Category Archives: Cisco Jabber

Jul 15

Cisco JID – Resolving Contacts with Blank Spaces

Posted on by

Resolving JID’s when the usernames have a blank space can be challenging. I had an issue where the IM Address would be formatted correctly (email address) when a user viewed their own profile from within Jabber. However, if that same user searched the directory and viewed a contact’s profile, the IM Address would only display the firstname.

The user ID was in the format of “firstnamelastname@domain”

The Jabber client was ending the IM Address string after the firstname. Therefore the presence status would only show offline and the IM Feature was disabled. The blank space was breaking the IM Address.

IMP 10.5.2 was in use and the Directory URI was checked for the Advanced Settings, this was working ok as the IM Address in self view in Jabber was showing the Directory URI

The issue here was the Directory Search and the resolving of contact JID’s to their SIP URI.

Nagajothi Thangapandian provided assistance in this case and advised to hardcode the directory lookup resolver to the SIP URI which was mapped to the email address. Below is the snippet of code that will be placed into the jabber-conf.xml file.

This resolved my issue, but will also come in handy if you need to migrate or change IM Addresses for contacts.

<?xml version=”1.0″ encoding=”utf-8″?>
<config version=”1.0″>
<Directory>
<SipUri>mail</SipUri>
<BDISipUri>mail</BDISipUri>
<UseSIPURIToResolveContacts>true</UseSIPURIToResolveContacts>
<BDIUseSIPURIToResolveContacts>true</BDIUseSIPURIToResolveContacts>
<UriPrefix>sip:</UriPrefix>
<BDIUriPrefix>sip:</BDIUriPrefix>
</Directory>
</config>

Feb 06

Collaboration Edge Deployment – Support for Multi-Domain

Posted on by

This article contains the process and information you need to configure Mobile Remote Access for Jabber and Cisco DX/MX/EX Series Endpoints. This does not include Jabber Guest at this time. As most organisations move towards a borderless network, collaboration technologies outside the workplace is becoming less of a feature and more a requirement. MRA assists organisations allowing collaboration to extend outside of the walls of the organisation while providing the same feature rich experience for users.

This article is based on the following UC platforms:

  • CUCM version 10.5.XX
  • CUC version 10.5.XX
  • IM & Presence version 10.5.XX
  • VCS Expressway version x8.2
  • VCS Control version x8.2
  • Cisco Jabber for Windows 10.5.XX

Preparation

Order your Licenses for MRA

Log onto the Cisco CCW Website and order the Expressway license. This is a zero cost order.

Know your network topology

Gather or create network topology documents and other tables documenting, how the DMZ is configured, or Internet edge zones, Domain Names, Hostnames to use, IP Addressing requirements etc.

Details to gather:

VCS Control

System Administration Details

System Name
System Name

IP Details

Configuration
Gateway
LAN 1
IP Address
Subnet Mask

DNS

DNS Settings
System Host Name
Domain Name
Default DNS Servers
Address 1
Address 2

NTP

NTP Servers
NTP Server 1
NTP Server 2
Timezone
Timezone

 VCS Expressway

System Administration Details

System Name
System Name

IP Details

Configuration
Gateway
LAN 1
IP Address
Subnet Mask

DNS

DNS Settings
System Host Name
Domain Name
Default DNS Servers
Address 1
Address 2

NTP

NTP Servers
NTP Server 1
NTP Server 2
Timezone
Timezone

IP Tel Cluster Devices

Hostname IP Address Description
CUCM Publisher
CUCM Subscriber
CUC Publisher
CUC Subscriber
IM & Presence Publisher
IM & Presence Subscriber

 Configuration

Create Public DNS Records

No we know where we are going to place the collab edge devices and sourced our IP Addresses with hostname etc we now need to start the configuration phase.

Create an A Record for your VCS Expressway device. Then create an SRV Record for the _collab-edge service.

_collab-edge._tls.domain.com.au

I’ve provided a template to use to send to your provider, complete the table and email.

