After deploying our edge server and enabling federation in this article the next logical step may be to enable communication with other IM platforms such as Google Chat via the XMPP gateway. At the time of Lync RTM there was no updated XMPP server, so in this article we will utilize the OCS 2007 R2 version available from Microsoft here.
To start off with, this is what our environment will look like:
Since we will be adding another server, I have updated the hostname and IP address table below
| Server Name | Role | IP Address |
| LyncDC.lyncguy.local | Domain Controller/DNS/CA | 10.255.106.160 |
| LyncFE.lyncguy.local | Lync Standard Edition Front End | 10.255.106.161 |
| Lyncedge.lyncguy.local | Lync Edge server – not domain joined | 10.255.106.162 (internal NIC) |
| LyncXMPP.lyncguy.com | Lync XMPP Server – not domain joined | 10.255.110.166 |
For this scenario we will be using a single NIC on our XMPP server, with the NIC placed in the same DMZ network our edge server’s external interface is on. This will allow the edge and XMPP servers to communicate directly and to be protected by the corporate firewall.
No internal DNS changes are required to make this work, but since the XMPP server will be behind NAT and sharing the same network segment as the XMPP gateway we will update its host file so it can resolve the address of the XMPP gateway to the DMZ IP address and not the public IP.
To do that we will add an entry for the LyncXMPP.lyncguy.com on the edges host file pointing to its DMZ IP address (10.255.106.166).
Now we need to log into our XMPP server, set up the IP address and modify the hostname. First we’ll assign our IP Address:
Now we modify our hostname
And modify the primary DNS suffix
To allow the XMPP server to reach our access edge I have added an entry for sip.lyncguy.com pointing to the DMZ IP address of the access edge
These entries allow the XMPP gateway and the edge server to communicate directly, not sending the traffic back and forth through the firewall since they are on the same network.
I will not cover the XMPP Gateway install or configuration; there is a great article here that covers everything you need to know including external DNS and firewalls (although those are covered below as well).
Once you have completed the steps in the article above you are ready to configure your Lync environment for XMPP. To do that we start on the Front End server by opening the Lync Server Control Panel, going to “External Access” and then clicking on “Federated Domains”
Click New>Allowed Domain and add in the information for gmail.com and your XMPP server
Now click “Commit” to save your changes. The changes will automatically be pushed to your edge server, but you can also check the Event Viewer under the Lync Server section to verify you see the following event
Next you need to open NAT port 5269 inbound from the public IP to your private IP
| Rule | Public IP | Private IP | Allowed Protocol – Port |
| XMPP Access | XX.102.182.166 | 10.255.110.166 | TCP – 5269 |
Last but not least you need to create public DNS records. The first record will be an A record
| Record Type | Public Name | Public IP | Port |
| A | Lyncxmpp.lyncguy.com | XX.102.182.166 |
Then we will create an SRV Record
| Record Type | Public Name | Name | Port |
| SRV | _xmpp-server._tcp.lyncguy.com | Lyncxmpp.lyncguy.com | 5269 |
And now you should be able to chat with your google chat contacts via Lync. XMPP can also be used to communicate with other IM services, see the documentation for more detail.
The Lync Guy's Blog 
Pingback: Lync Server 2010 features and how to configure them « msunified.net
Hello. What should i do if i have two DNS load balanced edge servers?
Hi Arturas,
DNS Load balancing is only supported between Lync servers and clients, not the OCS server roles and since XMPP hasn’t been updated yet, it isn’t supported. It may or may not work, so you can always give it a shot. THe other options is to hardcode the edge FQDN as just one IP address on your XMPP servers host file. If that edge goes down XMPP will be down but at least it will work.
Ok. i am stuck. Its not working. Just after installing xmpp gw it was working, but next day when i tried it stopped sending messages. We are using same domain name inside and outside network. also we are using wildcard certificate(go daddy), and TMG. Maybe you could suggest something useful?
