Posts Tagged ‘openfire’

Lync-Openfire CSTA Plugin

CSTA Plugin Configuration



This post will go through the steps required to set up Remote Call Control between a Lync Server, and telephony plugins sitting on an Openfire server.


This uses our “CSTA Plugin” for Openfire.



1. Static Route


The first step is to configure a Static Route on the Lync server which goes to the Openfire server. This is done from the Lync Server Management Shell.


First, you need to define the route as a variable:

$1= New-CsStaticRoute -TCPRoute -Destination <ip of openfire server> -Port <csta sip port> -MatchUri <fqdn of the openfire server>


Now you need to add this variable as a Route:

Set-CsStaticRoutingConfiguration -Identity global -Route @{Add=$1}


The “$1″ represents the variable name used above.


You can run the below command to check the routes:



This will return all identities and routes configured for them.



2. Trusted Application


The next step is to configure the Openfire server as a Trusted Application Server.


Once again, this is done from the Lync Server Management Shell.


You first need to create a Trusted Application Pool:

New-CsTrustedApplicationPool -Identity <ip of openfire server> -Registrar <fqdn of lync server> -ComputerFqdn <ip of openfire server> -Site <site name> -TreatAsAuthenticated $true -ThrottleAsServer $true


Now that the pool is made, the Trusted Application must be set with this pool:

New-CsTrustedApplication -ApplicationId <any ID> -TrustedApplicationPoolFqdn <ip of openfire server> -Port <csta sip port> -EnableTcp

Set-CsTrustedApplicationPool -Identity <ip of openfire server> -OutboundOnly $True


Now that everything is set, you must enable the topology:




3. Topology Builder


After configuring Openfire as a Trusted Application Server, you need to make a change to it in the Topology Builder.


To do this, run the Lync Server Topology Builder.


When prompted, select “Download Topology from existing deployment”.

1. Topology Builder - Download existing



This will begin to download the topology.


When asked where to download the topology, you can select any location and file name, but do not change the format.

2. Topology Builder - Save location


Once chosen, select “Save”.


This will load you current deployment. Collapse the left side menu to find the folder “Trusted application servers”, which should have the just created Trusted Application Server listed.

3. Topology Builder - Trusted Application Servers


Right click the listing and select “Edit Properties…”.

4. Topology Builder - Edit Proprties


Here you need check the box “Limit service usage to selected IP addresses” and enter the IP of the Openfire Server in the field under “Primary IP address: *”.

5. Topology Builder - Primary IP


Once done select OK.


Now you need to publish back the Topology with the changes.


In the Topology Builder, click the “Action” menu and select “Publish Topology…”.

6. Toploogy Builder - Publish Topology


Click “Next” and and it will publish the topology with the changes made. It may be a good idea to save this somewhere as a backup.



4. Control Panel


Now that you have made the changes required to the backend Topology, you need to edit the users to allow Remote Call Control.


First, run the Lync Server Control Panel.


When this loads, log in and click the “Users” tab on the left hand side.


This displays all users configured for Lync.


Select a user and make the following changes:

> Telephony – Change this to “Remote call control

> Line URI - This is an arbitrary number in the form “tel:<number>

> Line Server URI – This is in the form “sip:<user>@<fqdn of openfire server>


1. Control Panel - User Changes



Once done, select Commit at the top of the window.



5. Openfire Server


On the Openfire side, you will need to add the CSTA plugin. This can be done in one of two ways, like any other plugin.

1. On the Openfire Admin Console go to the Plugins tab and add the plugin from there.

2. Stop the Openfire server, move the plugin into the plugins directory, and start the Openfire server back up.
Once done, the CSTA configuration page will appear in the Admin Console under the tab “Unify”.


If you are using any of our other telephony plugins (e.g. Etrali or Cisco), it will appear alongside those, otherwise it would be in the Unify tab on it’s own.

1. Openfire Server - Unify:CSTA tabs


Click on the CSTA tab to view the CSTA Properties page, where you can configure the settings for you setup.