Public DNS Modification – Domain: DomainName

 A Record

Record Name IP Address

 SRV Records

Domain Service Protocol Priority Weight Port Target Host
collab-edge tls 10 10 8443 A Record – Hostname from above table

Create Internal DNS Records

Create A Records for both your VCS Control and VCS Expressway devices. You should already have A Records configured for your all your IP Tel Servers. (CUCM, CUC, IM&P).

Create the following SRV Record for every domain name that will be used as a login for Jabber.

_cisco-uds._tcp.domainname.com.au

IMPORTANT: By now, every hostname and srv record should be resolvable. If not, go back through DNS configuration and correct.

Firewall Rules for MRA

 I’ve listed the firewall ports to open for the MRA solution. Referenced from the Unified Communications Mobile and Remote Access  via Cisco VSC – Deployment Guide x8.2

 VCS Control (Inside) to VCS Expressway (DMZ)

Purpose Protocol VCS Control (source) VCS Expressway (listening)
XMPP (IM and Presence) TCP Ephemeral port 7400
SSH (HTTP/S tunnels) TCP Ephemeral port 2222
Traversal zone SIP signaling TLS 25000 to 29999 7001
Traversal zone SIP media(for small/medium systems on X8.1 or later) UDP 36000 to 59999* 36000 (RTP), 36001 (RTCP) (defaults)2776 (RTP), 2777 (RTCP) (old defaults*)
Traversal zone SIP media(for large systems) UDP 36000 to 59999* 36000 to 36011 (6 pairs of RTP and RTCP ports for multiplexed media traversal)

VCS Expressway (DMZ) to Internet (Outside)

Purpose Protocol VCS Expressway (source) Internet endpoint (listening)
SIP media UDP 36002 to 59999 or36012 to 59999 >= 1024
SIP signaling TLS 25000 to 29999 >= 1024

Public Internet (Outside) to VCS Expressway (DMZ)

Purpose Protocol Internet endpoint (source) VCS Expressway (listening)
XMPP (IM and Presence) TCP >= 1024 5222
HTTP proxy (UDS) TCP >= 1024 8443
Media UDP >= 1024 36002 to 59999 or36012 to 59999*
SIP signaling TLS >= 1024 5061
HTTPS (administrative access) TCP >= 1024 443

VCS Control to CUCM / CUC

Purpose Protocol VCS Control (source) Unified CM (listening)
XMPP (IM and Presence) TCP Ephemeral port 7400 (IM and Presence)
HTTP proxy (UDS) TCP Ephemeral port 8443 (Unified CM)
HTTP proxy (SOAP) TCP Ephemeral port 8443 (IM and Presence Service)
HTTP (configuration file retrieval) TCP Ephemeral port 6970
CUC (voicemail) TCP Ephemeral port 443 (CUC)
Media UDP 36000 to 59999* >= 1024
SIP signaling TCP 25000 to 29999 5060
Secure SIP signaling TLS 25000 to 29999 5061

 Deploy VCS Control

Download and run the OVA template for VCS x8.2. Default username/password is admin/TANDBERG. This will shoot you straight in a wizard. Complete the wizard with details in the preparation section. When the wizard is complete, the device will reboot and you will now have HTTPS access to the GUI.

Log into the Web Interface and start to configure the necessary system information. I’ve outlined the details to either add or modify on the VCS Control.

*NOTE: Install the release keys and option keys for VCS Control before finalising configuration in the Web GUI. Some fields and options will only be available after the license keys are installed. You will need the serial number to enter in the Cisco Licensing Portal.

Parameter Location Notes
System Name System -> Administration Enter Fully Qualified Domain Name
H323 Mode Configuration -> Protocols -> H323 Disable
SIP Mode Configuration -> Protocols -> SIP Enable
Unified Communications Mode Configuration -> Unified Communications -> Configuration Select “Mobile and remote access”
Unified CM Servers Configuration -> Unified Communications -> Unified CM Servers Add New CM Server (Publisher). This will discover all Subscribers and add a Neighbour Zone into VCSc
IM and Presence Servers Configuration -> Unified Communications -> IM and Presence Servers Add New IM and Presence Server (Publisher). This will discover Subscribers.
Domain Configuration Configuration -> Domains Add New Domain. Need to add all domains that will be used with Jabber.Complete the below details.