And also on edge server i am getting events:
Federated partner *.mydomain.lt has sent a significant number of messages that have resulted in domain validation failures. There have been 3 such failures in the last 961 minutes.There have been 6 errors in total. This can happen when messages are sent to local users that don’t exist, messages are sent from domains that the partner isn’t allowed to send from, or when the partner sends messages destined to domains that this organization isn’t responsible for.
external edge fqdn: sip.mydomain.lt
internal edge fqdn: edge-1.mydomain.lt (workgroup computer with suffix)
external xmpp fqdn: xmpp.mydomain.lt
internal xmpp fqdn: xmpp-1.mydomain.lt (workgroup computer with suffix)
edge host file:
192.168.88.251 xmpp.mydomain.lt
xmpp gw host file:
192.168.88.2 sip.mydomain.lt
Hi Arturas,
I see from your information you have 2 NICs in your XMPP server. Although I’ve seen this listed as a supported configuration, I’ve never actually made it work. For ease of installation and configuration I would recommend just having one NIC on your XMPP server. This NIC should be on the same subnet as the outside interface of your edge server and should route all traffic only to the external interface. Please give that a shot and post back with your results.
Hope this helps!
-kp
Thank you for your reply. My xmpp have one NIC.
xmpp IP: 192.168.88.251
edge IPs: Internal: 192.168.77.73 External: 192.168.88.2
With wireshark i can see that xmpp gw receives message from google:
Hello my lync friend!
But these records are black and saying that checksum is bad:
Header checksum: 0x0000 [incorrect, should be 0x20de]
*That message was full code, but disappeared after posting comment.
Arturas,
I haven’t seen that error before, it’s probably a configuration issue on the XMPP server but I’m not sure what. It would probably be worth running back through this article and the one linked below to check your settings:
http://technet.microsoft.com/en-us/library/ee806452.aspx
Hope this helps!
-kp
Hello Kevin,
the problem is solved. I did lots of changes but i think this issue was because of my wildcard certificate(go daddy). On xmpp server i created self-signed certificate and put it to XMPP SIP configuration. I am not sure this was the only reason, but this was last change.
Hi Kevin,
Its me again:) We have added more sip domains to our Lync server. Is it possible to use xmpp with more than one domain, or do i have to add dedicated xmpp server for every domain?
Hi Arturas,
Currently only one SIP domain is supported per XMPP gateway (http://technet.microsoft.com/en-us/library/ee830332.aspx).
Hope this helps!
-kp
Hi Kevin & Arturas,
At this moment, I am trying to deploy a Lync server linked to an Asterisk-powered server (Asterisk is gateway).
Setting up a phone call works half, the receiving party does receive a phone call, but when I pick up, the Lync client does not start the conversation.
I’ve looked at packet traffic, and noticed that my Lync server is sending packets with an incorrect Header checksum (0x0000).
Since I’m not sure whether this is causing my problems, I wish to solve this problem.
Could you give me some hints on how to solve this issue, I guess it might be related to Arturas’ topic.
Cheers,
Gerard
Hi Kevin,
I am wondering if you could help me out, this has been killing my brain. I have followed all 3 of your blogs for setting up Lync, Edge and XMPP. Almost everything is working properly. The only issue I have is that I can not recieve IMs from gmail. I can send them and they go through but cannot get a reponse. I have run the logging tool and here is what I get:
TL_INFO(TF_PROTOCOL) [0]05E4.0CE4::05/10/2011-14:32:14.505.0000da07 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
Trace-Correlation-Id: 910221276
Instance-Id: 00000389
Direction: incoming;source=”internal edge”;destination=”external edge”
Peer: XMPP.mydomain.com:2660
Message-Type: request
Start-Line: SUBSCRIBE sip:myaccount@mydomain.com:5061;maddr=edgeserver.mydomain.com;transport=Tls SIP/2.0
From: ;tag=8eee9a63cc
To:
CSeq: 46 SUBSCRIBE
Call-ID: 867cf3489dc34bf4b52a592bd0fedb73
MAX-FORWARDS: 70