2. Openfire Server - CSTA Offline


Here you need to change the listening point to match your setup.


The format required for this field is:

SIP://<ip of openfire server>:<sip csta port>/TCP


Other than this, the other settings can be left as they are.


Once the change is made, click “Save Properties” and then restart the MAS.


When you go back to the page it should be green and say “Service is starting: Awaiting RCC User Logon”.


This means that the plugin has started is waiting for a user to log on.

3. Openfire Server - CSTA Waiting login



6. Lync Client


Now you are done with the Openfire side, you are ready to log on to the Lync Client.


Log on as normal, and once done go to the Options menu, and to the “Phones” tab.


Here you need to check the box “Enable integration with your phone system”.

1. Lync Client - Enable integration



Then click the “Advanced” button and ensure that “Automatic Configuration” is checked.

2. Lync Client - Advanced


Log out and back in to the client, and the change will take effect.


Check the Openfire Admin Console now and you’ll see that “Service is starting: Awaiting RCC User Logon” has changed to “Service is online”.

3. Lync Client - CSTA Online


In addition, if you go to the “CSTA Users” menu on the left side, you’ll see the user logged in, the system he is using, and his “Device Name”.

4. Lync Client - CSTA Users


If the device name is listed, with the correct “tel:#” configured in the Control Panel, then the user will be able to dial out using their configured system.



Lync-Openfire XMPP Federation

1. Lync Topology Setup


On the Lync Server FE, run the Topology Builder and create a new Edge Pool.


a) First you enter the FQDN of the Edge Server’s Internal Interface:

1. Defining the Edge Pool - Internal NIC FQDN


b) On the next screen make sure you enable XMPP federation on the pool.

2. Defining the Edge Pool - XMPP Federation checked


c) Next you have to define the FQDN and ports of the Edge External Services. Depending on your selection in the previous screen, you will need to enter either 1 or 3 FQDNs.

3. Defining the Edge Pool - External NIC FQDN


d) Next you’ll define the Internal IPv4 Address of the Edge Server.

4. Defining the Edge Pool - Internal IPv4


e) The last part to define is the IPv4 address of the External Edge NIC.

5. Defining the Edge Pool - External IPv4


f) Finally, save and publish the topology.



2. Lync Control Panel


In the Lync Control Panel go to the “Federation and External Access” tab.


a) Under “External Access Policy“, edit the Global scope and make sure the following boxes are checked the click “Commit“:

> Enable communications with federated users

> Enable communications with XMPP federated users

> Enable communications with remote users

> Enable communications with public users


1. External Access Policy


b) Under “Access Edge Configuration” make sure the following boxes are checked and click “Commit“:

> Enable federation and public IM connectivity

> Enable partner domain discovery

> Enable remote user access



2. Access Edge Configuration


c) Under “XMPP Federated Partners” click “New” and enter the details below then click “Commit“:

> Primary Domain – The domain/FQDN of the XMPP partner

> Partner Type – Select “Federated

> TLS negotiation – Select “Not Supported

> SASL negotiation – Select “Not Supported

> Support server dial back negotiation – Select “True


3. XMPP Federated Partners


3. Lync Management Console


Now you need to export the configuration for the Edge Server to use.


a) Run the Lync Management Console and enter the command below:

1. Configuration Export


Now copy this to you Edge Server



4. Edge Server Setup


You must ensure you have two separate NICs on the Edge server, each with it’s own IP and FQDN (will require firewall settings).

You can install a new NIC either from the VM management (If it is a virtual machine) or from Windows Device Manager.


Make sure the XMPP server can ping this external interface, and that Edge can ping the XMPP server.



5. Installing the Edge Server


Run the standard Lync Deployment Wizard that comes with the Lync Server 2013 CD.


a) When the Wizard is run, select the option “Install or Update Lync Server System”

1. Install or Update Lync Server System


b) On the next screen select “Install Local Configuration Store” and then choose “Import from a file”. Click “Browse” and choose the file exported from Lync in step 3a).

2. Installing Local Configuration Store


c) Next to do is run the step “Set up Lync Server Components”. This will install the required components for the Edge Server.

