Deploying XMPP for Lync

 After deploying our edge server and enabling federation in this article the next logical step may be to enable communication with other IM platforms such as Google Chat via the XMPP gateway.  At the time of Lync RTM there was no updated XMPP server, so in this article we will utilize the OCS 2007 R2 version available from Microsoft here.

To start off with, this is what our environment will look like:


Since we will be adding another server, I have updated the hostname and IP address table below

Server Name Role IP Address
LyncDC.lyncguy.local Domain Controller/DNS/CA 10.255.106.160
LyncFE.lyncguy.local Lync Standard Edition Front End 10.255.106.161
Lyncedge.lyncguy.local Lync Edge server – not domain joined 10.255.106.162 (internal NIC)
LyncXMPP.lyncguy.com Lync XMPP Server – not domain joined 10.255.110.166

For this scenario we will be using a single NIC on our XMPP server, with the NIC placed in the same DMZ network our edge server’s external interface is on.  This will allow the edge and XMPP servers to communicate directly and to be protected by the corporate firewall.

No internal DNS changes are required to make this work, but since the XMPP server will be behind NAT and sharing the same network segment as the XMPP gateway we will update its host file so it can resolve the address of the XMPP gateway to the DMZ IP address and not the public IP.

To do that we will add an entry for the LyncXMPP.lyncguy.com on the edges host file pointing to its DMZ IP address (10.255.106.166).


Now we need to log into our XMPP server, set up the IP address and modify the hostname.  First we’ll assign our IP Address:


Now we modify our hostname


And modify the primary DNS suffix


To allow the XMPP server to reach our access edge I have added an entry for sip.lyncguy.com pointing to the DMZ IP address of the access edge

These entries allow the XMPP gateway and the edge server to communicate directly, not sending the traffic back and forth through the firewall since they are on the same network.

I will not cover the XMPP Gateway install or configuration; there is a great article here that covers everything you need to know including external DNS and firewalls (although those are covered below as well).

Once you have completed the steps in the article above you are ready to configure your Lync environment for XMPP.  To do that we start on the Front End server by opening the Lync Server Control Panel, going to “External Access” and then clicking on “Federated Domains”

Click New>Allowed Domain and add in the information for gmail.com and your XMPP server

Now click “Commit” to save your changes.  The changes will automatically be pushed to your edge server, but you can also check the Event Viewer under the Lync Server section to verify you see the following event

Next you need to open NAT port 5269 inbound from the public IP to your private IP

Rule Public IP Private IP Allowed Protocol – Port
XMPP Access XX.102.182.166 10.255.110.166 TCP – 5269

Last but not least you need to create public DNS records.  The first record will be an A record

Record Type Public Name Public IP Port
A Lyncxmpp.lyncguy.com XX.102.182.166  

Then we will create an SRV Record

Record Type Public Name Name Port
SRV _xmpp-server._tcp.lyncguy.com Lyncxmpp.lyncguy.com 5269

 

And now you should be able to chat with your google chat contacts via Lync.  XMPP can also be used to communicate with other IM services, see the documentation for more detail.

About these ads

About Kevin Peters

My name is Kevin Peters.
This entry was posted in Uncategorized and tagged , , , , , , . Bookmark the permalink.

62 Responses to Deploying XMPP for Lync

  1. Pingback: Lync Server 2010 features and how to configure them « msunified.net

  2. Arturas Rimonis says:

    Hello. What should i do if i have two DNS load balanced edge servers?

  3. Kevin Peters says:

    Hi Arturas,

    DNS Load balancing is only supported between Lync servers and clients, not the OCS server roles and since XMPP hasn’t been updated yet, it isn’t supported. It may or may not work, so you can always give it a shot. THe other options is to hardcode the edge FQDN as just one IP address on your XMPP servers host file. If that edge goes down XMPP will be down but at least it will work.

  4. Arturas Rimonis says:

    Ok. i am stuck. Its not working. Just after installing xmpp gw it was working, but next day when i tried it stopped sending messages. We are using same domain name inside and outside network. also we are using wildcard certificate(go daddy), and TMG. Maybe you could suggest something useful?