VIA: SIP/2.0/TLS 172.16.100.89:2660;branch=z9hG4bK843fbbda
ACCEPT: application/pidf+xml
CONTACT:
CONTENT-LENGTH: 0
EVENT: presence
ms-asserted-verification-level: ms-source-verified-user=verified
Message-Body: –
$$end_record
************************************************
TL_WARN(TF_DIAG) [0]05E4.0CE4::05/10/2011-14:32:14.505.0000dc14 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(145))$$begin_record
LogType: diagnostic
Severity: warning
Text: The request URI domain is internally supported and cannot be routed to a federated partner
Result-Code: 0xc3e93d75 SIPPROXY_E_EPROUTING_MSG_INTERNALDOMAIN_NOTALLOWED
SIP-Start-Line: SUBSCRIBE sip:myaccount@mydomain.com
SIP/2.0
SIP-Call-ID: 867cf3489dc34bf4b52a592bd0fedb73
SIP-CSeq: 46 SUBSCRIBE
Data: domain=”mydomain.com”
$$end_record
****************************************************
TL_INFO(TF_DIAG) [0]05E4.0CE4::05/10/2011-14:32:14.506.0000deb1 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(147))$$begin_record
LogType: diagnostic
Severity: information
Text: Response successfully routed
SIP-Start-Line: SIP/2.0 404 Not Found
SIP-Call-ID: 867cf3489dc34bf4b52a592bd0fedb73
SIP-CSeq: 46 SUBSCRIBE
Peer: XMPP.mydomain.com:2660
Data: destination=”XMPP.mydomain.com”
$$end_record
************************************************
TL_INFO(TF_PROTOCOL) [0]05E4.0CE4::05/10/2011-14:32:14.506.0000deec (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
Trace-Correlation-Id: 910221276
Instance-Id: 0000038A
Direction: outgoing;source=”local”;destination=”internal edge”
Peer: XMPP.mydomain.com:2660
Message-Type: response
Start-Line: SIP/2.0 404 Not Found
From: ;tag=8eee9a63cc
To: ;tag=A4CF270669C3C57615B6E6432C0A4E8E
CSeq: 46 SUBSCRIBE
Call-ID: 867cf3489dc34bf4b52a592bd0fedb73
Via: SIP/2.0/TLS 172.16.100.89:2660;branch=z9hG4bK843fbbda;ms-received-port=2660;ms-received-cid=2100
ms-diagnostics: 1003;reason=”User does not exist”;TargetUri=”account@mydomain.com”;source=”edge.mydomain.com”
Server: RTC/4.0
Content-Length: 0
ms-edge-proxy-message-trust: ms-source-type=EdgeProxyGenerated;ms-ep-fqdn=edge.mydomain.com;ms-source-verified-user=verified
Message-Body: –
$$end_record
*******************************
I have changed my domain and server names but have verified they are correct in the logs. Do you have any ideas? It looks like a routing issue. Thank you for any help. Tim
I have a single server deployment of Lync and wanted to possible get Google and especially AIM for the users. Is it possible to get this sort of thing set up on a single server for smaller deployments? And is this similar to what is needed to get access to AIM? Unfortunately after getting things working internally for Lync and going through the process of getting AIM provisioned I have been unable to find how to get AIM itself working with Lync 2010 (OCS 2007 no problem)
Daniel,
You have to deploy an edge server to connect with AIM, more information in this article:
http://ocsguy.com/2010/11/21/deploying-an-edge-server-with-lync/
To federate with google you’d have to deploy an XMPP server (article above).
This cannot all be co-located on your single lync server.
Hope this helps!
-kp
Thanks for the great blog posting! We were able to use this to set up XMPP chat with Gmail.
I’m interested in using this to access Facebook’s chat function. They support XMPP but appear to have some additional restrictions for how authentication needs to occur through their platform that the OCS XMPP gateway doesn’t support. Any idea if this can work? Since Facebook is partly owned by Microsoft, and MS just bought Skype (and FB just integrated with Skype) I’d assume it is just a matter of time till someone works this out.
Oh, here’s a link to FB’s developer docs: https://developers.facebook.com/docs/chat/
Hi Trent,
This one would probably have to be a patch if the authentication requirements are different than what the current XMPP gateway supports. I’d imagine sooner or later there will be something, considering the heavy interest in social networking, but have no idea when that may be.
Thanks!
-kp
Hi,
First I would like to thanks you for your greats articles about Lync, they helped me a lot.