Domain Name

SIP Registrations and provisioning on Unified CM : On

IM and Presence services on Unified CM : On
Calls to Unknown IP Addresses Configuration -> Dialplan -> Configuration Select “Indirect”
Traversal Zone Details Configuration -> Zones -> Zones Add Traversal Zone.Name: TraversalZone

Username: traversal

Password: ******

Port: 7001

Accept Proxied Registrations: Yes

Peer 1 Address: Enter the FQDN of the VCSe Gateway

Deploy VCS Expressway

Now its time to deploy the VCS Expressway. The initial deployment steps are alike to the VCS Control, use the same OVA Template and complete the wizard using the details collected in the preparation phase for the VCS Expressway.

Once the Wizard has finalised and the Expressway has rebooted, log into the Web GUI to start configuration. I’ve outlined the details to either add or modify on the VCS Control.

*NOTE: Install the release keys and option keys for VCS Expressway before finalising configuration in the Web GUI. Some fields and options will only be available after the license keys are installed. You will need the serial number to enter in the Cisco Licensing Portal.

Parameter Location Notes
System Name System -> Administration Enter Fully Qualified Domain Name
H323 Mode Configuration -> Protocols -> H323 Disable
SIP Mode Configuration -> Protocols -> SIP Enable
Unified Communications Mode Configuration -> Unified Communications -> Configuration Select “Mobile and remote access”
Calls to Unknown IP Addresses Configuration -> Dialplan -> Configuration Select “Indirect”
Traversal Zone Details Configuration -> Zones -> Zones Add Traversal Zone.Name: TraversalZone

Username: traversal

Password: ******

Port: 7001

TLS verify subject name: Enter the FQDN of the VCS Control Gateway.

Traversal Communications

Both the VCS Control and VCS Expressway configuration should now be complete. However the traversal zone will be throwing errors due to security invalid security certificates. From release X8.2 both the Control and Expressway need to validate security certificates to force secure communications. So, we need to either purchase external certificates or use an Internal CA to sign certificates.

First we need to generate a CSR from both the Control and Expressway. Navigate to Maintenance -> Security Certificates -> Server Certificates. Select Generate CSR. Enter the required details, ensure all domains are entered in the Unified CM registrations domains and the format is SRVName. Download the CSR file and give to your Security Admin to either enrol a certificate or purchase a third party certificate.

*NOTE: The common name must match the SRV Target Hostname in the Public DNS Zone. This has been identified as Bug ID CSCuo83458.

It is recommended a public certificate be generated for the VCS Expressway. This will eliminate the need to install the Install CA’s root certificate on all devices accessing Jabber remotely.

Upload the signed certificate once received. If you had the Internal CA sign the certificate request, you will need to upload the CA’s root certificate to each the Control and Expressway.

Reboot both Control and Expressway, the Traversal channel should now be active.

If you are using a MS CA, following the below link for a step by step to sign SAN certificates for Control and Expressway.

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-1.pdf

Side Notes

I created an SRV Record for each domain the users will be logging into. However due to the above Bug ID mentioned, all the SRV Target Hostnames must point to a common A record, this A record must match the VCS Expressway System Name.

Use the System -> Logs to check for errors when logging into Jabber initially. Authentication errors can be caused by certificates, DNS mis-configuration.

HTTP Server Allow List under the Configuration -> Unified Communications -> Configuration then clicking on the hyperlink “Configure HTTP Server allow list”. This white list is where you enter any auxiliary servers for example photo database server also Unity Connection Servers so Jabber can access Voicemail.

That’s about it.

Jan 28

Creating a Photo Repository for Collaboration Edge.