  5. Arturas Rimonis says:

    And also on edge server i am getting events:

    Federated partner *.mydomain.lt has sent a significant number of messages that have resulted in domain validation failures. There have been 3 such failures in the last 961 minutes.There have been 6 errors in total. This can happen when messages are sent to local users that don’t exist, messages are sent from domains that the partner isn’t allowed to send from, or when the partner sends messages destined to domains that this organization isn’t responsible for.

    external edge fqdn: sip.mydomain.lt
    internal edge fqdn: edge-1.mydomain.lt (workgroup computer with suffix)
    external xmpp fqdn: xmpp.mydomain.lt
    internal xmpp fqdn: xmpp-1.mydomain.lt (workgroup computer with suffix)

    edge host file:
    192.168.88.251 xmpp.mydomain.lt

    xmpp gw host file:
    192.168.88.2 sip.mydomain.lt

  6. Kevin Peters says:

    Hi Arturas,

    I see from your information you have 2 NICs in your XMPP server. Although I’ve seen this listed as a supported configuration, I’ve never actually made it work. For ease of installation and configuration I would recommend just having one NIC on your XMPP server. This NIC should be on the same subnet as the outside interface of your edge server and should route all traffic only to the external interface. Please give that a shot and post back with your results.

    Hope this helps!

    -kp

  7. Arturas Rimonis says:

    Thank you for your reply. My xmpp have one NIC.

    xmpp IP: 192.168.88.251
    edge IPs: Internal: 192.168.77.73 External: 192.168.88.2

    With wireshark i can see that xmpp gw receives message from google:

    Hello my lync friend!

    But these records are black and saying that checksum is bad:

    Header checksum: 0x0000 [incorrect, should be 0x20de]

  8. Arturas Rimonis says:

    *That message was full code, but disappeared after posting comment.

  9. Kevin Peters says:

    Arturas,

    I haven’t seen that error before, it’s probably a configuration issue on the XMPP server but I’m not sure what. It would probably be worth running back through this article and the one linked below to check your settings:

    http://technet.microsoft.com/en-us/library/ee806452.aspx

    Hope this helps!
    -kp

  10. Arturas Rimonis says:

    Hello Kevin,
    the problem is solved. I did lots of changes but i think this issue was because of my wildcard certificate(go daddy). On xmpp server i created self-signed certificate and put it to XMPP SIP configuration. I am not sure this was the only reason, but this was last change.

  11. Arturas Rimonis says:

    Hi Kevin,
    Its me again:) We have added more sip domains to our Lync server. Is it possible to use xmpp with more than one domain, or do i have to add dedicated xmpp server for every domain?

  12. Gerard Nijboer says:

    Hi Kevin & Arturas,

    At this moment, I am trying to deploy a Lync server linked to an Asterisk-powered server (Asterisk is gateway).
    Setting up a phone call works half, the receiving party does receive a phone call, but when I pick up, the Lync client does not start the conversation.
    I’ve looked at packet traffic, and noticed that my Lync server is sending packets with an incorrect Header checksum (0x0000).
    Since I’m not sure whether this is causing my problems, I wish to solve this problem.

    Could you give me some hints on how to solve this issue, I guess it might be related to Arturas’ topic.