I have a problem with the gmail federation and hope anybody can help me 🙂
I have 3 servers :
– XMPP Gateway (lyncxmpp.domain.com) – not domain joigned
– Lync Edge (lync-edge.domain.local)
– Lync Front End (srv-lync01.domain.local)
From the lync client a user can add a gmail user and send him an IM, it work. The Lync user can see the presence of the gmail user too.
From the gmail client the user cannot send an IM to the Lync user, there is an error message that say “the user is disconnected”. The gmail user cannot see the presence of the Lync user and the Lync user appear as “invite”..
If the Lync user send an IM to the gmail user, the gmail user can answer him, it work too. But after a period of inactivity the gmail user is unable to send IM anymore.
So the XMPP seems to be working fine, the problem seems to come from the Edge server. I can see the following logs on the Edge if a gmail user try to send an IM to a Lync user :
Component: SIPStack
Level: TL_INFO
Flag: TF_COMPONENT
Function: CSIPRequest::IsTrustedForRouting
Source: SIPRequest.cpp(94)
Local Time: 09/08/2011-14:58:48.120
Sequence# : 0000419D
CorrelationId : 3195726454
ThreadId : 1290
ProcessId : 0CDC
CpuId : 0
Original Log Entry :
TL_INFO(TF_COMPONENT) [0]0CDC.1290::09/08/2011-12:58:48.120.0000419d (SIPStack,CSIPRequest::IsTrustedForRouting:SIPRequest.cpp(94))[3195726454]( 0000000003FD5770 ) routedByApplication [0x00000000(false)], routeHeadersValidated [0x00000000(false)], sourceTrusted [0x00000000(false)]. TrustedForRouting = 0x00000000(false)
*******************
Component: SIPStack
Level: TL_WARN
Flag: TF_COMPONENT
Function: CSIPRequest::RouteRequestUriAddr
Source: SIPRequest.cpp(3010)
Local Time: 09/08/2011-14:58:48.120
Sequence# : 0000419E
CorrelationId :
ThreadId : 1290
ProcessId : 0CDC
CpuId : 0
Original Log Entry :
TL_WARN(TF_COMPONENT) [0]0CDC.1290::09/08/2011-12:58:48.120.0000419e (SIPStack,CSIPRequest::RouteRequestUriAddr:SIPRequest.cpp(3010))( 3195726454 )( 0000000003FD5770 ) Exit – untrusted request that is ineligible for static routing. Returned 0xC3E93C5E(SIPPROXY_E_ROUTING)
*******************
Component: SIPStack
Level: TL_WARN
Flag: TF_DIAG
Function: SIPAdminLog::TraceDiagRecord
Source: SIPAdminLog.cpp(145)
Local Time: 09/08/2011-14:58:48.120
Sequence# : 0000419F
CorrelationId :
ThreadId : 1290
ProcessId : 0CDC
CpuId : 0
Original Log Entry :
TL_WARN(TF_DIAG) [0]0CDC.1290::09/08/2011-12:58:48.120.0000419f (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(145))$$begin_record
LogType: diagnostic
Severity: warning
Text: Non-trusted source with a request URI that is not eligible for static routing
Result-Code: 0xc3e93c5e SIPPROXY_E_ROUTING
SIP-Start-Line: INVITE sip:lyncuser@domain.com:5061;maddr=lync-edge.domain.local;transport=Tls SIP/2.0
SIP-Call-ID: f8aa6a28ae7c4412ac76a1da675e87b9
SIP-CSeq: 55 INVITE
Data: destination=”sip:lyncuser@domain.com:5061;maddr=lync-edge.domain.local;transport=Tls”;user=”lyncuser@domain.com”
$$end_record
*******************
Component: SIPStack
Level: TL_ERROR
Flag: TF_COMPONENT
Function: SIPRouterOutReqEPInt::RS_RouteRequest
Source: SIPRouterOutReqEPInt.cpp(155)
Local Time: 09/08/2011-14:58:48.120
Sequence# : 000041A0
CorrelationId :
ThreadId : 1290
ProcessId : 0CDC
CpuId : 0
Original Log Entry :
TL_ERROR(TF_COMPONENT) [0]0CDC.1290::09/08/2011-12:58:48.120.000041a0 (SIPStack,SIPRouterOutReqEPInt::RS_RouteRequest:SIPRouterOutReqEPInt.cpp(155))( 3195726454 )( 00000000035E7F58 ) Exit – failed to route the Request-URI. Returned 0xC3E93C5E(SIPPROXY_E_ROUTING)
Vindryn,
From the log “lync-edge.domain.local” is present in the line “SIP-Start-Line: INVITE sip:lyncuser@domain.com:5061;maddr=lync-edge.domain.local;transport=Tls SIP/2.0”, does this mean the XMPP server is trying to route to the internal NIC of the edge? If so that is most likely your problem, all routing to and from the XMPP server should hit the external NIC of the edge.
