OS of choice is again Windows 2008 R2 SP1. The internal FQDN is xmppint.lynclog.com. In my external DNS, however, I will use xmpp.lynclog.com for A record. Also, I will attempt to configure it with single NATed IP address in the DMZ subset. The server is not a member of lynclog.com domain.
There are few steps to complete before the gateway installation and configuration.
1. Append the domain suffix. The point here is – our lync server must establish MTLS with the xmpp gateway and the certificate must match gateway's FQDN. Of course, I will issue this cert from my Domain CA.
Installed .NET feature.
My gateway server cannot resolve sip.lynclog.com, because it is present in my public DNS only, hosted somewhere else. I need to create an entry in the HOSTS file, pointing to the DMZ's LAN address of the edge server.
...and created A record for xmppint.lynclog.com in the internal DNS, so my Lync server can resolve the gateway's IP address.
...and Validate the Connection.
Now, the XMPP configuration.
Don't you love when your day starts like that?
There are few steps to complete before the gateway installation and configuration.
1. Append the domain suffix. The point here is – our lync server must establish MTLS with the xmpp gateway and the certificate must match gateway's FQDN. Of course, I will issue this cert from my Domain CA.
I need to request and install certificate for my server, but how to do that? Well, first I imported the CA certificate via MMC.
Then installed IIS Management Console and used it to create offline certificate request.
Then installed IIS Management Console and used it to create offline certificate request.
…and used the request to receive certificate from my Domain CA and then "Completed the Certificate request" to import in the computer store.
...and created A record for xmppint.lynclog.com in the internal DNS, so my Lync server can resolve the gateway's IP address.
I downloaded and install the bits from this link: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=aa560bfe-9960-473a-bfb8-53bff678cec4&displaylang=en
After running the installer, the bits were placed in "C:\Program Files\Microsoft Office Communications Server 2007 R2\XMPP Gateway Installer". Run setup.exe located in this folder.
Next – the XMPP gateway configuration.
…select certificate.
Now, the XMPP configuration.
No certificate is necessary for gmail. I "tested the connection" and although connection to google's xmpp servers was successful but gmail.com failed?!?
Doh, I have not yet configured my SRV record in the public DNS.About this record you can read in the XMPP installation manual. The goal is external DNS query for _xmpp-server._tcp.domain.tld to return proper values as shown:
Locate the file "TGWConsoleGUI.dll.config" in C:\Program Files\Microsoft Office Communications Server 2007 R2\XMPP Gateway, open it with Notepad and enter the IP address of your XMPP server on both lines.
...and start the service:
One last thing I must do now is to add the gateway in the allowed domain in Lync CP.
At this point, since I just created the public SRV record, I left the final test for tomorrow morning, since had to wait for DNS replication any way…
Don't you love when your day starts like that?
No comments:
Post a Comment