cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10920
Views
10
Helpful
51
Replies

Expressway 8.9.1 - IM&P Federation With Microsoft-based Organizations Skype for Business

ciscodrew
Level 1
Level 1

Has anyone set this up successfully yet?

 

I have followed the brief config included in the doc starting on page 53, but I am not having much luck.

 

See attached Doc S4BFED.pdf for config that works.

 

 

 

 

51 Replies 51

Did you get this working? I am having same issue. 

Hi,

i had the same issue:

Jabber-users could see status of S4B-users

S4B-users could not see status of jabber-users

The issue was a setting in the VCS-C, that was nowhere mentioned in any guide:

Go to "Applications" -> "Presence"

Here set everything to "Off" or "Offline"

After doing this change presence-status was working in both directions.

Hope, this helps

Regards

Florian

What external SRV record is needed?...I see various "pieces" of documentation that mention the CUP-ServerFQDN-Public record being needed.  I assume this record is what the sipfederationtls SRV record points to?  then CUP-ServerFQDN-Public would point to the Expressway-e Public IP?  thanks!

External DNS SRV record is _sipfederationtls._tcp.<domain>.com which is pointed to the Expressway E\s

You will also need an internal DNS record for CUP-ServerFQDN-Public that points to CUPS cluster PUB.

thank you.  has anyone tried to create their search rules and IM&P routes to make a psuedo open federation config?  Instead of manually adding routes and search rules for each and every domain you wish to federate with?

I was able to get 2-way IM going but only if I initiate the conversation.  if Skype initiates the conversation is get the following error on the Expressway-E:

Call Rejected with Detail="Proxy Authentication Required" Protocol="TLS" Response-code="407"

I also have no presence on either side.  I have confirmed my search rules and routing...what am I missing?

Did you add Expressway-C's certificate to CUP-Trust? I think this is the step that solved all my Proxy Auth Required issues.

I assume you also have the route to imp-public.domain.com (hostname) and not only to the domain name? This is a feature/bug.

Yes, I have the Expressway-C's certificate as a CUP-Trust, that is what got IM working for me.  I have the following route on the Expressway-C:

.*server-name-public\.us.domain\.com.*

It is Priority 100 and set for Microsoft SIP IM&P as the SIP Variant

That is correct right?

So I found part of my issue which was a space at the end of my server-name-public regular expression.  I was able to get Jabber to display Skype presence once that was resolved.  it appears that the only remaining issue I have is my jabber presence can't be seen on the Skype client.

Did you create an internal DNS entry for CUPS PUBLIC FQDN and point to CUPS PUB?

Did you set the CUPS PUBLIC FQDN in service parameters?

yes, the internal DNS entry was created and matches what is configured in the federation settings under service parameters.

Hey Ruud, 

Yes, This is resolved my issue. Also I changed IMP Zone port to 5062.

I'm really stuggling with this whole configuration.  It seems the docs leaves tons out.  I'm a little shaky on exactly which certs to put where.

I have my C signed with an internal Windows CA Enterprise CA

I have my E public signed with Google

I put my Windows CA Cert on the IMP Server and chose cup-trust for the purpose when i uploaded to the IMP Server.

I downloaded the cup-trust with the description of "Trusted local cluster own-certificate" from the IMP Server and uploaded this to the Expressway C server.

Is the above right?

Also, when I have my IMP Zone on 5061 is comes up.  When I change it to 5062 as you guys instruct it fails to come up.  The exact message is "SIP: Failed to connect to 11.0.0.12:5062: No response from system" 

Any thoughts here.

I am having issues getting this working as well.  I followed the guides and all of you guys' suggestions...

 

I added the cert from XwayC to CUP-trust, I have the internal and external dns entries, I have added the ACLs in IMP as well as the TLS Peers, I have the search rules and zones on both xway-c and e.... Still no dice.  When I have the IMP neighbor zone configured for port 5061, the zone shows SIP reachable, when I change the port to 5062, It shows SIP unreachable TLS negotiation error... I have verified that the application listeners in the IMP server say 5062 for SIP Proxy TLS listener -peer auth and 5061 for server auth...

When I look at the logs on the XwayC server, i see the Proxy authentication error 407 and then eventually i get a "Not acceptable Here" message... I'm guessing because after the Proxy Authentication Required error message, it tries to search another zone? 

 

Anyone have any more suggestions, or had to do anything different to for the 5061/5062?  When you guys change the IMP Neighbor Zone in xwayc to 5062, does it say SIP reachable?

 

Thanks in advance!

 

 

 

Hi, i have manged to get chat working both ways, presence is only showing from Skype for business side (O365) and i don't see any presence for the Skype user from Jabber. Has anyone got any idea to what could cause this particular issue? where to look and what config could cause this?