    Cheers,

    Gerard

  13. Tim Perry says:

    Hi Kevin,
    I am wondering if you could help me out, this has been killing my brain. I have followed all 3 of your blogs for setting up Lync, Edge and XMPP. Almost everything is working properly. The only issue I have is that I can not recieve IMs from gmail. I can send them and they go through but cannot get a reponse. I have run the logging tool and here is what I get:
    TL_INFO(TF_PROTOCOL) [0]05E4.0CE4::05/10/2011-14:32:14.505.0000da07 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
    Trace-Correlation-Id: 910221276
    Instance-Id: 00000389
    Direction: incoming;source=”internal edge”;destination=”external edge”
    Peer: XMPP.mydomain.com:2660
    Message-Type: request
    Start-Line: SUBSCRIBE sip:myaccount@mydomain.com:5061;maddr=edgeserver.mydomain.com;transport=Tls SIP/2.0
    From: ;tag=8eee9a63cc
    To:
    CSeq: 46 SUBSCRIBE
    Call-ID: 867cf3489dc34bf4b52a592bd0fedb73
    MAX-FORWARDS: 70
    VIA: SIP/2.0/TLS 172.16.100.89:2660;branch=z9hG4bK843fbbda
    ACCEPT: application/pidf+xml
    CONTACT:
    CONTENT-LENGTH: 0
    EVENT: presence
    ms-asserted-verification-level: ms-source-verified-user=verified
    Message-Body: –
    $$end_record
    ************************************************
    TL_WARN(TF_DIAG) [0]05E4.0CE4::05/10/2011-14:32:14.505.0000dc14 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(145))$$begin_record
    LogType: diagnostic
    Severity: warning
    Text: The request URI domain is internally supported and cannot be routed to a federated partner
    Result-Code: 0xc3e93d75 SIPPROXY_E_EPROUTING_MSG_INTERNALDOMAIN_NOTALLOWED
    SIP-Start-Line: SUBSCRIBE sip:myaccount@mydomain.com
    SIP/2.0
    SIP-Call-ID: 867cf3489dc34bf4b52a592bd0fedb73
    SIP-CSeq: 46 SUBSCRIBE
    Data: domain=”mydomain.com”
    $$end_record
    ****************************************************
    TL_INFO(TF_DIAG) [0]05E4.0CE4::05/10/2011-14:32:14.506.0000deb1 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(147))$$begin_record
    LogType: diagnostic
    Severity: information
    Text: Response successfully routed
    SIP-Start-Line: SIP/2.0 404 Not Found
    SIP-Call-ID: 867cf3489dc34bf4b52a592bd0fedb73
    SIP-CSeq: 46 SUBSCRIBE
    Peer: XMPP.mydomain.com:2660
    Data: destination=”XMPP.mydomain.com”
    $$end_record
    ************************************************
    TL_INFO(TF_PROTOCOL) [0]05E4.0CE4::05/10/2011-14:32:14.506.0000deec (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
    Trace-Correlation-Id: 910221276
    Instance-Id: 0000038A
    Direction: outgoing;source=”local”;destination=”internal edge”
    Peer: XMPP.mydomain.com:2660
    Message-Type: response
    Start-Line: SIP/2.0 404 Not Found
    From: ;tag=8eee9a63cc
    To: ;tag=A4CF270669C3C57615B6E6432C0A4E8E
    CSeq: 46 SUBSCRIBE
    Call-ID: 867cf3489dc34bf4b52a592bd0fedb73
    Via: SIP/2.0/TLS 172.16.100.89:2660;branch=z9hG4bK843fbbda;ms-received-port=2660;ms-received-cid=2100
    ms-diagnostics: 1003;reason=”User does not exist”;TargetUri=”account@mydomain.com”;source=”edge.mydomain.com”
    Server: RTC/4.0
    Content-Length: 0
    ms-edge-proxy-message-trust: ms-source-type=EdgeProxyGenerated;ms-ep-fqdn=edge.mydomain.com;ms-source-verified-user=verified
    Message-Body: –
    $$end_record
    *******************************
    I have changed my domain and server names but have verified they are correct in the logs. Do you have any ideas? It looks like a routing issue. Thank you for any help. Tim

  14. I have a single server deployment of Lync and wanted to possible get Google and especially AIM for the users. Is it possible to get this sort of thing set up on a single server for smaller deployments? And is this similar to what is needed to get access to AIM? Unfortunately after getting things working internally for Lync and going through the process of getting AIM provisioned I have been unable to find how to get AIM itself working with Lync 2010 (OCS 2007 no problem)

  15. Trent Gillespie says:

    Thanks for the great blog posting! We were able to use this to set up XMPP chat with Gmail.

