Archive for August, 2013

Lync-Openfire XMPP Federation

1. Lync Topology Setup


On the Lync Server FE, run the Topology Builder and create a new Edge Pool.


a) First you enter the FQDN of the Edge Server’s Internal Interface:

1. Defining the Edge Pool - Internal NIC FQDN


b) On the next screen make sure you enable XMPP federation on the pool.

2. Defining the Edge Pool - XMPP Federation checked


c) Next you have to define the FQDN and ports of the Edge External Services. Depending on your selection in the previous screen, you will need to enter either 1 or 3 FQDNs.

3. Defining the Edge Pool - External NIC FQDN


d) Next you’ll define the Internal IPv4 Address of the Edge Server.

4. Defining the Edge Pool - Internal IPv4


e) The last part to define is the IPv4 address of the External Edge NIC.

5. Defining the Edge Pool - External IPv4


f) Finally, save and publish the topology.



2. Lync Control Panel


In the Lync Control Panel go to the “Federation and External Access” tab.


a) Under “External Access Policy“, edit the Global scope and make sure the following boxes are checked the click “Commit“:

> Enable communications with federated users

> Enable communications with XMPP federated users

> Enable communications with remote users

> Enable communications with public users


1. External Access Policy


b) Under “Access Edge Configuration” make sure the following boxes are checked and click “Commit“:

> Enable federation and public IM connectivity

> Enable partner domain discovery

> Enable remote user access



2. Access Edge Configuration


c) Under “XMPP Federated Partners” click “New” and enter the details below then click “Commit“:

> Primary Domain – The domain/FQDN of the XMPP partner

> Partner Type – Select “Federated

> TLS negotiation – Select “Not Supported

> SASL negotiation – Select “Not Supported

> Support server dial back negotiation – Select “True


3. XMPP Federated Partners


3. Lync Management Console


Now you need to export the configuration for the Edge Server to use.


a) Run the Lync Management Console and enter the command below:

Export-CsConfiguration -File C:\<path>\

1. Configuration Export


Now copy this to you Edge Server



4. Edge Server Setup


You must ensure you have two separate NICs on the Edge server, each with it’s own IP and FQDN (will require firewall settings).

You can install a new NIC either from the VM management (If it is a virtual machine) or from Windows Device Manager.


Make sure the XMPP server can ping this external interface, and that Edge can ping the XMPP server.



5. Installing the Edge Server


Run the standard Lync Deployment Wizard that comes with the Lync Server 2013 CD.


a) When the Wizard is run, select the option “Install or Update Lync Server System”

1. Install or Update Lync Server System


b) On the next screen select “Install Local Configuration Store” and then choose “Import from a file”. Click “Browse” and choose the file exported from Lync in step 3a).

2. Installing Local Configuration Store


c) Next to do is run the step “Set up Lync Server Components”. This will install the required components for the Edge Server.

3. Set up Lync Server Components


d) This step involves setting up the certificates. If you are not importing, you can request for each of the options (Internal and External).

Note that you can use and internal CA for Openfire federation, but it would need a certified CA for external Lync access.

4. Certificates


e) Once the certificates are set up, you can start the services from the deployment wizard.

Initially starting services from the Deployment Wizard is recommended as it will show any errors in the setup in the log (which can be accessed directly from the wizard).

Otherwise, run services.msc to view the services as shown below.

5. Edge Services




6. DNS Records


If all the services are running, you will need to set up the DNS records.


The main DNS record required (where the external NIC sits) is “_xmpp-server._tcp.<domain> 5269 <edge external NIC FQDN>“.


It may also be worth adding a service record for the XMPP server in you DNS where Lync sits.


a) To do this on Windows DNS Server:

> Create a new “Forward Lookup Zone” with the FQDN of the XMPP server

> Add an A record which points to the IP of the XMPP server (no need to add an FQDN, it will just use the same as the parent folder).

