cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2915
Views
10
Helpful
14
Replies

IM & Presence server 9.1 with Jabber 9.7.2 and Google Talk federation

Hi Guys,

 

I have a headache from the GTalk federation, can't seem to get it working.

I have done all the SRV records the s2s CA certificate you name it. But I cannot get any traffic to and from GTalk and Jabber.

I have 2 CUPS servers one that handles only IM & Presence and a second one that only does the GTalk Federation.

Where and how can I start troubleshooting to see what am I missing?

 

Thanks in advance.

Best Regards
1 Accepted Solution

Accepted Solutions

I believe if you want to federate with Gtalk, you need to create a DNS SRV records as below. Can someone confirm:

 

_xmpp-server._tcp.expresse.yourdomain.com IN SRV 5 0 5269 xmpp-server.l.google.com.
_xmpp-server._tcp.expresse.yourdomain.com. IN SRV 20 0 5269 alt1.xmpp-server.l.google.com.
_xmpp-server._tcp.expresse.yourdomain.com. IN SRV 20 0 5269 alt2.xmpp-server.l.google.com.
_xmpp-server._tcp.expresse.yourdomain.com. IN SRV 20 0 5269 alt3.xmpp-server.l.google.com.
_xmpp-server._tcp.expresse.yourdomain.com. IN SRV 20 0 5269 alt4.xmpp-server.l.google.com

View solution in original post

14 Replies 14

Amit Kumar
Cisco Employee
Cisco Employee

have you referred to the following link; http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-presence/116339-configure-product-00.html

 

 

Opened a TAC case as I am going no where slowly.

Best Regards

Google went "walled garden" a while back with Google Hangouts. Hangouts doesn't support S2S XMPP federation. Essentially there is no longer federation available to Google. This is a Google problem, not a Cisco problem.

http://tech-beta.slashdot.org/story/14/05/20/0337214/xmpp-operators-begin-requiring-encryption-google-still-not-allowing-tls

Go to https://xmpp.net/ to test your server

 

"A result worth noting is Google's: they still do not support TLS for server-to-server connections, and their sudden dropping of TLS s2s connections a few years ago is likely the primary reason operators switched off mandatory TLS for s2s (I know that's why I did it). Although Google Hangouts offers no federation, GTalk still does, but it appears that the XMPP network-at-large will now cease to federate with Google voluntarily. "

All,

There seems to be very little recent information around federation from Jabber to Gtalk.  I realize that google hangouts has removed external XMPP federation, but the word on the street is that this federation should still work to google talk.

I am unable to get this working through MRA (mobile & remote access/collaboration edge).

My setup is as follows:

VCSe > VCSc > IM&P

CSR: 10.5

IM&P: 10.5

VCSc/e: 8.2.1

I am able to externally federate to other Cisco Jabber domains (both hosted and on prem), but cannot seem to get gchat federation working.

When looking at the diagnostic logs on VCS for XMPP, I see communication between the gmail.com domain and my domain, however, it looks as though the gmail.com domain just closes the connection repeatadly.  No errors, just:

