Posts Tagged ‘openfire’
Lync-Openfire CSTA Plugin
September 4th, 2013
CSTA Plugin Configuration
This post will go through the steps required to set up Remote Call Control between a Lync Server, and telephony plugins sitting on an Openfire server.
This uses our “CSTA Plugin” for Openfire.
1. Static Route
The first step is to configure a Static Route on the Lync server which goes to the Openfire server. This is done from the Lync Server Management Shell.
First, you need to define the route as a variable:
$1= New-CsStaticRoute -TCPRoute -Destination <ip of openfire server> -Port <csta sip port> -MatchUri <fqdn of the openfire server>
Now you need to add this variable as a Route:
Set-CsStaticRoutingConfiguration -Identity global -Route @{Add=$1}
The “$1″ represents the variable name used above.
You can run the below command to check the routes:
Get-CsStaticRoutingConfiguration
This will return all identities and routes configured for them.
2. Trusted Application
The next step is to configure the Openfire server as a Trusted Application Server.
Once again, this is done from the Lync Server Management Shell.
You first need to create a Trusted Application Pool:
New-CsTrustedApplicationPool -Identity <ip of openfire server> -Registrar <fqdn of lync server> -ComputerFqdn <ip of openfire server> -Site <site name> -TreatAsAuthenticated $true -ThrottleAsServer $true
Now that the pool is made, the Trusted Application must be set with this pool:
New-CsTrustedApplication -ApplicationId <any ID> -TrustedApplicationPoolFqdn <ip of openfire server> -Port <csta sip port> -EnableTcp
Set-CsTrustedApplicationPool -Identity <ip of openfire server> -OutboundOnly $True
Now that everything is set, you must enable the topology:
Enable-CsTopology
3. Topology Builder
After configuring Openfire as a Trusted Application Server, you need to make a change to it in the Topology Builder.
To do this, run the Lync Server Topology Builder.
When prompted, select “Download Topology from existing deployment”.
This will begin to download the topology.
When asked where to download the topology, you can select any location and file name, but do not change the format.
Once chosen, select “Save”.
This will load you current deployment. Collapse the left side menu to find the folder “Trusted application servers”, which should have the just created Trusted Application Server listed.
Right click the listing and select “Edit Properties…”.
Here you need check the box “Limit service usage to selected IP addresses” and enter the IP of the Openfire Server in the field under “Primary IP address: *”.
Once done select OK.
Now you need to publish back the Topology with the changes.
In the Topology Builder, click the “Action” menu and select “Publish Topology…”.
Click “Next” and and it will publish the topology with the changes made. It may be a good idea to save this somewhere as a backup.
4. Control Panel
Now that you have made the changes required to the backend Topology, you need to edit the users to allow Remote Call Control.
First, run the Lync Server Control Panel.
When this loads, log in and click the “Users” tab on the left hand side.
This displays all users configured for Lync.
Select a user and make the following changes:
> Telephony – Change this to “Remote call control”
> Line URI - This is an arbitrary number in the form “tel:<number>”
> Line Server URI – This is in the form “sip:<user>@<fqdn of openfire server>”
Once done, select Commit at the top of the window.
5. Openfire Server
On the Openfire side, you will need to add the CSTA plugin. This can be done in one of two ways, like any other plugin.
1. On the Openfire Admin Console go to the Plugins tab and add the plugin from there.
2. Stop the Openfire server, move the plugin into the plugins directory, and start the Openfire server back up.
Once done, the CSTA configuration page will appear in the Admin Console under the tab “Unify”.
If you are using any of our other telephony plugins (e.g. Etrali or Cisco), it will appear alongside those, otherwise it would be in the Unify tab on it’s own.
Click on the CSTA tab to view the CSTA Properties page, where you can configure the settings for you setup.
Here you need to change the listening point to match your setup.
The format required for this field is:
SIP://<ip of openfire server>:<sip csta port>/TCP
Other than this, the other settings can be left as they are.
Once the change is made, click “Save Properties” and then restart the MAS.
When you go back to the page it should be green and say “Service is starting: Awaiting RCC User Logon”.
This means that the plugin has started is waiting for a user to log on.
6. Lync Client
Now you are done with the Openfire side, you are ready to log on to the Lync Client.
Log on as normal, and once done go to the Options menu, and to the “Phones” tab.
Here you need to check the box “Enable integration with your phone system”.
Then click the “Advanced” button and ensure that “Automatic Configuration” is checked.
Log out and back in to the client, and the change will take effect.
Check the Openfire Admin Console now and you’ll see that “Service is starting: Awaiting RCC User Logon” has changed to “Service is online”.
In addition, if you go to the “CSTA Users” menu on the left side, you’ll see the user logged in, the system he is using, and his “Device Name”.
If the device name is listed, with the correct “tel:#” configured in the Control Panel, then the user will be able to dial out using their configured system.
Lync-Openfire XMPP Federation
August 21st, 2013
1. Lync Topology Setup
On the Lync Server FE, run the Topology Builder and create a new Edge Pool.
a) First you enter the FQDN of the Edge Server’s Internal Interface:
b) On the next screen make sure you enable XMPP federation on the pool.
c) Next you have to define the FQDN and ports of the Edge External Services. Depending on your selection in the previous screen, you will need to enter either 1 or 3 FQDNs.
d) Next you’ll define the Internal IPv4 Address of the Edge Server.
e) The last part to define is the IPv4 address of the External Edge NIC.
f) Finally, save and publish the topology.