    I’m interested in using this to access Facebook’s chat function. They support XMPP but appear to have some additional restrictions for how authentication needs to occur through their platform that the OCS XMPP gateway doesn’t support. Any idea if this can work? Since Facebook is partly owned by Microsoft, and MS just bought Skype (and FB just integrated with Skype) I’d assume it is just a matter of time till someone works this out.

  16. Vindryn says:

    Hi,

    First I would like to thanks you for your greats articles about Lync, they helped me a lot.
    I have a problem with the gmail federation and hope anybody can help me :)

    I have 3 servers :
    – XMPP Gateway (lyncxmpp.domain.com) – not domain joigned
    – Lync Edge (lync-edge.domain.local)
    – Lync Front End (srv-lync01.domain.local)

    From the lync client a user can add a gmail user and send him an IM, it work. The Lync user can see the presence of the gmail user too.
    From the gmail client the user cannot send an IM to the Lync user, there is an error message that say “the user is disconnected”. The gmail user cannot see the presence of the Lync user and the Lync user appear as “invite”..
    If the Lync user send an IM to the gmail user, the gmail user can answer him, it work too. But after a period of inactivity the gmail user is unable to send IM anymore.

    So the XMPP seems to be working fine, the problem seems to come from the Edge server. I can see the following logs on the Edge if a gmail user try to send an IM to a Lync user :
    Component: SIPStack
    Level: TL_INFO
    Flag: TF_COMPONENT
    Function: CSIPRequest::IsTrustedForRouting
    Source: SIPRequest.cpp(94)
    Local Time: 09/08/2011-14:58:48.120
    Sequence# : 0000419D
    CorrelationId : 3195726454
    ThreadId : 1290
    ProcessId : 0CDC
    CpuId : 0
    Original Log Entry :
    TL_INFO(TF_COMPONENT) [0]0CDC.1290::09/08/2011-12:58:48.120.0000419d (SIPStack,CSIPRequest::IsTrustedForRouting:SIPRequest.cpp(94))[3195726454]( 0000000003FD5770 ) routedByApplication [0x00000000(false)], routeHeadersValidated [0x00000000(false)], sourceTrusted [0x00000000(false)]. TrustedForRouting = 0x00000000(false)
    *******************
    Component: SIPStack
    Level: TL_WARN
    Flag: TF_COMPONENT
    Function: CSIPRequest::RouteRequestUriAddr
    Source: SIPRequest.cpp(3010)
    Local Time: 09/08/2011-14:58:48.120
    Sequence# : 0000419E
    CorrelationId :
    ThreadId : 1290
    ProcessId : 0CDC
    CpuId : 0
    Original Log Entry :
    TL_WARN(TF_COMPONENT) [0]0CDC.1290::09/08/2011-12:58:48.120.0000419e (SIPStack,CSIPRequest::RouteRequestUriAddr:SIPRequest.cpp(3010))( 3195726454 )( 0000000003FD5770 ) Exit – untrusted request that is ineligible for static routing. Returned 0xC3E93C5E(SIPPROXY_E_ROUTING)
    *******************
    Component: SIPStack
    Level: TL_WARN
    Flag: TF_DIAG
    Function: SIPAdminLog::TraceDiagRecord
    Source: SIPAdminLog.cpp(145)
    Local Time: 09/08/2011-14:58:48.120
    Sequence# : 0000419F
    CorrelationId :
    ThreadId : 1290
    ProcessId : 0CDC
    CpuId : 0
    Original Log Entry :
    TL_WARN(TF_DIAG) [0]0CDC.1290::09/08/2011-12:58:48.120.0000419f (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(145))$$begin_record
    LogType: diagnostic
    Severity: warning
    Text: Non-trusted source with a request URI that is not eligible for static routing
    Result-Code: 0xc3e93c5e SIPPROXY_E_ROUTING
    SIP-Start-Line: INVITE sip:lyncuser@domain.com:5061;maddr=lync-edge.domain.local;transport=Tls SIP/2.0
    SIP-Call-ID: f8aa6a28ae7c4412ac76a1da675e87b9
    SIP-CSeq: 55 INVITE
    Data: destination=”sip:lyncuser@domain.com:5061;maddr=lync-edge.domain.local;transport=Tls”;user=”lyncuser@domain.com”
    $$end_record
    *******************
    Component: SIPStack
    Level: TL_ERROR
    Flag: TF_COMPONENT
    Function: SIPRouterOutReqEPInt::RS_RouteRequest
    Source: SIPRouterOutReqEPInt.cpp(155)
    Local Time: 09/08/2011-14:58:48.120
    Sequence# : 000041A0
    CorrelationId :
    ThreadId : 1290
    ProcessId : 0CDC
    CpuId : 0
    Original Log Entry :
    TL_ERROR(TF_COMPONENT) [0]0CDC.1290::09/08/2011-12:58:48.120.000041a0 (SIPStack,SIPRouterOutReqEPInt::RS_RouteRequest:SIPRouterOutReqEPInt.cpp(155))( 3195726454 )( 00000000035E7F58 ) Exit – failed to route the Request-URI. Returned 0xC3E93C5E(SIPPROXY_E_ROUTING)

