Cisco Unified Presence, Release 7.x -- Configuring a Presence Gateway on the Cisco Unified Presence Server

From DocWiki

Revision as of 12:13, 21 December 2009 by Sicoughl (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Main page: Cisco Unified Presence, Release 7.x

Contents

Previous Topic

OR

Procedure
  1. Select Presence > Gateways in Cisco Unified Presence Administration.
  2. Click Add New.
  3. Select Outlook for the Presence Gateway Type, in the Presence Gateway Configuration window.
  4. Enter the name of the gateway in the Description field.
  5. Enter the server location for the presence gateway, and ensure that it matches the subject Common Name (CN) of the IIS certificate of the Exchange server.
  6. Enter the name of the Receive-As account in this format: <domain>\<username>, bearing in mind the following:.
  • If the Exchange server is configured to specify a default domain, it may not be necessary to include the domain as part of the user name.
  • Otherwise, specify the domain in front of the account name to avoid potential certificate errors (401 and 404 authentication responses).

7. Enter and confirm the account password.

8. Configure any remaining Presence Gateway settings, as described in the table below.

Field Description

Presence Gateway Type

From the list box, specify the gate type:

  • Outlook-Microsoft Exchange gateway for Outlook Calendaring

Note: Cisco Unified Presence Administration displays the appropriate fields for the gateway type that you select.

Description

Specifies the description of this presence gateway.


Maximum characters: 255

Presence Gateway

Specifies the fully qualified domain name or the IP address of the associated gateway.

Note: If you configure an Outlook gateway type, you must upload a valid certificate chain to Cisco Unified Presence. The value of the Presence Gateway field should match the Subject CN value of the leaf certificate of this certificate chain. It is expected that this Subject CN value will always be either the FQDN or IP address of the Exchange server.

  • If you have configured DNS on Cisco Unified Presence, the Subject CN value of the leaf certificate can be either the FQDN or IP address. The value of the Presence Gateway field must match the Subject CN value of the leaf certificate.
  • If you do not have DNS configured on Cisco Unified Presence, the Subject CN value of the leaf certificate must be an IP address. If the Subject CN value is not an IP address, you must regenerate this Exchange certificate to specify the IP address of the Exchange server as the Subject CN value. The value of the Presence Gateway field must match the Subject CN value of the leaf certificate.

Account Name (Outlook only)

Specifies the global account name that Cisco Unified Presence uses to connect to the Microsoft Exchange server.

Note: Enter the account name for the Receive-As account that you created on the Exchange server. The user name can include the domain name, which may resolve 401 or 404 error responses.

Account Password (Outlook only)

Specifies the account password for the Microsoft Exchange server.

Confirm Password (Outlook only)

Confirms the account password for the Microsoft Exchange server and must match the Account Password entry.

Presence Gateway Port (Outlook only)

Specifies the port to which you connect on the Microsoft Exchange server.


Default value: 443

Note: Cisco Unified Presence integration with Microsoft Exchange must occur over a secure HTTP connection. We recommend you to use port 443 and not to change to other ports.

9. Review the server status and validate that the server information is correct and the server is up and running.

Table: Table 4 Exchange Server Status - Reachability
Status Description Action

Exchange Reachability (pingable)

If successful, the Exchange server can be reached (via a ping)

Exchange Reachability (unreachable)

Reachability check failed for the Exchange Server.


The Presence Gateway field is used to ping the Exchange server. The server may not be reachable due to an incorrectly entered field value or a possible issue with the customer's network, for example, cabling.

Note: When you configure the Exchange Presence Gateway initially, the UI does not require the Presence Gateway field value to be the Subject CN value. You can enter an IP address or a resolvable hostname. However, later in the configuration process, this value will resolve to the Subject CN value.

  • Ensure that the Presence Gateway field contains the correct value (FQDN or IP address) to reach the Exchange server over the network.
  • Click Save to commit your changes.

10. Review the Exchange server status, and verify that your SSL connection and Exchange certificate chain is correct and complete as follows:

Table: Table 5 Exchange Server Status - SSL Connection / Certificate Verification
Status Description Action

Exchange SSL Connection/Certificate Verification - Verified

If successful, the SSL connection to Exchange Server is verified.

Click View for the certificate details.

Exchange SSL Connection/Certificate Verification Failed - Certificate Missing From Chain

One or more certificates that are required by Cisco Unified Presence to establish a secure connection to the Exchange server are missing.


The Certificate Viewer can provide details of the missing certificates.


You may need to manually download the missing certificates from the Exchange server, and upload these certificates via the Cisco Unified OS Administration UI.