> Create the SRV record “_xmpp-server._tcp.<FQDN of xmpp server> 5269 <FQDN of xmpp server>

> E.g. 5269


b) Secondly, the internal DNS need some new records within the local domain. These are below:

> Create the SRV record “_sipfederationtls._tcp.<internal domain> 5061 <FQDN of edge external interface>

> E.g. _sipfederationtls._tcp.test.local 5061

> Create the SRV record “_sip._tls.<internal domain> 443 <FQDN of edge external interface>

> E.g. _sip._tls.test.local 443 



7. Openfire Server


Now some changes need to be made to the Openfire server.


a) Go to “Server > Server Settings > Security Settings” and under “Server Connection Security” do the following, then click “Save Settings“:

> Check the radio button “Custom”

> For “Server Dialback“, check “Available

> For “TLS Method“, check “Not Available

> Check “Accept self-signed certificates. Server dialback over TLS is now available.


1. Security Settings


b) Under “Server > Server Settings > Server to Server” ensure:

> Under “Service Enabled“, “Enabled” is checked, with port “5269

> Under “Allowed to Connect“, “Anyone” is checked


2. Server to Server Settings

If either of these isn’t checked, check it and click “Save Settings


c) Next, you need to add the internal domain where lync is to the XMPP server’s hosts file, and point it to the edge server’s external IP address.

The reason is that the request from Lync comes from/goes to the user “lyncuser@internallync.test.local“, so the federation must be made with the domain internallync.test.local. Therefore the XMPP Server needs to know where this domain can be found.


d) If running a linux box, follow the steps below:

> Open a console to the linux machine and run the command in the next step
vi /etc/hosts

> Add the line “<external Edge NIC IP> <internal Lync user domain>


3. Hosts File


e) Finally, you may need to download a new openfire.jar with changes to the TCP Dialback protocol. This can be downloaded at the following location:



Note that this only works on Openfire 3.8.2.



8. Adding the contact


You are now ready to add the contact.


a) On the Lync server, select the add contact button then go to “Add a Contact Not in My Organisation > Other

1. Lync - How to add the contact


b) In the form, add the Openfire contact “

2. Lync - Add Contact Form


c) From the Openfire User’s XMPP Client, add the user “lyncuser@<internal lync domain>“.

3. Openfire - Adding the contact


On the Openfire Admin Console, you can check the server-to-server sessions and will see one created with the internal Lync domain.





Installing Mail Server on Nagios

Postfix Server Installation
First you need to install postfix;

apt-get install postfix


When prompted, choose internet site, then enter the @ part where you wish the mail to be sent from, e.g nagios.notify. This will mean that emails received from nagios will be @nagios.notify.



Mailx Server Installation


Now install Nagios’s part of the mail server;

apt-get install heirloom-mailx



Configuring Nagios Mail Command


You need to edit the commands.cfg folder to take into account the new paths;

vi /usr/local/nagios/etc/objects/commands.cfg



# 'notify-host-by-email' command definition

define command{

        command_name    notify-host-by-email

        command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$


# 'notify-service-by-email' command definition

define command{

        command_name    notify-service-by-email

        command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$




# 'notify-host-by-email' command definition

define command{

        command_name    notify-host-by-email

        command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mailx -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$


# 'notify-service-by-email' command definition

define command{

        command_name    notify-service-by-email

        command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mailx -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$



Note that the change is ‘/bin/mail’ to ‘/usr/bin/mailx’.


Now restart Nagios;

service nagios restart


You should now receive email notifications of services/host states.



Enabling and Disabling Notifications for a Service


To disable notifications follows the steps below.


  1. Access the web interface;
  1. Choose Hosts or Services from the side menu (depending on which you wish to change).
  1. Select a service or host you wish to disable notifications for (note that HTTP and SSH notifications are disabled by default on localhost).
  1. On the page which opens, from the right hand section select the option ‘Disable Notifications’.
  1. This should open a page asking to confirm the host or host and service you wish to disable notifications for. Select ‘Commit’ to continue;
  1. From this page it will now show a page verifying that it has been complete. Make sure to select the option ‘Done';


This will return you to the homepage. Navigate back to the host/service (from 4.) and you will see at the bottom it shows Notifications in red and as ‘DISABLED’. Also the right hand menu has changed to give the option to ‘Enable’ notifications as they are currently disabled.


Contact Us

9th Floor Capital House
40-42 Weston Street
SE1 3QD 0207 100 1499 Follow us Like us

Specialists in integrated and flexible communications

Copyright © 2013 Globility Limited. All rights reserved.