Posted on by

Install IIS on a selected Windows Server. Select the basic features, no need to change the defaults.
Open the IIS Management Window. Navigate to the Default Website. If this is an existing IIS Server, Right-click the Default Website and select “Add New Website”. Assign the new website a name, default path and unique port to use. More than likely the default website will already be port 80, so choose a different port.

Add your photos to the default path you selected above. The filename for the each photo must be in the following format: username.jpg

Modify the jabber-config.xml file and add the following lines:

<PhotoUriSubstitutionEnabled>true</PhotoUriSubstitutionEnabled>
<UdsPhotoUriWithToken>http://192.168.0.100:9080/%%uid%%.jpg</UdsPhotoUriWithToken>

Upload the jabber-config.xml to the all CUCM Servers. Restart the TFTP Service.

Browse to the VCS Control. Navigate to Configuration -> Unified Communications -> Configuration page. Under Advanced, select the hyperlink “Configure HTTP Server Allow List”. Select New to add the photo repository server to the Whitelist. Complete the IP Address and Description details and select create entry.

The Jabber client will now have access to the photo repository server from both inside and outside the corporate network.

Dec 16

CUCM and IM&P Integration with SRV Records

Posted on by

For us Cisco techs, one of the more often than not nowadays is that have to deal with the MS world of DNS (AND Certifciate Architecture… I’ll talk about this in later articles). I’ve had a fair bit of experience with DNS in the past, so I thought I would just share a little about integrating CUCM with IM & Presence using SRV records both ways to support CUCM Clusters and IM & Presence Clusters for high availability.

DNS Configuration

Create A (Host) Records

CUCM DNS A Records

Type Hostname IP Address
A cucm01.uplinks.com.au 192.168.0.20
A cucm02.uplinks.com.au 192.168.0.21

IM&P DNS A Records

Type Hostname IP Address
A imp01.uplinks.com.au 192.168.0.30
A imp02.uplinks.com.au 192.168.0.31

Create SRV Records

IM&P Cluster Name: imp.uplinks.com.au

Type Identifer Protocol Weight Priority Host
SRV _sip _tcp 10 10 imp01.uplinks.com.au
SRV _sip _tcp 10 10 imp02.uplinks.com.au

CUCM Cluster Name: cucm.uplinks.com.au

Type Identifer Protocol Weight Priority Host
SRV _sip _udp 10 10 cucm01.uplinks.com.au
SRV _sip _udp 10 10 cucm01.uplinks.com.au

Verify Records via NSLOOKUP

>  set q-all
>  _sip._tcp.imp.uplinks.com.au
>  _sip._udp.cucm.uplinks.com.au

The above should output the following results.

-        The SRV Records and their target hosts
-        An A record for every target host identified in the SRV record.

CUCM Configuration

SIP Trunk

  1. Navigate to Device, then select Trunks
  2. Select Add New
  3. Select SIP Trunk for Trunk Type
  4. Select Next
  5. Complete the details of the SIP Trunk as per normal.
  6. Under SIP Information, check the box  Destination Address is SRV

Note: When the checkbox is ticked, CUCM changes the outbound SIP protocol from udp to tcp.

  1. Type the IM&Presence Cluster Name. (imp.uplinks.com.au)
  2. Select Save and then reset the Trunk.

Configure SIP Publish Trunk

  1. Navigate to the Service Parameters, then Cisco CallManager.
  2. Find “IM & Presence Publish Trunk”
  3. Drop the arrow down and select the above SIP Trunk.

 IM & Presence Configuration

SRV Cluster Name

  1. Navigate to Service Parameters, then Cisco SIP Proxy.
  2. Find “SRV Cluster Name”
  3. Type the IM&Presence cluster name (imp.uplinks.com.au)
  4. Select Save

Presence Gateway

  1. Navigate to Presence, then Gateways.
  2. Select Add New
  3. Select CUCM for Presence Gateway Type.
  4. Type a Descriptive note.
  5. Type the SRV Record for the CUCM Cluster Name.