Hope this helps!
-kp
Hi, Great Doc, helped me loads when i was setting up XMPP server. wounding if you know anything with regards to ejabberd, we have lync talking with our ejabberd system and all seems to be working fine, however we seem to be getting authentication requests to the ejabberd users every few hours??? Even after they have accepted the initial request. I dont seem to be getting the same with gmail so assume it is something to do with ejabberd
Thanks
Hi Scott,
I am not familiar with ejabberd, but my guess is if everything is working with g-chat, it’s an incompatibility between ejabberd and Lync (as you expected). I’m not sure how it could be fixed.
-kp
Ok Kevin, Thanks for the help
Hi Scott,
Just as an FYI MSFT released an update for XMPP that fixes issues with ejabberd, looks like it should work now.
http://support.microsoft.com/kb/2404570
HTH
kp
Hi Kevin,
Thanks for the update, i will try the update asap. I also found an update for ejabberd http://www.ejabberd.im/ejabberd-2.0.5
which also fixes authorization requests to some systems, so have asked for that to be updated. (i don’t have any control over that system)
Thanks Again
I am getting the following on the xmpp server:
Log Name: Office Communications Server
Source: OCS Xmpp Gateway
Date: 10/20/2011 6:24:07 PM
Event ID: 33005
Task Category: (1090)
Level: Error
Keywords: Classic
User: N/A
Computer: XMPP..com
Description:
Office Communications Server SIPXMPPTGW: Configuration file not found.
Event Xml:
33005
2
1090
0x80000000000000
7
Office Communications Server
XMPP..com
The following is the c:\program files\microsoft office communications server 2007 R2\XMPP gateway\TGWConsoleGui.dll.config file: (10.10.10.8 is the only NIC and IP address on the XMPP server which is in our DMZ and NAT’d to external)
The system was running Windows 2008 R2. I rebuilt it with Windows 2008 SP2 and it is now working.
Hi Kevin,
Our XMPP server works great, but we have to constantly restart the service because we get the following errors:
Event 33009 – Office Communications Server SIPXMPPTGW: Maximum XMPP Incoming Connections reached.
Event 33013 – Office Communications Server SIPXMPPTGW: Throttling High Water Mark reached.
Is there anything I can do to keep it from hitting these limits? I’m almost ready to write a script to just restart the service daily.
Hi Rich,
Can you make sure you are running the latest patches on your XMPP server.
http://social.technet.microsoft.com/Forums/ar/ocsplanningdeployment/thread/d3c57447-b928-481f-837b-644fc69f2e4e
HTH
-kp
Hey Kevin,
Applied all the patches just to make sure I didn’t miss anything and so far no errors are being thrown, but we still see on the Lync client that when the gmail user is offline that after awhile the status goes from Offline to Updating….
This has always been the case and I guess I expected the patches to address this. Any ideas on the Updating issue?
Hi Rich,
I haven’t worked with XMPP in a while since the project I’ve been on for the past 6+ months doesn’t have it, so I can’t remember seeing that. I’m not sure what would cause it, but would need to be able to see it happen and have logs to troubleshoot.
-kp
Thank you very much for your excellent article.
I’m trying to connect lync to an XMPP Server.
