There is plenty of documentation out there on how to install the XMPP gateway with OCS or Lync (references provided at the bottom of this post). This blog will not focus on the installation of the XMPP Gateway, but rather what to do if you receive TLS errors on the Lync Edge server when communicating to the XMPP gateway.
If TLS issues pop up on the Lync Edge server, odd behavior could be experienced with Gmail such as complete instant messaging failure, one-way instant messages, and/or unknown presence.
If you open the Event Viewer on the Lync Edge server, you may notice connection failures similar to the error below.
If TLS issues pop up on the Lync Edge server, odd behavior could be experienced with Gmail such as complete instant messaging failure, one-way instant messages, and/or unknown presence.
If you open the Event Viewer on the Lync Edge server, you may notice connection failures similar to the error below.
| A significant number of connection failures have occurred with remote server lyncxmpp.internaldomain.com IP 172.X.X.X. There have been 94 failures in the last 383 minutes. There have been a total of 1750 failures. The specific failure types and their counts are identified below. Instance count – Failure Type 14 0x8007274D(WSAECONNREFUSED) 1735 0x80072746(WSAECONNRESET) 1 0x8007274C(WSAETIMEDOUT) This can be due to credential issues, DNS, firewalls or proxies. The specific failure types above should identify the problem. |
If you start a logging trace on the Lync Edge server, you may notice a series of failures similar to the errors below.
| TL_ERROR(TF_CONNECTION) [1]1190.1478::01/13/2011-15:50:15.384.0006baa0 (SIPStack,SIPAdminLog::TraceConnectionRecord:SIPAdminLog.cpp(160))$$begin_record LogType: connection Severity: error Text: Receive operation on the connection failed Local-IP: 172.X.X.100:61378 Peer-IP: 172.X.X.110:5061 Peer-FQDN: lyncxmpp. internaldomain.com Peer-Name: lyncxmpp.internaldomain.com Connection-ID: 0x1AC102 Transport: M-TLS Result-Code: 0x80072746 WSAECONNRESET Data: fqdn=”lyncxmpp.internaldomain.com”;peer-type=”FederatedPartner”;winsock-code=”10054″ $$end_record |
| TL_ERROR(TF_DIAG) [1]1190.1478::01/13/2011-15:50:15.385.0006bad2 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(143))$$begin_record LogType: diagnostic Severity: error Text: Message was not sent because the connection was closed SIP-Start-Line: NOTIFY sip:LYNCXMPP.internaldomain.com:5061 SIP/2.0 SIP-Call-ID: 059f6d06c4e84676ac28bfce083f779b SIP-CSeq: 6 NOTIFY Peer: lyncxmpp.internaldomain.com:5061 $$end_record |
| TL_INFO(TF_DIAG) [1]1190.1478::01/13/2011-15:50:15.385.0006bd42 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(147))$$begin_record LogType: diagnostic Severity: information Text: Response successfully routed SIP-Start-Line: SIP/2.0 504 Server time-out SIP-Call-ID: 059f6d06c4e84676ac28bfce083f779b SIP-CSeq: 6 NOTIFY Peer: lyncpool01.internaldomain.com:60148 Data: destination=”lyncpool01.internaldomain.com” $$end_record |
| TL_INFO(TF_PROTOCOL) [1]1190.1478::01/13/2011-15:50:15.385.0006bd87 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record Trace-Correlation-Id: 69086622 Instance-Id: 00049CDB Direction: outgoing;source=”local”;destination=”internal edge” Peer: lyncpool01.internaldomain.com:60148 Message-Type: response Start-Line: SIP/2.0 504 Server time-out From: <sip:user1@internaldomain.com>;tag=714DBB6A To: <sip:jdoe@gmail.com>;tag=ef5ee6c3d6 CSeq: 6 NOTIFY Call-ID: 059f6d06c4e84676ac28bfce083f779b Via: SIP/2.0/TLS 10.50.1.18:60148;branch=z9hG4bKEC9CA19E.667CA4AB371EBB65;branched=FALSE;ms-received-port=60148;ms-received-cid=1A2A00 ms-diagnostics: 1047;reason=”Failed to complete TLS negotiation with a federated peer server”;WinsockFailureCode=”10054(WSAECONNRESET)”;WinsockFailureDescription=”The peer forced closure of the connection”;Peer=”lyncxmpp.internaldomain.com”;Port=”5061″;source=”sip.internaldomain.com” Server: RTC/4.0 Content-Length: 0 ms-edge-proxy-message-trust: ms-source-type=EdgeProxyGenerated;ms-ep-fqdn=lyncedge.internaldomain.com;ms-source-verified-user=verified Message-Body: – $$end_record |
| TL_WARN(TF_DIAG) [1]1190.1478::01/13/2011-15:50:15.385.0006bdd6 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(145))$$begin_record LogType: diagnostic Severity: warning Text: Routing error occurred; check Result-Code field for more information Result-Code: 0xc3e93c7f SIPPROXY_E_ROUTING_MSG_SEND_CLOSED SIP-Start-Line: NOTIFY sip:LYNCXMPP.internaldomain.com:5061 SIP/2.0 SIP-Call-ID: 059f6d06c4e84676ac28bfce083f779b SIP-CSeq: 6 NOTIFY Peer: lyncxmpp.internaldomain.com:5061 $$end_record |
If similar TLS errors appear on your Edge server, ask yourself “Is my XMPP gateway installed on a Windows 2008 or Windows 2008 R2 server.” If XMPP is installed on Windows 2008 R2, various compatibility patches will need to be applied. The XMPP application is an OCS 2007 R2 server role and all OCS 2007 R2 services need various Microsoft patches in order to function correctly on Windows 2008 R2.
The following is the list of updates that should resolve the TLS errors between the XMPP and Lync Edge server:
-
OCS 2007 R2 Updates for Windows 2008 R2
-
- Specifically patch http://support.microsoft.com/kb/975858/
-
-
OCS UCMA 2.0 Update
-
XMPP Server November 2010 Update
Once the TLS errors are resolved, if presence unknown still appears and/or inbound instant messages continue to fail, you may want to reference the following links:
- http://www.google.com/support/forum/p/Talk/thread?tid=07a1951f9d8ce8c2&hl=en
- http://blogs.technet.com/b/ucedsg/archive/2011/04/11/can-lync-im-federate-with-google-talk-or-jabber-instant-messaging.aspx
Finally, if you’re not familiar with the XMPP Gateway installation process, I’ve provided a few links below:
- http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=91
- http://technet.microsoft.com/en-us/library/ee806452.aspx
- http://technet.microsoft.com/en-us/library/ff394138.aspx
- http://ocsguy.com/2010/11/29/deploying-lync-for-xmpp/
Comments Welcomed!
Thanks for this blog, I’ll certainly be linking it from my site.
My fully patched 2008 R2 SP1 machine doesnt appear to need this update (says its already up to date)
•OCS 2007 R2 Updates for Windows 2008 R2
◦http://support.microsoft.com/kb/982021
■Specifically patch http://support.microsoft.com/kb/975858/
we have lync 2013 in our pool and have federation with cisco webex.sometimes presence is shown and sometimes it is unknown.PLZ provide the solution.