Note: Do not strip the SRV Identifier or Protocol. Example input would be _sip._udp.cucm.uplinks.com.au

Jul 30

Photo Retrieval Using UDS Directory Service in Jabber

Posted on by

Configuring Photo retrieval in Jabber clients to work with UDS Directory Services is slightly different to the EDI methods.

The only photo retrieval method UDS supports is HTTP Based. So you’ll need to create a web server to save your photos too.

Ensure that you can browse and open the photos from a PC or laptop using the HTTP path.

UDS uses a URL Template to dynamically build the photo retrieval path. The variable used by UDS is %%uid%%, this is the username field in CUCM EndUser.

Therefore the only line of code we need in the Jabber-config.xml file is the following

<UdsPhotoUriWithToken>http://webserver.domain/photos/%%uid%%.jpg</UdsPhotoUriWithToken>

Example Jabber-conf.xml file layout.

<Directory>
<DirectoryServerType>UDS</DirectoryServerType>
<UdsPhotoUriWithToken>http://webserver.domain/photos/%%uid%%.jpg</UdsPhotoUriWithToken>
</Directory>

Note: If you had tried other methods of photo retrieval, you may need to remove the CSF folder under %profile%\AppData\Local\Cisco\Unified Communications\Jabber. then sign back into Jabber.

Photos should be 128px x 128px. However the Jabber Client will resize if the image is larger.

To verify the photoUrlTemplate is correct review the Jabber Log file under %profile%\AppData\Local\Cisco\Unified Communications\Jabber\CSF\Logs\ and search for the line ‘photoUrlTemplate=’

This should reflect the value of the field in the jabber-config.xml file.

Feb 05

IMP Users are showing Status as Offline, when Logged into Jabber

Posted on by

This is widely discussed issue in the Jabber community, so I thought I would write a quick ‘how-to’ on the subject.

Ok, so I’ve logged into Jabber (I’m using v9.6 and IM&P 9.1.2 Build), however this issue is not constrained to one particular version of IM&P and/or CUP Server. So when logged into Jabber and online, I should be able to view the presence status of colleagues that are also logged into jabber and vice-versa. However all I see is an ‘offline’ status for each and every colleague.

To view the presence status of a user, that user must have an IM Address. Either you populate this manually by editing the contact or in most case the IM Address is pulled across using the user’s email address. So if you don’t see an IM Address for the user, populate it.

Now if the user does have an IM Address, make sure the IM&P Domain Name is either the same name, or a parent of the IM Address suffix. What I mean is if a user has an IM Address of joe.citizen@sydney.cisco.com make sure the IM&P Domain name is either sydney.cisco.com or just cisco.com. This is a common misconfiguration in the workplace, implementation engineers often don’t think to enter the parent domain name, and the sub-domain is entered. The problem is yes the user is logging onto the sub-domain, however the company email address is @cisco.com and not @sydney.cisco.com. As I said before the IM Address is more than likely pulled across from the ‘mail’ field (Email), hence creating a variance in domain names.

To change the IM & Presence Domain, the Proxy, Presence Engine and the XCP Router Service needs to be stopped on all Publishers and Subscribers

The SIP Proxy and Presence Engine services are located on the Feature Services page in the IM&P Serviceability Admin page.

The XCP Router service is located on the Network Services page in the IM&P Serviceability Admin page.

After the IM & Presence Domain has been updated, start all three services on all servers and log back in. Now you should be viewing the correct presence status of colleague’s.

Below is a quick blurb from the Help Page on the Cisco CUCM Server.

IM and Presence Domain

Provide a valid domain that specifies the IM and Presence domain name of the IM and Presence server. Typically this parameter should be an enterprise top-level domain name (for example, example.com). The parameter that you enter allows the IM and Presence server to identify which URIs are to be treated as local and managed by this installation. Instant Messaging (IM) or availability status requests addressed to other domains must be forwarded via federation. Other SIP requests may be proxied.