I followed the directions in your blog post and the edge server is reporting the following error after it looks up the SRV record of the XMPP Server’s domain:
Data: domain=”nycvopfire04.msgtst.reuters.com”;fqdn1=”nycv-xmpptst01.lync.msgtst.reuters.comtrue5061″;reason=”The domain of the message resolved by DNS SRV but none of the FQDNs is in the same domain”
My XMPP Server domain is “nycvopfire04.msgtst.reuters.com” but the FQDN of my XMPP Gateway is “nycv-xmpptst01.lync.msgtst.reuters.com”. The error seems to indicate that the FQDNJ of the XMPP Gateway should be “nycv-xmpptst01.nycvopfire04.msgtst.reuters.com” so that it matches the domain.
Hi John,
That is definitely what the error is saying. Is the XMPP server that is throwing this error yours or someone elses and could it be updated?
HTH
kevin
Hi Kevin,
I have recently deployed xmpp gateway server in my OCS 2007 R2 Org. After installing & Configuring the XMPP Gateway S/W i encounter issues while starting up the xmpp gateway service. The following events are logged in my eventviewer:
Event ID: 3305 Office Communications Server SIPXMPPTGW: Configuration file not found.
The following pre-requisties have been completed:
1. Certificate for Xmpp.domain.com available.
2. A & SRV records for xmpp.domain.com & _xmpp-server._tcp.domain.com
3. Connectivity to Access Edge servers & XMPP Servers (google) working – i have checked it from Xmpp Gateway Console.
Any suggestions would greatly assist in completing my configuration.
Hi Sandeep,
Are you sure your XMPP config file is in the right directory? Maybe try an uninstall/reinstall of the app?
HTH
-kp
Thanks for the article.
It helped me very mutch
Everything works
Thanks for the article.
I followed the instructions and the instant message works well, but the presence works 50% of times.
When I click on a contact from the Lync buddy list, it is shown available, but if I click again on the same contact I see the status “presence unknown”, and if I click once again on the contact it will became available and so on…
Do you know why and how can I solve the issue?
Hi Joe,
I’d suggest doing some SIP stack logging on the edge and FE to see if there are any errors that might give you a clue.
HTH
-kp
Hi, we’ve implemented Lync with the OCS XMPP gateway for instant-messaging only and the reliability of the XMPP gateway is horrible. My engineer who is working with it tells me that if connections exceed 20/second the gateway fails. This happens often (multiple times per day) requiring a restart of the service. There are a number of posts complaining of the issue, and there is no suggested fix. People on the forums have resorted to using a Scheduled Task to restart the service multiple times per fay. Do you have any suggestion to fix it with the OCS gateway, or can you suggest a replacement gateway?
Hi Victor,
Unfortunately there is no fix for this yet AFAIK. Hopefully the product group will have this fixed soon. Until then I’d suggest using on of the “workarounds” in the forum posts.
HTH
-kp
Hello Kevin,
Your guide is awesome and complete, congratz!
I would like you to help me in a bottle neck configuring this XMPP GW.
I have configured the XMPP and this server is on a DMZ (cant ping to CA, DC, Lync FE) I only can ping to Edge in this segment.
The point is, all the guides i read about request and install Certificates assumes that i can log in on Active Directory, and so on CA, its supposed to be a DMZ, i guess there is a miss concept there.
Being a non-active directory server, how can i request a usable certificate that CA can enroll?, i tried generating a txt with some codes with -BEGIN NEW CERTIFICATE REQUEST- and -END NEW CERTIFICATE REQUEST-, but when i import this to the CA it says it is not possible cause it doesnt has a certificate template.
Can you help me please?
Leo
Leo,
Try using offline request, and then taking the output file to a machine on the domain, processing the request and then copying the response back to the XMPP server.
HTH
-kp
Hi, thanks for answer, can you tell me or copy me a source where explain how i can do a “offline request” on a xmpp server and “process request” on a CA Server?
Thanks a lot.