3. Set up Lync Server Components


d) This step involves setting up the certificates. If you are not importing, you can request for each of the options (Internal and External).

Note that you can use and internal CA for Openfire federation, but it would need a certified CA for external Lync access.

4. Certificates


e) Once the certificates are set up, you can start the services from the deployment wizard.

Initially starting services from the Deployment Wizard is recommended as it will show any errors in the setup in the log (which can be accessed directly from the wizard).

Otherwise, run services.msc to view the services as shown below.

5. Edge Services




6. DNS Records


If all the services are running, you will need to set up the DNS records.


The main DNS record required (where the external NIC sits) is “_xmpp-server._tcp.<domain> 5269 <edge external NIC FQDN>“.


It may also be worth adding a service record for the XMPP server in you DNS where Lync sits.


a) To do this on Windows DNS Server:

> Create a new “Forward Lookup Zone” with the FQDN of the XMPP server

> Add an A record which points to the IP of the XMPP server (no need to add an FQDN, it will just use the same as the parent folder).

> Create the SRV record “_xmpp-server._tcp.<FQDN of xmpp server> 5269 <FQDN of xmpp server>

> E.g. 5269


b) Secondly, the internal DNS need some new records within the local domain. These are below:

> Create the SRV record “_sipfederationtls._tcp.<internal domain> 5061 <FQDN of edge external interface>

> E.g. _sipfederationtls._tcp.test.local 5061

> Create the SRV record “_sip._tls.<internal domain> 443 <FQDN of edge external interface>

> E.g. _sip._tls.test.local 443 



7. Openfire Server


Now some changes need to be made to the Openfire server.


a) Go to “Server > Server Settings > Security Settings” and under “Server Connection Security” do the following, then click “Save Settings“:

> Check the radio button “Custom”

> For “Server Dialback“, check “Available

> For “TLS Method“, check “Not Available

> Check “Accept self-signed certificates. Server dialback over TLS is now available.


1. Security Settings


b) Under “Server > Server Settings > Server to Server” ensure:

> Under “Service Enabled“, “Enabled” is checked, with port “5269

> Under “Allowed to Connect“, “Anyone” is checked


2. Server to Server Settings

If either of these isn’t checked, check it and click “Save Settings


c) Next, you need to add the internal domain where lync is to the XMPP server’s hosts file, and point it to the edge server’s external IP address.

The reason is that the request from Lync comes from/goes to the user “lyncuser@internallync.test.local“, so the federation must be made with the domain internallync.test.local. Therefore the XMPP Server needs to know where this domain can be found.


d) If running a linux box, follow the steps below:

> Open a console to the linux machine and run the command in the next step
vi /etc/hosts

> Add the line “<external Edge NIC IP> <internal Lync user domain>


3. Hosts File


e) Finally, you may need to download a new openfire.jar with changes to the TCP Dialback protocol. This can be downloaded at the following location:



Note that this only works on Openfire 3.8.2.



8. Adding the contact


You are now ready to add the contact.


a) On the Lync server, select the add contact button then go to “Add a Contact Not in My Organisation > Other

1. Lync - How to add the contact


b) In the form, add the Openfire contact “

2. Lync - Add Contact Form


c) From the Openfire User’s XMPP Client, add the user “lyncuser@<internal lync domain>“.

3. Openfire - Adding the contact


On the Openfire Admin Console, you can check the server-to-server sessions and will see one created with the internal Lync domain.






on July 5, 2018

We have started using medium for our blogging. Please click here to see our latest posts.

on February 9, 2015

BaseX Blog Introduction This 'Blurt/Blog' details my experiences of a recent

on December 4, 2013

iCosts - The Legal Costs Calculator - Demo

on December 4, 2013

Lync XMPP + Video - Demo

Contact Us

9th Floor Capital House
40-42 Weston Street
SE1 3QD 0207 100 1499 Follow us Like us

Specialists in integrated and flexible communications

Copyright © 2013 Globility Limited. All rights reserved.