2. Lync Control Panel
In the Lync Control Panel go to the “Federation and External Access” tab.
a) Under “External Access Policy“, edit the Global scope and make sure the following boxes are checked the click “Commit“:
> Enable communications with federated users
> Enable communications with XMPP federated users
> Enable communications with remote users
> Enable communications with public users
b) Under “Access Edge Configuration” make sure the following boxes are checked and click “Commit“:
> Enable federation and public IM connectivity
> Enable partner domain discovery
> Enable remote user access
c) Under “XMPP Federated Partners” click “New” and enter the details below then click “Commit“:
> Primary Domain – The domain/FQDN of the XMPP partner
> Partner Type – Select “Federated”
> TLS negotiation – Select “Not Supported”
> SASL negotiation – Select “Not Supported”
> Support server dial back negotiation – Select “True”
3. Lync Management Console
Now you need to export the configuration for the Edge Server to use.
a) Run the Lync Management Console and enter the command below:
1 |
Export-CsConfiguration -File C:\<path>\export.zip |
Now copy this export.zip to you Edge Server
4. Edge Server Setup
You must ensure you have two separate NICs on the Edge server, each with it’s own IP and FQDN (will require firewall settings).
You can install a new NIC either from the VM management (If it is a virtual machine) or from Windows Device Manager.
Make sure the XMPP server can ping this external interface, and that Edge can ping the XMPP server.
5. Installing the Edge Server
Run the standard Lync Deployment Wizard that comes with the Lync Server 2013 CD.
a) When the Wizard is run, select the option “Install or Update Lync Server System”
b) On the next screen select “Install Local Configuration Store” and then choose “Import from a file”. Click “Browse” and choose the file exported from Lync in step 3a).
c) Next to do is run the step “Set up Lync Server Components”. This will install the required components for the Edge Server.
d) This step involves setting up the certificates. If you are not importing, you can request for each of the options (Internal and External).
Note that you can use and internal CA for Openfire federation, but it would need a certified CA for external Lync access.
e) Once the certificates are set up, you can start the services from the deployment wizard.
Initially starting services from the Deployment Wizard is recommended as it will show any errors in the setup in the log (which can be accessed directly from the wizard).
Otherwise, run services.msc to view the services as shown below.
6. DNS Records
If all the services are running, you will need to set up the DNS records.
The main DNS record required (where the external NIC sits) is “_xmpp-server._tcp.<domain> 5269 <edge external NIC FQDN>“.
It may also be worth adding a service record for the XMPP server in you DNS where Lync sits.
a) To do this on Windows DNS Server:
> Create a new “Forward Lookup Zone” with the FQDN of the XMPP server
> Add an A record which points to the IP of the XMPP server (no need to add an FQDN, it will just use the same as the parent folder).
> Create the SRV record “_xmpp-server._tcp.<FQDN of xmpp server> 5269 <FQDN of xmpp server>”
> E.g. _xmpp-server._tcp.openfire.domain.com 5269 openfire.domain.com
b) Secondly, the internal DNS need some new records within the local domain. These are below:
> Create the SRV record “_sipfederationtls._tcp.<internal domain> 5061 <FQDN of edge external interface>”
> E.g. _sipfederationtls._tcp.test.local 5061 externaledge.test.com
> Create the SRV record “_sip._tls.<internal domain> 443 <FQDN of edge external interface>”
> E.g. _sip._tls.test.local 443 externaledge.test.com
7. Openfire Server
Now some changes need to be made to the Openfire server.
a) Go to “Server > Server Settings > Security Settings” and under “Server Connection Security” do the following, then click “Save Settings“:
> Check the radio button “Custom”
> For “Server Dialback“, check “Available”
> For “TLS Method“, check “Not Available”
> Check “Accept self-signed certificates. Server dialback over TLS is now available.”
b) Under “Server > Server Settings > Server to Server” ensure:
> Under “Service Enabled“, “Enabled” is checked, with port “5269”
> Under “Allowed to Connect“, “Anyone” is checked
If either of these isn’t checked, check it and click “Save Settings”
c) Next, you need to add the internal domain where lync is to the XMPP server’s hosts file, and point it to the edge server’s external IP address.
The reason is that the request from Lync comes from/goes to the user “lyncuser@internallync.test.local“, so the federation must be made with the domain internallync.test.local. Therefore the XMPP Server needs to know where this domain can be found.
d) If running a linux box, follow the steps below:
> Open a console to the linux machine and run the command in the next step
> vi /etc/hosts
> Add the line “<external Edge NIC IP> <internal Lync user domain>”
e) Finally, you may need to download a new openfire.jar with changes to the TCP Dialback protocol. This can be downloaded at the following location:
> http://79.170.40.175/globility.co.uk/downloads/openfire-3.8.2-gltd-0.0.1.jar
Note that this only works on Openfire 3.8.2.
8. Adding the contact
You are now ready to add the contact.
a) On the Lync server, select the add contact button then go to “Add a Contact Not in My Organisation > Other”
b) In the form, add the Openfire contact “openfireuser@openfireserver.domain.com”
c) From the Openfire User’s XMPP Client, add the user “lyncuser@<internal lync domain>“.
On the Openfire Admin Console, you can check the server-to-server sessions and will see one created with the internal Lync domain.
References
https://www.orcsweb.com/blog/cory-granata/installing-lync-2013-edge-server/
http://ocsguy.com/2010/11/29/deploying-lync-for-xmpp/