    • Kevin Peters says:

      Vindryn,

      From the log “lync-edge.domain.local” is present in the line “SIP-Start-Line: INVITE sip:lyncuser@domain.com:5061;maddr=lync-edge.domain.local;transport=Tls SIP/2.0″, does this mean the XMPP server is trying to route to the internal NIC of the edge? If so that is most likely your problem, all routing to and from the XMPP server should hit the external NIC of the edge.

      Hope this helps!

      -kp

  17. Scott Eastman says:

    Hi, Great Doc, helped me loads when i was setting up XMPP server. wounding if you know anything with regards to ejabberd, we have lync talking with our ejabberd system and all seems to be working fine, however we seem to be getting authentication requests to the ejabberd users every few hours??? Even after they have accepted the initial request. I dont seem to be getting the same with gmail so assume it is something to do with ejabberd

    Thanks

  18. Jake says:

    I am getting the following on the xmpp server:
    Log Name: Office Communications Server
    Source: OCS Xmpp Gateway
    Date: 10/20/2011 6:24:07 PM
    Event ID: 33005
    Task Category: (1090)
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: XMPP..com
    Description:
    Office Communications Server SIPXMPPTGW: Configuration file not found.
    Event Xml:

    33005
    2
    1090
    0x80000000000000

    7
    Office Communications Server
    XMPP..com

    The following is the c:\program files\microsoft office communications server 2007 R2\XMPP gateway\TGWConsoleGui.dll.config file: (10.10.10.8 is the only NIC and IP address on the XMPP server which is in our DMZ and NAT’d to external)

  19. Jake says:

    The system was running Windows 2008 R2. I rebuilt it with Windows 2008 SP2 and it is now working.

  20. Rich says:

    Hi Kevin,
    Our XMPP server works great, but we have to constantly restart the service because we get the following errors:
    Event 33009 – Office Communications Server SIPXMPPTGW: Maximum XMPP Incoming Connections reached.
    Event 33013 – Office Communications Server SIPXMPPTGW: Throttling High Water Mark reached.

    Is there anything I can do to keep it from hitting these limits? I’m almost ready to write a script to just restart the service daily.

  21. John P. Grieb says:

    Thank you very much for your excellent article.
    I’m trying to connect lync to an XMPP Server.
    I followed the directions in your blog post and the edge server is reporting the following error after it looks up the SRV record of the XMPP Server’s domain:
    Data: domain=”nycvopfire04.msgtst.reuters.com”;fqdn1=”nycv-xmpptst01.lync.msgtst.reuters.comtrue5061″;reason=”The domain of the message resolved by DNS SRV but none of the FQDNs is in the same domain”
    My XMPP Server domain is “nycvopfire04.msgtst.reuters.com” but the FQDN of my XMPP Gateway is “nycv-xmpptst01.lync.msgtst.reuters.com”. The error seems to indicate that the FQDNJ of the XMPP Gateway should be “nycv-xmpptst01.nycvopfire04.msgtst.reuters.com” so that it matches the domain.

