Connecting to a Microsoft Office Communications Server community

Connect to a Microsoft Office Communications Server community so that your users can exchange instant messages with Microsoft Communicator users.

Before you begin

You must establish the local community and enable SSL (Secure Socket Layer) encryption before adding an Office Communications Server community.

Remember that the IBM® Sametime® Gateway servers must have access to a DNS server that can resolve public DNS records (A records, SRV records, and PTR records). For example the following commands should be able to resolve successfully:

nslookup sip.oscar.aol.com
nslookup 64.12.162.119
nslookup -type=all -class=all _xmpp-server._tcp.google.com
nslookup [OCS Edge Server]
Expected state:
  • Single server: the Sametime Gateway server is started.
  • Cluster: the deployment manager is started, and the node agent plus Sametime Gateway server are started on at least one node.

About this task

Review the following checklist to ensure that your OCS federation settings are correct:

DNS:
  • The SIP domain public SRV record is structured as follows: _sipfederationtls._tcp.domain.com
  • The SRV record points only to port 5061.
  • The SRV record points to the fully qualified domain name (FQDN) of the Access Edge Server.
  • The A record points to Access Edge Server’s external IP address.
  • The SIP domain matches the domain of the Access Edge Server (for example, if the SIP domain is example.com, the Access Edge Server’s domain must also be example.com.
  • Your DNS SRV record has had sufficient time to replicate on the Internet if it is new or recently changed (replication may take up to 24 hours).
Certificates:
  • The Access Edge Server’s FQDN listed in the SRV record exists in the Access Edge Server’s own SN or SAN.
  • If hosting multiple SIP domains, a separate SRV record and A record exist for each domain, with each FQDN appearing in the certificate’s SN or SAN.
  • Your certificate is issued by a trusted Windows Certificate Authority and has not expired.
Network:
  • The Access Edge Server’s internal FQDN can be accessed on port 5061 from an internal IP address.
  • The Access Edge Server’s external FQDN can be accessed on port 5061 from an internal IP address.
  • The SIP address of the a federated partner (such as sipfed.microsoft.com) can be accessed on port 5061 from the Access Edge Server.
Federation:
  • Federation is enabled at the forest level in the OCS administration tool (in the "Global Properties" section) and the Access Edge Server’s internal FQDN is entered correctly.
  • Federation is enabled per user in Access Edge Server (click Properties > Communications > Other Settings).
  • Microsoft.com appears in the allow tab for Enhanced Federation on the Access Edge Server (optional if using Open Federation) and, if your are using Direct Federation only, make sure to enter sipfed.microsoft.com in the Access Edge Server.
  • Compmgmt.msc has been enabled (right-click Office Communications Server 2007 and selecting Properties > Allow).

Procedure

  1. In the Integrated Solutions Console, click Sametime > Gateway Communities.
  2. In the table that lists communities, click New.
  3. In the Name field, type a logical name for the new community.
  4. In the Community Type field, select External.
  5. In the Domains field, type the domain names of the Office Communications Server community. For example: ocs.example.com.
  6. Select SIP for OCS as the translation protocol.
  7. In the Host Name field, type the host name or the IP address of the OCS Edge Server.
  8. In the Port field, type a port number. The default port is 5061.
  9. In the Transport protocol field, TLS (Transport Layer Security) is already selected.
  10. Click OK to save the new community.
  11. Create a new custom property:
    • Single server:

      Click Servers > WebSphere application servers > RTCGWServer. In the "Server Infrastructure" section, expand Administration and select Custom properties. Click New.

    • Clustered server:

      Click System administration > Cell. In the "Additional properties" section, select Custom properties. Click New.

  12. In the Name field, type com.ibm.sametime.gateway.fqdn.
  13. In the Value field, type the fully qualified domain name of the Sametime gateway (or the SIP Proxy server in a clustered environment). For example: stgw.example.com.
  14. Click OK to save the new custom property.
  15. Click New again.
  16. In the Name field, type com.ibm.sametime.gateway.port
  17. In the Value field, type the gateway’s port. For example: 5061.
  18. Click OK to save the new custom property.
  19. On the Communities panel, select the name of the community that you created, then click Assign local users and capabilities to assign users access to the external community.
  20. The following step is optional, but be sure to restart the Sametime Gateway Servers if you make any changes to the community.

    Click Custom Properties to include additional host names for OCS edge servers. Sametime Gateway uses these IP addresses to determine which SIP requests originate from Office Communications Server. When setting up the community for the first time, the Custom properties links are available only after the community is saved.

What to do next