Wednesday, April 27, 2011

XMPP gateway with Lync 2010

I decided to install XMPP gateway in my lab for IM connectivity between Lync 2010 and Google’s Gmail messenger.

My OS of choice is again Windows 2008 R2 SP1. The internal FQDN is xmppint.lynclog.com. In my external DNS, however, I will use xmpp.lynclog.com for A record. Also, I will attempt to configure it with single NATed IP address in the DMZ subset. The server is not a member of lynclog.com domain.

There are few steps to complete before the gateway installation and configuration.

1. Append the domain suffix. The point here is – our lync server must establish MTLS with the xmpp gateway and the certificate must match gateway’s FQDN. Of course, I will issue this cert from my Domain CA.



Installed .NET feature.


I need to request and install certificate for my server, but how to do that? Well, first I imported the CA certificate via MMC.

Then installed IIS Management Console and used it to create offline certificate request.






…and used the request to receive certificate from my Domain CA and then "Completed the Certificate request" to import in the computer store.


 My gateway server cannot resolve sip.lynclog.com, because it is present in my public DNS only, hosted somewhere else. I need to create an entry in the HOSTS file, pointing to the DMZ’s LAN address of the edge server.


...and created A record for xmppint.lynclog.com in the internal DNS, so my Lync server can resolve the gateway's IP address.



After running the installer, the bits were placed in “C:\Program Files\Microsoft Office Communications Server 2007 R2\XMPP Gateway Installer”. Run setup.exe located in this folder.







Next – the XMPP gateway configuration.


…select certificate.


...and Validate the Connection.


Now, the XMPP configuration.




No certificate is necessary for gmail. I "tested the connection" and although connection to google’s xmpp servers was successful but gmail.com failed?!?

Doh, I have not yet configured my SRV record in the public DNS.About this record you can read in the XMPP installation manual. The goal is external DNS query for _xmpp-server._tcp.domain.tld to return proper values as shown:

Locate the file "TGWConsoleGUI.dll.config" in C:\Program Files\Microsoft Office Communications Server 2007 R2\XMPP Gateway, open it with Notepad and enter the IP address of your XMPP server on both lines.

...and start the service:

One last thing I must do now is to add the gateway in the allowed domain in Lync CP.





At this point, since I just created the public SRV record, I left the final test for tomorrow morning, since had to wait for DNS replication any way…

Don't you love when your day starts like that?



May 16th, 2010: I just re-visited one of my favorite UC blogs and noted this post: http://blogs.technet.com/b/ucedsg/archive/2011/04/11/can-lync-im-federate-with-google-talk-or-jabber-instant-messaging.aspx
Note the section Mark talks about "tweaks", which apparently fixes the problem with broken presence presentation.

7 comments:

Unknown said...

Thank you for putting together this article!!! Waiting on cert approval to start the XMPP service.

sibvaleo said...

Very useful article, Lync is so untrivial application :)

Anonymous said...

Good job :) is it possible to install XMPP gateway directly on Edge lync server (with new nic) ?

Bill B. said...

Anyone run into a problem where whenever you IM gmail, it replaces the last IM in that person's gmail window? In other words, if I IM "hello" to a gmail user, it shows up, and then if I type "goodbye", instead of going on a new line it overwrites/replaces "hello" with "goodbye", and does not notify the gmail user of the change? Here is another thread talking about the same problem... http://social.technet.microsoft.com/Forums/en-US/ocsinterop/thread/217ba278-a805-400c-b3bb-9fa5e5524a13

Thanks!

M E said...

Hi Drago,

I have integrated xmpp with Lync2010 and it works fine the first day. second day only IM works one way from Google talk to Lync and I can't see the presence to either of them. is there any reason why would this be happening?

Mayank said...

Hi Drago,

I have put up xmpp gateway using the instructions that you have posted. And initially I am able to federate with gmail. However, after a short time I start getting this error.
504 Server time-out
ms-diagnostics: 1047;reason="Failed to complete TLS negotiation with a federated peer server";WinsockFailureCode="10054(WSAECONNRESET)";WinsockFailureDescription="The peer forced closure of the connection";Peer="lync-xmpp.domain.com";Port="5061";source="sip.domain.com";OriginalPresenceState="0";CurrentPresenceState="0";MeInsideUser="No";ConversationInitiatedBy="1";SourceNetwork="3";RemotePartyCanDoIM="Yes"

Any reason why this would happen. Thank you

egamma said...

You should note that 2008 is required, 2008 R2 is not supported.