  22. Sandeep Swarup Satpathy says:

    Hi Kevin,

    I have recently deployed xmpp gateway server in my OCS 2007 R2 Org. After installing & Configuring the XMPP Gateway S/W i encounter issues while starting up the xmpp gateway service. The following events are logged in my eventviewer:
    Event ID: 3305 Office Communications Server SIPXMPPTGW: Configuration file not found.
    The following pre-requisties have been completed:
    1. Certificate for Xmpp.domain.com available.
    2. A & SRV records for xmpp.domain.com & _xmpp-server._tcp.domain.com
    3. Connectivity to Access Edge servers & XMPP Servers (google) working – i have checked it from Xmpp Gateway Console.

    Any suggestions would greatly assist in completing my configuration.

  23. joetrig says:

    Thanks for the article.
    It helped me very mutch
    Everything works

  24. Joe says:

    Thanks for the article.
    I followed the instructions and the instant message works well, but the presence works 50% of times.
    When I click on a contact from the Lync buddy list, it is shown available, but if I click again on the same contact I see the status “presence unknown”, and if I click once again on the contact it will became available and so on…
    Do you know why and how can I solve the issue?

  25. Victor says:

    Hi, we’ve implemented Lync with the OCS XMPP gateway for instant-messaging only and the reliability of the XMPP gateway is horrible. My engineer who is working with it tells me that if connections exceed 20/second the gateway fails. This happens often (multiple times per day) requiring a restart of the service. There are a number of posts complaining of the issue, and there is no suggested fix. People on the forums have resorted to using a Scheduled Task to restart the service multiple times per fay. Do you have any suggestion to fix it with the OCS gateway, or can you suggest a replacement gateway?

    • Kevin Peters says:

      Hi Victor,

      Unfortunately there is no fix for this yet AFAIK. Hopefully the product group will have this fixed soon. Until then I’d suggest using on of the “workarounds” in the forum posts.

      HTH

      -kp

  26. Leodrak says:

    Hello Kevin,

    Your guide is awesome and complete, congratz!
    I would like you to help me in a bottle neck configuring this XMPP GW.
    I have configured the XMPP and this server is on a DMZ (cant ping to CA, DC, Lync FE) I only can ping to Edge in this segment.
    The point is, all the guides i read about request and install Certificates assumes that i can log in on Active Directory, and so on CA, its supposed to be a DMZ, i guess there is a miss concept there.
    Being a non-active directory server, how can i request a usable certificate that CA can enroll?, i tried generating a txt with some codes with -BEGIN NEW CERTIFICATE REQUEST- and -END NEW CERTIFICATE REQUEST-, but when i import this to the CA it says it is not possible cause it doesnt has a certificate template.

    Can you help me please?

    Leo

  27. shawn says:

    http://social.technet.microsoft.com/Forums/en-US/ocsedge/thread/c2889323-37ca-4fd4-af9f-165cc9ef535d

    Start-Line: SIP/2.0 403 Forbidden Cannot route this type of SIP request to or from federated partners”;source=”sip.domain.co.uk”

    Despite following Drago’s guide and this guide meticulously i’m getting the above error in the lync logger when i try to add a gmail user into Lync. Any ideas?

  28. Michael.li says:

    Hi.Kevin
    Now i meet a question is:
    when Gtalk communicate with Lync Client through XMPPGateway.

    if one Gtalk user changes presence,how all the LyncClient(who subscribed Gtalk) can receive the notification?

    any serivce provided by XMPPGateway or any other good ideas?

