SOLUTION:Jabber Users Cannot See Presence and Send Message to Some Lync users in Partitioned Intradomain Federation

Applies to Lync 2010/2013 and IM and Presence Service on
Cisco Unified Communications Manager 9.x

Many thanks to my colleague Egemen Bakırcı for his valuable support to this post.

Problem:
You want to setup federation between Cisco CUPS (jabber) anf Lync Server with partitioned intradomain federation configuration. Which means Jabber users and Lync users will be in the same sip domain like @contoso.com. So sip addresses are like JaberUsr@contoso.com and Lyncuser@contoso.com. You configured federation based on (http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/intradomain_federation/9_1_1/CUP0_BK_PFB0D200_00_partitioned-intradomain-guide-911.pdf) but discovered that jabber users cannot see the Lync users’ presence.

Symptoms:
Some Jabber user cannot see the Lync User’s presence and cannot send message to Lync user.

Lync user can send message to Jabber user but sees jabber user’s presence as Presence Unknown. Jabber user only can reply the message sent by Lync user.

But If you move Jabber user to another CUPS node (such as to Publisher Node) everything works well. So only users in other Cups node have the problem.

Cause:
All IM and Presence Service  nodes in the cluster should be added to Lync as  Trusted Application Computer

Solution:
The document contains all versions and very difficult to follow.  Actually the solution is in the document:

“For each IM and Presence Service node, enter the following commands to add the FQDN of the node as a trusted application computer to the new application pool”

run the following command in Lync Management Shell to add Subscriber Cupssubs1 as a trusted Application computer to Lync application pool. that you have created before.

New-CsTrustedApplicationComputer -Identity Cupssubs1.internal.contoso.com -Pool JabberLync.internal.contoso.com

you may need to run Enable-CsTopology command too.

No need to restart services on Lync site. Problem resolves immediately, now jabbber users on Cupssubs1 can see the presence of Lync users and send message to them

Advertisements
Gallery | This entry was posted in Cisco Cups & Jabber, Lync 2010, Lync 2013 and tagged , , . Bookmark the permalink.

2 Responses to SOLUTION:Jabber Users Cannot See Presence and Send Message to Some Lync users in Partitioned Intradomain Federation

  1. Jeffrey says:

    Does the pool name have any relevance in regards to the certifiate or requure any DNS records since it is in FQDN format? I have been trying to get Lyn2013 Enterprise Edition and IMP intradomain partitioned federation going without success and I think it had to do with the pool configuration.

    • Refik Ünver says:

      Hello,
      The Lync 2013 pool name certificate should contain fqdn of the pool in subject field. And also should contain other necessary names in Subject Alternative Names (SAN) fields. (FQDN of all Lync Front End Servers in the pool should be in the SAN for instance.) Follow the Lync 2013 setup wizard which creates certificate request file that contains all necessary subject and SANs. SSL certificate for the pool is well documented in Lync Deployment doc. You can check the doc for list of subject name and SANs.

      Yes pool fqdn and Lync Server FQDN must be resolved Cisco Presence by DNS

      Very important point about Lync pool certificate:
      For Cisco Presence-Lync Intra Domain Federation, pool certificate must also has client authentication purpose. Buy default, during Lync 2013 setup only Server authentication certificate is installed. You must change the pool certificate on Lync Servers with a new certificate with contains both server authentication and client authentication purposes. This is documented in Cisco Intradomain federation doc. (so you need to take manual steps to get the certificate. Lync 2013 certificate wizard do not add client authentication purpose to the certificate request file) Without client Authentication purpose, it did not work. So I changed the pool cert then it worked.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s