for Cisco Spark Hybrid Services. The connector does not start automatically, and requires some configuration.


Link Calendar Connector to your calendar environment and CMR sites.

1    From the Expressway-C connector host, go to Applications > Hybrid Services > Calendar Service > Microsoft Exchange Configuration, and then click New.
2    Enter the credentials of the service account that you want the Calendar Connector to use to connect to Exchange.       
The service account queries calendars on behalf of your users, using the impersonation role. You can use these formats:
  •     —The userPrincipalName. Typically, this value matches the user's primary email address, but the properties are separate. userPrincipalName consists of the User Logon Name (not always the same as sAMAccountName) and the UPN suffix, which is based on the Active Directory domain (not always the same as the NetBIOS domain).



    DOMAIN\username—DOMAIN is the NetBIOS domain (the pre-Windows 2000 domain); "username" is the sAMAccountName (the legacy username or pre-Windows 2000 username).


    If you're unsure about what to use for these formats, use Active Directory Users and Computers on a Windows machine to view the Account tab of the Properties pane for the user in question. The correct values to use are displayed as:

      User logon name for the first format.



      User logon name (pre-Windows 2000) for the second format.


3    Enter a unique Display Name for this Exchange Server.
4    For the Type, select Exchange On-Premises for Exchange 2010, 2013, or 2016
5    For Need Proxy for Connection?, select Yes if https access goes through a web proxy to your Exchange CAS (Client Access Server) array.
6    For Enable this Exchange server?, select Yes.      

You can select No for debugging purposes, but users will not be subscribed to this Exchange.

7    (Optional)Select an Authentication Type.       

For added security, we recommend NTLM for 2010 and later on-premises Exchange servers.

8    Leave TLS Verify Mode as the default value On so that this Expressway-C verifies the certificate presented by the Exchange Server.       

You may need to update the trust stores on both servers to ensure that each one trusts the CA that signed the other's certificate.

9    For Autodiscovery, choose whether you want to manually enter the Exchange server or let the Calendar Connector discover it automatically.
  • Select Provide Exchange Address directly and enter the IPv4 address, IPv6 address, or FQDN of the Exchange Server. This option does not use autodiscovery.
  • Select Use Active Directory to enable autodiscovery. The connector queries Active Directory to find one or more Exchange Servers.

Autodiscovery is required for on-premises deployments of Microsoft Exchange 2013 and later.

10    (Optional)If you chose Use Active Directory, configure the extra fields with the AD details.
  1. Enter the Active Directory domain that the Calendar Connector will query.
  2. Optional: Enter the Active Directory site that is geographically closest to the Calendar Connector, to optimize the query response time.
  3. Select a Query mode to control which directory access protocol that Calendar Connector uses to query Active Directory.         

    If you select ldaps (secure LDAP), the Domain Controller must authenticate itself by presenting a server certificate to this Expressway-C.

  4. Enable LDAP TLS Verify Mode if you want the Expressway-C to validate the certificate presented by the Domain Controller. This option checks the server name against the CN or SANs in the received certificate, and also checks that the issuing authority is in the local trusted CA list.
  5. Enter an Email Address so that Calendar Connector can test the connection and check that the directory query worked.         

    This entry must be a real mailbox on the discovered Exchange Server.


    If the test fails, then your settings are not saved. If the mailbox name is omitted, then your settings are saved without verifying connectivity.

11    Click Add to store the Exchange Server configuration on the Expressway-C.      

The Calendar Connector tests the connection to the Exchange environment.

12    After the connector is enabled, disable and enable it again for any Exchange configuration changes to take effect.
What to Do Next


Configure the Calendar Connector's WebEx Site Settings


Configure the Calendar Connector's WebEx Site Settings


After you configure the Exchange settings, configure the details for your WebEx Meeting Center with CMR Cloud sites.

Before You Begin   
    For the @webex functionality to work for users, verify the following:

      You have at least one WebEx Meeting Center with a Personal Meeting Room (PMR) site.


      The email address in each user's WebEx account matches:

        the user's Exchange email address



        the user's email address in the identity service



    Gather the local WebEx credentials for a user on your site: either with Site Admin - view only or Site Admin permissions (T29 or 30) or a valid WebEx user account (T31 and later). The Calendar Connector uses this account to access the PMR details for WebEx users who schedule meetings with @webex.


1    On the Expressway-C, go to Applications > Hybrid Services > Calendar Service > Cisco WebEx Configuration, and then click New
2    Enter the Fully Qualified Site Name for this WebEx Meeting Center with CMR Cloud site.


If your site is accessed as, you'd enter

3    Enter the following information, depending on your version of WebEx Business Suite (WBS):
  • For T31 and later, enter a valid WebEx user account email address, leave the password field blank, and then click Test Connection to validation the site information that you entered. If testing the connection fails, you can save the configuration with both the username and password fields blank.
  • For T29 or 30, enter a read-only admin account username and password.
4    Indicate whether or not this site is the default that is used when schedulers enter just @webex.


For non-default sites, users must enter @webex:sitename. (For example, users whose personal rooms are on a site called must enter @webex:altsite in the meeting location field.)

5    Click Save to save the configuration.

Start the Calendar Connector

You can do this task before you configure the Calendar Connector links to your Exchange environment and CMR environment, but all tests will fail until the Calendar Connector is Running and you may need to restart the connector after configuration.
1    From Expressway, go to Applications > Hybrid Services > Connector Management.      

The Connector management section of the page has a list of connectors and the status of each. The Management Connector is Running and the Calendar Connector is Not enabled.

2    Click Calendar Connector.
3    Select Enabled from the Active drop-down list.    
4    Click Save. The Calendar Connector starts and the status changes to Running.
What to Do Next


Enable the Hybrid Calendar Service for Users


Enable the Hybrid Calendar Service for Users



Use this procedure to enable individual Cisco Spark users for Hybrid Calendar Service.


See the documentation for alternative ways to enable services for your Cisco Spark users in bulk or in a directory synchronized organization.

Before You Begin 

Start the Calendar Connector

1    From, go to Users, and then choose a specific user from the list.

You can use the search function to narrow down the list of users.

2    Click the row to open an overview of the user.
3    Click Calendar Service, toggle on Hybrid Calendar, and then save your changes.   

After you activate the service, the Cisco Spark user status changes from Pending Activation to Activated. The length of time for this change depends on the number of users that you're enabling for the service.


Users receive an email that indicates the feature is enabled. See the documentation below if you want to disable email notifications.

What to Do Next

  Test the calendar features

Follow these articles to test the Hybrid Calendar Service scheduling and out of office features with your users:  .