Hi Leodrak,
Checkout this post by Drago, it tells how to do it:
http://www.lynclog.com/2011/04/xmpp-gateway-with-lync-2010.html
HTH
kp
http://social.technet.microsoft.com/Forums/en-US/ocsedge/thread/c2889323-37ca-4fd4-af9f-165cc9ef535d
Start-Line: SIP/2.0 403 Forbidden Cannot route this type of SIP request to or from federated partners”;source=”sip.domain.co.uk”
Despite following Drago’s guide and this guide meticulously i’m getting the above error in the lync logger when i try to add a gmail user into Lync. Any ideas?
Hi.Kevin
Now i meet a question is:
when Gtalk communicate with Lync Client through XMPPGateway.
if one Gtalk user changes presence,how all the LyncClient(who subscribed Gtalk) can receive the notification?
any serivce provided by XMPPGateway or any other good ideas?
Thanks…
Michael,
Do you mean you want the users to get a popup when the gtalk user changes presense? If so, each user would need to tag that person for status change alerts (right click the contact and choose “Tag for status change alerts”. This cannot be done in bulk, each user needs to do it. If you don’t mean a popup, then I assume you mean just presense, which will work automatically once the user adds the gtalk user to their contact list.
HTH
-Kevin
Thanks so much for your reply.
as you said [then I assume you mean just presense, which will work automatically once the user adds the gtalk user to their contact list].
i want to know,if 1000 Lync users add one Gtalk user as friend, and once this Gtalk user changes presence, how thest 1000 Lync user can receive this change? by XMPP GW? and how this GW do it? by sending 1000 XMPP packages?
and if 10000 or more users need receive this presence change, how it can do it?
Thanks!!!
and if this GW send such XMPP package?what`s the content of this package?
from? to? presence?
and how this GW konws who want to receive this presence change?
Michael,
The way presense works is a subscribe message is sent from the users client to the front end server they are connected to. This message tells the FE that that user wants to receive messages (either via NOTIFY or BENOTIFY) about the persons listed in the subscribe message. This process happens as a batch at signin (you can look for SUBSCRIBE in the UCCAPI Log of the client). As far as how the FE and Edge handle the multiple subscriptions to a single external user, I’m not sure, I’ve never looked at it. But my guess is the FE’s send one subscribe to the edge for each remote contact, and when the presence information is sent back either in response to that request directly or later as an update (still based on the original subscripe) the Edge passes back to the FE and the FE back to the user. The only difference in this process for a GTalk or XMPP user would be the edge sends to the XMPP server instead of the remoted parties edge server.
If you are looking for exacts on how all of that works I recommend logging as I have not seen it documented anywhere.
HTH
-kevin
Kevin.thanks so much for your help.
I have this question because i begin to develop one XMPPGW just used to communicate between My IM and Lync, and my IM used SIP protocol.
so i think, if my IM communicate to Lync Client.maybe the performance is a big question.
when i changed my IM presence, all the Lync Client need to receive my change. so i worry about this…
Any one tried S2S secure SSL Certificates (SASL-External) between Openfire and OCS 2010 XMPP Gateway. I have an unsecure TCP Dialback working between them. When I switch to secure mode, the TLS handshake is successful and proceeds to SASL. On Wireshark I can see in ‘Application Data’ Openfire sending after SASL negotiation.
OCS Gateway sends TCP ACK for this and then nothing. Basically OCS Gateway chokes after receiving this packet from Openfire.
Note: OCS Logs also says – No Certificate found when Openfire connects to OCS.
ERROR(TF_COMPONENT) [0]11C0.1010::11/07/2012-10:18:39.565.0001c81d (OCSXMPPGateway,TlsIncmngConnection.ReemoteCertificateCallback:61.idx(283))( 00000000031A06BC )No certificate was available
TL_INFO(TF_COMPONENT) [0]11C0.1010::11/07/2012-10:18:39.565.0001c821 (OCSXMPPGateway,TlsIncmngConnection.AuthCallback:61.idx(308))( 00000000031A06BC )TLS Handshake successful with NULL: 192.168.134.10
TL_INFO(TF_COMPONENT) [0]11C0.10C0::11/07/2012-10:18:39.565.0001c829 (OCSXMPPGateway,SocketLayer.AcceptReceiveCallback:41.idx(287))( 00000000033C528B )New incoming connection from 192.168.134.10
Any help is appreciated.