    Thanks…

    • Kevin Peters says:

      Michael,

      Do you mean you want the users to get a popup when the gtalk user changes presense? If so, each user would need to tag that person for status change alerts (right click the contact and choose “Tag for status change alerts”. This cannot be done in bulk, each user needs to do it. If you don’t mean a popup, then I assume you mean just presense, which will work automatically once the user adds the gtalk user to their contact list.

      HTH

      -Kevin

      • Michael.li says:

        Thanks so much for your reply.
        as you said [then I assume you mean just presense, which will work automatically once the user adds the gtalk user to their contact list].

        i want to know,if 1000 Lync users add one Gtalk user as friend, and once this Gtalk user changes presence, how thest 1000 Lync user can receive this change? by XMPP GW? and how this GW do it? by sending 1000 XMPP packages?
        and if 10000 or more users need receive this presence change, how it can do it?
        Thanks!!!

      • Michael.li says:

        and if this GW send such XMPP package?what`s the content of this package?
        from? to? presence?
        and how this GW konws who want to receive this presence change?

      • Kevin Peters says:

        Michael,

        The way presense works is a subscribe message is sent from the users client to the front end server they are connected to. This message tells the FE that that user wants to receive messages (either via NOTIFY or BENOTIFY) about the persons listed in the subscribe message. This process happens as a batch at signin (you can look for SUBSCRIBE in the UCCAPI Log of the client). As far as how the FE and Edge handle the multiple subscriptions to a single external user, I’m not sure, I’ve never looked at it. But my guess is the FE’s send one subscribe to the edge for each remote contact, and when the presence information is sent back either in response to that request directly or later as an update (still based on the original subscripe) the Edge passes back to the FE and the FE back to the user. The only difference in this process for a GTalk or XMPP user would be the edge sends to the XMPP server instead of the remoted parties edge server.

        If you are looking for exacts on how all of that works I recommend logging as I have not seen it documented anywhere.

        HTH
        -kevin

  29. Michael.li says:

    Kevin.thanks so much for your help.
    I have this question because i begin to develop one XMPPGW just used to communicate between My IM and Lync, and my IM used SIP protocol.
    so i think, if my IM communicate to Lync Client.maybe the performance is a big question.
    when i changed my IM presence, all the Lync Client need to receive my change. so i worry about this…

  30. Parachuter says:

    Any one tried S2S secure SSL Certificates (SASL-External) between Openfire and OCS 2010 XMPP Gateway. I have an unsecure TCP Dialback working between them. When I switch to secure mode, the TLS handshake is successful and proceeds to SASL. On Wireshark I can see in ‘Application Data’ Openfire sending after SASL negotiation.

    OCS Gateway sends TCP ACK for this and then nothing. Basically OCS Gateway chokes after receiving this packet from Openfire.

    Note: OCS Logs also says – No Certificate found when Openfire connects to OCS.

    ERROR(TF_COMPONENT) [0]11C0.1010::11/07/2012-10:18:39.565.0001c81d (OCSXMPPGateway,TlsIncmngConnection.ReemoteCertificateCallback:61.idx(283))( 00000000031A06BC )No certificate was available
    TL_INFO(TF_COMPONENT) [0]11C0.1010::11/07/2012-10:18:39.565.0001c821 (OCSXMPPGateway,TlsIncmngConnection.AuthCallback:61.idx(308))( 00000000031A06BC )TLS Handshake successful with NULL: 192.168.134.10
    TL_INFO(TF_COMPONENT) [0]11C0.10C0::11/07/2012-10:18:39.565.0001c829 (OCSXMPPGateway,SocketLayer.AcceptReceiveCallback:41.idx(287))( 00000000033C528B )New incoming connection from 192.168.134.10

    Any help is appreciated.

    • Parachuter says:

      This is what OCS XMPP GW receives from OPenfire before stop responding. Note this packet is proceeded by TLS handshake and SAL negotiation method exchange,

      Openfire->OCS GW

      XMPP GW sends back TCP ACK.
      and then stops responding.

