cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

IM and Presence domain is different from server domain

383
Views
5
Helpful
2
Comments
Participant

hi guys,

i was hoping someone can explain this. 

i am trying to install and get imp /jabber working.   

client server domain is  abc.com (DC)

client email domain /public domain is 1234.com  (basically both are different).  now when i create the sever in cucm server page, i will have to specify im and presence. for which i said 1234.com.  but the IMP is server itself is in abc.com

because, MRA/ devices that not part of the domain controller will be using username@1234.com (same as email) to sign in.  

 

Is this a right approach? should i use abc.com for im and prsense as well? if so, when they sign in with email add , any issues with certs?

also when i tried to generate XMPP cert, it included both domains. so it becomes a multi domain cert and expensive with pubic CA.

 

thank you so much.

vijay 

2 Comments
Beginner

Hi,

There is couple of things to remember with split domain deployment.

 

- internal DNS servers need to have an SRV record for _cisco-uds for the voice services domain (1234.com) and obviously A records for your UC servers domain (abc.com)

- external DNS servers need to have an SRV record created for _collab-edge (1234.com). Also these need to have A records for your Expressway E servers' FQDNs (1234.com)

- as far as I remember, your XMPP cert does not need to include the servers' domain (abc.com) but of course it needs to have voice services domain (1234.com), XMPP cert can be signed with internal CA as long as you have it in your deployment and your devices trust your internal CA servers' certs, remember to include all required Key Usage and Extended Key Usage attributes

- when you add the voice services domain (1234.com) on IM&P server and you remove the servers' domain which is taken from the server configuration/installation (abc.com) from there then when generating CSR you will only have the voice services domain (1234.com) on the list, you may also find it useful to change the IM Address Scheme to be Directory URI if URIs on the LDAP (if used) are users' email addresses

- in regards to the Expressway certs, your E server(s) need to include the voice service domain (1234.com), you can find Expressway certificate guide here: click (from page 11)

- one very important thing to remember is that if your Expressway E servers' domain is different than the MRA domain (in your case if the domain on E servers is set to abc.com), your Expressway E servers' CSRs need to include SAN with your E servers' domain FQDN, that's because you will likely have traversal zone on C servers pointing to the Expressway E FQDN in the servers' domain. If you don't include that FQDN as a SAN your traversal zone won't come up, workaround to that is to setup traversal zone with the MRA domain FQDN and add the A records for the public domain on internal DNS servers

Thank you,

Mikolaj

 

**** PLEASE RATE IF USEFUL ****

 

 

 

thank you sir..that helps.