This is what OCS XMPP GW receives from OPenfire before stop responding. Note this packet is proceeded by TLS handshake and SAL negotiation method exchange,
Openfire->OCS GW
XMPP GW sends back TCP ACK.
and then stops responding.
Hi,
As you mention in your article, I have followed this article to install and configure xmpp gateway. http://technet.microsoft.com/en-us/library/ee806452.aspx
However, I am getting confused with part 5 of that article regarding the ssl cert that goes on the xmpp gateway.
Currently I am interested in federating with gmail, but I will need to federate with other xmpp-servers. So, I am confused to if I should just get certificate from my private CA, which id my AD/CS. Or should I get it from an authority.
Also, how would I generate the csr for this, what CN and SAN should I get the cert for. I am assuming fir lync-xmpp.domain.com ( which is FQDN of my xmpp gateway).
Another question I have is in regards to lync clients. After configuring the edge server. I am able to connect from some computers, but I get an error on some of them. I am thinking that it is also due to ssl cert issues. On the edge server I have sip.domain.com cert installed that was provided by an authority.
Thank you in advance for your response.
Mayank
Hi Kevin, I have done 2 deployments and one of them I followed your method and the other I deployed in the Internal LAN where XMPP server is in the same Subnet as Lync FE and created static routing for Edge to communicate with XMPP and also added the required FQDNs in the hosts files however in both cases I have the same problem.
First day everything works great but next day presence goes and I have to restart the service on XMPP in order for it to work again.
I have checked if there’s any hotfixes and applied it but nothing has changed! is still a known issue ? and is there any work around ?
thanks
Hi Kevin
I got my xmpp gateway to finally work but I am running into couple of issues. When I first start the xmpp server I can federate with gmail user. However after a short bit I get this error on the machine with lync client.
504 Server time-out
ms-diagnostics: 1047;reason=”Failed to complete TLS negotiation with a federated peer server”;WinsockFailureCode=”10054(WSAECONNRESET)”;WinsockFailureDescription=”The peer forced closure of the connection”;Peer=”lync-xmpp.domain.com”;Port=”5061″;source=”sip.domain.com”;OriginalPresenceState=”0″;CurrentPresenceState=”0″;MeInsideUser=”No”;ConversationInitiatedBy=”1″;SourceNetwork=”3″;RemotePartyCanDoIM=”Yes”
Any reason why this would happen. Thank you, Mayank
I know its been a while since the post and people are now talking Lync 2013, but some challenges are still faced with this technology.The one-way I.M. conversations with Lync>G-Talk is a case in point.Kindly have a look at the following log and see whether it makes any sense at all:
$$begin_record
LogType: diagnostic
Severity: warning
Text: Non-trusted source with a request URI that is not eligible for static routing
Result-Code: 0xc3e93c5e SIPPROXY_E_ROUTING
SIP-Start-Line: INVITE sip:angethe@fintech-group.com:5061;maddr=lyncedge.fintech-group.com;transport=Tls SIP/2.0
SIP-Call-ID: ad1375840ebb47588139737528f8a599
SIP-CSeq: 8 INVITE
Data: destination=”sip:angethe@fintech-group.com:5061;maddr=lyncedge.fintech-group.com;transport=Tls”;user=”angethe@fintech-group.com”
$$end_record
I know this problem was faced by someone, in an earlier post above, but what fixed his problem did not mine….
Nice article..
Only 1 thing I want to ask that there is any dependancy of XMPP with reverse proxy.
Means for xmpp ,reverse proxy must be in place? or without reverse proxy we can do the xmpp and user can chat with gtalk. please suggest
There is no dependency on reverse proxy for XMPP, just the edge server.
-kp
We are trying to set up tcp dialback between open fire and lync 2010 and are using the ocs xmpp gw.
We see the stream from open fire to ocs xmpp gw
I have logging on for the ocs xmpp gw and it simply logs an incoming request (and we see no traffic to the edge server) and then stops.
Any trouble shooting tips?
Meant to say.. if the add contact originate from lync we don’t see anything hit the ocs xmpp gw at all other that certificate handshake between the edge server and the ocs xmpp gw.