1. Complete these steps in the Certificate Viewer to display any missing certificates:

  • Click Configure to open the Certificate Viewer.
  • Check Accept Certificate Chain.
  • Click Save.
    • The certificate chain details are displayed. Note any certificates with a status of Missing. To complete the certificate chain, you must manually download these missing certificates from the Exchange server, and upload the certificates via the Cisco Unified OS Administration UI.
  • Close the Certificate Viewer.

2. If you need to upload certificates to complete the certificate chain, perform the procedure in this document that describes how to upload the root certificate in Cisco Unified OS Administration UI.

3. Return to the Presence Gateways window in Cisco Unified Presence Administration, re-open the Certificate Viewer, and verify in the Certificate Viewer that all certificates in the certificate chain now have a status of Verified.

Exchange SSL Connection/Certificate Verification Failed- Subject CN Mismatch

The Presence Gateway field value must match the Subject CN value of the leaf certificate in the Certificate Chain.


You can resolve this issue manually using the Certificate Viewer, or by entering the correct value in the Presence Gateway field.

1. Complete these steps if you want to use the Certificate Viewer to resolve the Subject CN mismatch:

  • Click Configure to open the Certificate Viewer.
  • Check Accept Certificate Chain.
  • Click Save.
    • When you save the Certificate Chain, you are alerted that the value of the Presence Gateway field is updated and the Presence Gateway page is then refreshed. After the Presence Gateway page has refreshed completely, close the Certificate Viewer.
  • Verify that the value of the Presence Gateway field has been updated.
  • Verify that the value of the Exchange SSL Connection / Certificate Status parameter is Verified.

2. Alternatively, verify that your Presence Gateway field entry is correct as follows:

  • Reenter the correct Subject CN value in the Presence Gateway field.
  • Click Save.

Note: The Presence Gateway field is used to ping the Exchange server. The host (FQDN or IP address) that you enter must exactly match the IIS certificate Subject Common Name.

Exchange SSL Connection/Certificate Bad Certificates

Information in the certificate is incorrect, which renders it invalid.


Typically, this occurs if the certificate matches the required Subject but not the public key. This could happen if the peer regenerates the certificate but the Cisco Unified Presence server still maintains the old certificate.

  • Check the logs to determine the cause of the error.
  • If the error is due to a bad signature, you need to remove the outdated certificate from Cisco Unified Presence via the Cisco Unified OS Administration UI, and then upload a new certificate via the Cisco Unified OS Administration UI.
  • If the error is due to an unsupported algorithm, you need to upload a new certificate that contains the supported algorithm via the Cisco Unified OS Administration UI.

Exchange SSL Connection/Certificate Network Error

Due to network issues, for example, a no-response timeout, verification could not be performed. This problem can occur if the hostname or port is incorrect or if invalid certificates are installed.

  • Verify the network connectivity to the Exchange server, and ensure that the Exchange server is accepting connections on the correct IP address and port number.
  • Install the appropriate certificates.
  • Review the debug log files for more information.

Exchange SSL Connection/Certificate Verification Failed

Verification failed for a non-specific reason or because the check for reachability could not be performed.

  • Review the debug log files for more information.

11. Complete one of the following actions to save the data:

  • Click the Save icon that displays in the tool bar in the upper, left corner of the window.
  • Click Save at the bottom of the window.
Troubleshooting Tips
  • If you correctly configure the Receive-As account credentials and certificate exchange, desk phones enabled with Cisco IP Phone Messenger will display the scheduled meetings of users. To verify that the Outlook Presence Gateway is configured correctly, perform these steps on an appropriately configured phone:
    • Select Services.
    • Press PhoneMessenger.
    • Sign into the IP Phone Messenger Service.
    • Select 1 Today's meetings.
    • Verify that the user’s meetings for the day are listed.
  • If you are localizing your Calendaring integration, you need to ensure that the Exchange server URL contains the localized word for "Calendar". Perform these steps:
    • Install the same language locales (load the locale installer pkg) on both Cisco Unified Presence and the Exchange server.
    • Restart the Cisco Unified Presence server, and sign into Cisco Unified Presence Administration.
    • Find and delete the existing Exchange Presence Gateway that supports a different locale for calendaring (select Presence >Gateways).
    • Add a new Exchange Presence (Outlook) gateway. Click Add New.
You can verify in the database (pebackendgateway table) that the 'localecalendarname' attribute is in whichever language locale you have installed.
  • If you have connection problems with the Exchange server, refer to the System Troubleshooter in Cisco Unified Presence Administration and implement the advised solution. Select Diagnostics > System Troubleshooter.
Related Topics


What To Do Next

Rating: 0.0/5 (0 votes cast)

Personal tools