Solved: Jabber Login Question Dual domain - Page 2

rchaseling · ‎09-08-2021

UC 11.5 deployment with Jabber MRA deployed and working. Now the customer wants to start using Jabber on prem as well with moving back to office but logins are failing because the customer does not have their external domain as a domain on their internal DNS .....and doesn't want to.

So customer has:

External Domain: external.com

Internal Domain: internal.local

IMP Address Scheme is : Directory URI (which is user@external.com)

Fresh install of Jabber login on Prem fails because Jabber is doing a UPN discovery and getting back user@external.com and can't find the cisco-uds record in this domain as it doesn't exist so tries to go via Expressway which fails (firewall).

I've disabled the UPN discovery parameter but then it asks manually for users email.....but users would need to put in user@internal.local as their email which will cause confusion

I've played with VOICE_SERVICES_DOMAIN=internal.local parameter which works but I assume then this will cause issues when the users take their laptops home ......

Is the only real option here to tell the customer they must create a external.com domain in their internal DNS ??? I understand it is most likely by far the best option but is there a backup option that is as seemless ?

Thanks

Sankar Voleti · ‎09-15-2021

voiceservicesdomain parameter always maps to the edge domain. This has the highest priority for service discovery and will be cached as long as the client is not reset.

Customer can create a pinpoint DNS entry exactly as _cisco-uds._tcp.<edge domain> under the Forward Lookup Zones. Then add the UDS SRV in this entry with CUCM FQDN. So when the user comes back to on-prem network from MRA, Jabber will use the edge domain (which is mapped to voiceservicesdomain) to send the SRV query as _cisco-uds._tcp.<edge domain> against the internal DNS to discover the CUCM servers.

Example:-

Edge domain (VoiceServicesDomain) = domain.com

Internal domain : domain.local

Pinpoint Entry in the internal DNS = _cisco-uds._tcp.domain.com with _cisco-uds SRV mapped to CUCM.domain.local

Jabber user roams from domain.com to domain.local. Client queries _cisco-uds._tcp.domain.com which resolves to CUCM.domain.local

With this configuration, users don't have to reset the client ever.

Hope this helps!

-Sankar

rchaseling · ‎09-15-2021

Hi,

I was not aware we could create a pinpoint entry just for the Cisco-uds SRV record without creating a whole zone for external.com!

Excellent doc here

https://www.cisco.com/c/en/us/support/docs/ip/domain-name-system-dns/212340-how-to-create-a-pinpoint-dns-entry.html#anc10

This is the piece of the puzzle i was missing - many thanks to both of you for getting me over the line on this one!

Roger Kallberg · ‎09-15-2021

Great to hear you where able to get this sorted out. I would think that you also should mark the answer provided by@Sankar Voleti as a solution for your question.

rchaseling · ‎09-15-2021

I marked you both

Roger Kallberg · ‎09-15-2021

AFAIKT you marked one of my answers and your own as the solution, not any of Sankars responces.

Roger Kallberg · ‎09-14-2021

Can you please describe the other issues referenced by this “The customer cannot put in a forwarding zone for their external DNS on their internal DNS without causing other issues.”?