Example XMPP configuration in Lync Server 2013 – XMPP federation with Google Talk
Topic Last Modified: 2014-04-22
An example configuration for deploying the XMPP Proxy defines a federation with Google Talk.
Example XMPP configuration – XMPP federation with Google Talk
On the Front End Server, open the Lync Server Deployment Wizard. Click Install or Update Lync Server System, then click Setup or Remove Lync Server Components. Click Run Again.
At Setup Lync Server components, click Next. The summary screen will show actions as they are executed. After the deployment is complete, click View Log to view available log files. Click Finish to complete the deployment.
On the Edge Server, open the Lync Server Deployment Wizard. Click Install or Update Lync Server System, then click Setup or Remove Lync Server Components. Click Run Again.
Add Google Talk as an XMPP allowed partner. Google Talk currently only supports unencrypted, TCP connections for server-to-server XMPP federation and only supports Server Dialback for identity verification. (See http://xmpp.org/extensions/xep-0220.html).
New-CsXmppAllowedPartner gmail.com -TlsNegotiation NotSupported -SaslNegotiation NotSupported -EnableKeepAlive $false -SupportDialbackNegotiation $true
To enable Edge Federation, type the following:
Set-CsAccessEdgeConfiguration -AllowFederatedUsers $true
At Setup Lync Server components, click Next. The summary screen will show actions as they are executed. After the deployment is done, click View Log to view available log files. Click Finish to complete the deployment.
On the Edge Server, in the Lync Server Deployment Wizard, next to Step 3: Request, Install, or Assign Certificates, click Run again.
Tip
If you are deploying the Edge Server for the first time, you will see Run instead of Run Again.
On the Available Certificate Tasks page, click Create a new certificate request.
On the Certificate Request page, click External Edge Certificate.
On the Delayed or Immediate Request page, select the Prepare the request now, but send it later check box.
On the Certificate Request File page, type the full path and file name of the file to which the request is to be saved (for example, c:\cert_exernal_edge.cer).
On the Specify Alternate Certificate Template page, to use a template other than the default WebServer template, select the Use alternative certificate template for the selected certification authority check box.
On the Name and Security Settings page, do the following:
In Friendly name, type a display name for the certificate
In Bit length, specify the bit length (typically, the default of 2048)
Verify that the Mark certificate private key as exportable check box is selected
On the Organization Information page, type the name for the organization and the organizational unit (for example, a division or department)
On the Geographical Information page, specify the location information
On the Subject Name/Subject Alternate Names page, the information to be automatically populated by the wizard is displayed. If additional subject alternative names are needed, you specify them in the next two steps
On the SIP Domain Setting on Subject Alternate Names (SANs) page, select the domain check box to add a sip. <sipdomain> entry to the subject alternative names list.
On the Configure Additional Subject Alternate Names page, specify any additional subject alternative names that are required.
Tip
If the XMPP proxy is installed, by default the domain name (such as contoso.com) is populated in the SAN entries. If you require more entries, add them in this step.
On the Request Summary page, review the certificate information to be used to generate the request.
After the commands finish running, you can View Log, or click Next to continue.
On the Certificate Request File page, you can view the generated certificate signing request (CSR) file by clicking View or exit the Certificate Wizard by clicking Finish.
Copy the request file and submit to your public certification authority.
After receiving, importing and assigning the public certificate, you must stop and restart the Edge Server services. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2013, and then click Lync Server Management Shell.. In the Lync Server Management Shell, type:
Stop-CsWindowsService
Start-CsWindowsService
To configure DNS for XMPP federation, you add the following SRV record to external DNS:_xmpp-server._tcp.<domain name> The SRV record will resolve to the access edge FQDN of the Edge server, with a port value of 5269
Configure a new External Access Policy to enable all users by opening the Lync Server Management Shell on a Front End Server and typing:
New-CsExternalAccessPolicy -Identity FedPic -EnableFederationAccess $true -EnablePublicCloudAccess $true Get-CsUser | Grant-CsExternalAccessPolicy -PolicyName FedPic