  31. Mayank says:

    Hi,
    As you mention in your article, I have followed this article to install and configure xmpp gateway. http://technet.microsoft.com/en-us/library/ee806452.aspx

    However, I am getting confused with part 5 of that article regarding the ssl cert that goes on the xmpp gateway.

    Currently I am interested in federating with gmail, but I will need to federate with other xmpp-servers. So, I am confused to if I should just get certificate from my private CA, which id my AD/CS. Or should I get it from an authority.

    Also, how would I generate the csr for this, what CN and SAN should I get the cert for. I am assuming fir lync-xmpp.domain.com ( which is FQDN of my xmpp gateway).

    Another question I have is in regards to lync clients. After configuring the edge server. I am able to connect from some computers, but I get an error on some of them. I am thinking that it is also due to ssl cert issues. On the edge server I have sip.domain.com cert installed that was provided by an authority.

    Thank you in advance for your response.
    Mayank

  32. Mohammed JH says:

    Hi Kevin, I have done 2 deployments and one of them I followed your method and the other I deployed in the Internal LAN where XMPP server is in the same Subnet as Lync FE and created static routing for Edge to communicate with XMPP and also added the required FQDNs in the hosts files however in both cases I have the same problem.
    First day everything works great but next day presence goes and I have to restart the service on XMPP in order for it to work again.
    I have checked if there’s any hotfixes and applied it but nothing has changed! is still a known issue ? and is there any work around ?
    thanks

  33. Mayank says:

    Hi Kevin
    I got my xmpp gateway to finally work but I am running into couple of issues. When I first start the xmpp server I can federate with gmail user. However after a short bit I get this error on the machine with lync client.

    504 Server time-out
    ms-diagnostics: 1047;reason=”Failed to complete TLS negotiation with a federated peer server”;WinsockFailureCode=”10054(WSAECONNRESET)”;WinsockFailureDescription=”The peer forced closure of the connection”;Peer=”lync-xmpp.domain.com”;Port=”5061″;source=”sip.domain.com”;OriginalPresenceState=”0″;CurrentPresenceState=”0″;MeInsideUser=”No”;ConversationInitiatedBy=”1″;SourceNetwork=”3″;RemotePartyCanDoIM=”Yes”

    Any reason why this would happen. Thank you, Mayank

  34. Uhondo says:

    I know its been a while since the post and people are now talking Lync 2013, but some challenges are still faced with this technology.The one-way I.M. conversations with Lync>G-Talk is a case in point.Kindly have a look at the following log and see whether it makes any sense at all:

    $$begin_record
    LogType: diagnostic
    Severity: warning
    Text: Non-trusted source with a request URI that is not eligible for static routing
    Result-Code: 0xc3e93c5e SIPPROXY_E_ROUTING
    SIP-Start-Line: INVITE sip:angethe@fintech-group.com:5061;maddr=lyncedge.fintech-group.com;transport=Tls SIP/2.0
    SIP-Call-ID: ad1375840ebb47588139737528f8a599
    SIP-CSeq: 8 INVITE
    Data: destination=”sip:angethe@fintech-group.com:5061;maddr=lyncedge.fintech-group.com;transport=Tls”;user=”angethe@fintech-group.com”
    $$end_record

    I know this problem was faced by someone, in an earlier post above, but what fixed his problem did not mine….

  35. Rahul says:

    Nice article..
    Only 1 thing I want to ask that there is any dependancy of XMPP with reverse proxy.
    Means for xmpp ,reverse proxy must be in place? or without reverse proxy we can do the xmpp and user can chat with gtalk. please suggest

  36. Anita says:

    We are trying to set up tcp dialback between open fire and lync 2010 and are using the ocs xmpp gw.

    We see the stream from open fire to ocs xmpp gw

    I have logging on for the ocs xmpp gw and it simply logs an incoming request (and we see no traffic to the edge server) and then stops.

    Any trouble shooting tips?

  37. Anita says:

    Meant to say.. if the add contact originate from lync we don’t see anything hit the ocs xmpp gw at all other that certificate handshake between the edge server and the ocs xmpp gw.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s