"DEBUG" CodeLocation="debug" Detail="Checking for old pending connections."
2014-08-18T11:53:38-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:38,255" ThreadID="140111704393472" Module="cm-2.vcse-mydomain-com" Level="DEBUG" CodeLocation="stats" Detail="Checking outgoing failed cache for expired entries"
2014-08-18T11:53:39-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:39,948" ThreadID="140111729571584" Module="cm-2.vcse-mydomain-com" Level="VBOSE" CodeLocation="stanza.router.in" Detail="cm-2_s2scp-1.vcse-mydomain-com onPacket:: <presence from='mike.griffin@mydomain.com' to='gmailuser@gmail.com' type='subscribe' xml:lang='en'/>"
2014-08-18T11:53:39-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:39,949" ThreadID="140111729571584" Module="cm-2.vcse-mydomain-com" Level="INFO " CodeLocation="ConnInfoHistory" Detail="Connection state change: CLOSED_NORMAL->PENDING: (5d7b8662-8723-4d84-bc78-46ef4828b115, mydomain.com:gmail.com, OUT) state=PENDING created=2014-08-18T16:48:39Z connected=2014-08-18T16:48:41Z idle_since=2014-08-18T16:48:41Z end=2014-08-18T16:48:41Z is_tls=0 is_sasl=0 tls_failed=0 bytes(in=0, out=87) stanzas(in=0, out=1) bounced_pkts(in=0, out=0) bounced_wblist_pkts(in=0, out=0) piggy_base_conn=(NULL) num_piggies=0"
2014-08-18T11:53:39-05:00 VCSE XCP_CM2[11820]: Level="1" Subject="cm-2.vcse-mydomain-com" Event="Connection state change: CLOSED_NORMAL->PENDING Local=[mydomain.com]  Remote=[gmail.com] Direction=[Out] TLS Enabled:[No]" Module="XMPPFederation"
2014-08-18T11:53:39-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:39,964" ThreadID="140111729571584" Module="cm-2.vcse-mydomain-com" Level="INFO " CodeLocation="Resolver.cpp:128" Detail="Starting resolver lookup for 'gmail.com:puny=gmail.com:service=_xmpp-server._tcp:defport=0'"
2014-08-18T11:53:39-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:39,964" ThreadID="140111803389696" Module="cm-2.vcse-mydomain-com" Level="DEBUG" CodeLocation="Resolver.cpp:261" Detail="_lookup: look for static route for info->host=gmail.com:info->service=_xmpp-server._tcp:info->socktype=1'"
2014-08-18T11:53:39-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:39,964" ThreadID="140111803389696" Module="cm-2.vcse-mydomain-com" Level="INFO " CodeLocation="Resolver.cpp:430" Detail="_lookupSRV: static routes not found, proceed to SRV lookup'"
2014-08-18T11:53:39-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:39,965" ThreadID="140111803389696" Module="cm-2.vcse-mydomain-com" Level="INFO " CodeLocation="Resolver.cpp:453" Detail="res_querydomain for 'gmail.com:puny=gmail.com:service=_xmpp-server._tcp:defport=0' took 0.000260s"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,21" ThreadID="140111803389696" Module="cm-2.vcse-mydomain-com" Level="INFO " CodeLocation="Resolver.cpp:633" Detail="getaddrinfo for 'xmpp-server.l.google.com:puny=<null>:service=5269:defport=0' took 1.055858s"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,58" ThreadID="140111803389696" Module="cm-2.vcse-mydomain-com" Level="INFO " CodeLocation="Resolver.cpp:633" Detail="getaddrinfo for 'alt1.xmpp-server.l.google.com:puny=<null>:service=5269:defport=0' took 0.037193s"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,58" ThreadID="140111803389696" Module="cm-2.vcse-mydomain-com" Level="INFO " CodeLocation="Resolver.cpp:143" Detail="Finished resolver lookup for 'gmail.com:puny=gmail.com:service=_xmpp-server._tcp:defport=0'. Took 1.093556s"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,58" ThreadID="140111742408448" Module="cm-2.vcse-mydomain-com" Level="INFO " CodeLocation="stream.out" Detail="(00000000-0000-0000-0000-000000000000, mydomain.com:gmail.com, OUT) resolved outbound address for host=gmail.com method=SRV _xmpp-server._tcp addrs=64.233.160.125:5269 64.233.185.125:5269 dns-timings=(TOTAL:1.093556 SRV:0.000260 A(gmail.com):1.055858 A(gmail.com):0.037193)"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,58" ThreadID="140111742408448" Module="cm-2.vcse-mydomain-com" Level="INFO " CodeLocation="stream.out" Detail="(00000000-0000-0000-0000-000000000000, mydomain.com:gmail.com, OUT) host:gmail.com using addrs:64.233.185.125:5269"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,65" ThreadID="140111742408448" Module="cm-2.vcse-mydomain-com" Level="DEBUG" CodeLocation="stream.out" Detail="xcoder=C7CE8E8B5 new outgoing"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,65" ThreadID="140111742408448" Module="cm-2.vcse-mydomain-com" Level="VBOSE" CodeLocation="SocketWatcher.cpp:553" Detail="Creating Connect Socket: 0x00000000021cd9a0 IP:  Port: 0"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,65" ThreadID="140111742408448" Module="cm-2.vcse-mydomain-com" Level="INFO " CodeLocation="stream.out" Detail="(00000000-0000-0000-0000-000000000000, mydomain.com:gmail.com, OUT) adding out connection xcoder:C7CE8E8B5"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,109" ThreadID="140111847634688" Module="cm-2.vcse-mydomain-com" Level="INFO " CodeLocation="stream.out" Detail="(00000000-0000-0000-0000-000000000000, mydomain.com:gmail.com, OUT) xcoder=C7CE8E8B5 onSocketConnect"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,109" ThreadID="140111847634688" Module="cm-2.vcse-mydomain-com" Level="DEBUG" CodeLocation="XMPPStream.cpp:1432" Detail="onConnected - starting timeout for stream:stream element"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,154" ThreadID="140111847634688" Module="cm-2.vcse-mydomain-com" Level="INFO " CodeLocation="stream.out" Detail="xcoder=C7CE8E8B5 onStreamOpen: <stream:stream id='3C3F2A20C3982138' xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams'/>"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,154" ThreadID="140111847634688" Module="cm-2.vcse-mydomain-com" Level="DEBUG" CodeLocation="stream" Detail="xcoder=C7CE8E8B5 Sending initial db:result"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,154" ThreadID="140111847634688" Module="cm-2.vcse-mydomain-com" Level="INFO " CodeLocation="stanza.component.out" Detail="xcoder=C7CE8E8B5 sending:: <db:result from='mydomain.com' to='gmail.com'>2574676867646d8474862be0a516217cf2e29e8e</db:result>"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,154" ThreadID="140111847634688" Module="cm-2.vcse-mydomain-com" Level="DEBUG" CodeLocation="stream.out" Detail="(00000000-0000-0000-0000-000000000000, mydomain.com:gmail.com, OUT) xcoder=C7CE8E8B5 Scheduling dialback timeout in 30 secs."
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,285" ThreadID="140111830849280" Module="cm-2.vcse-mydomain-com" Level="DEBUG" CodeLocation="debug" Detail="creating a new XMPPSinTranscoder id=2432F27CA0"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,285" ThreadID="140111839241984" Module="cm-2.vcse-mydomain-com" Level="INFO " CodeLocation="stream.in" Detail="xcoder=2432F27CA0 stream connected raddr=173.194.90.17:37350 ssl-on=0"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,285" ThreadID="140111839241984" Module="cm-2.vcse-mydomain-com" Level="DEBUG" CodeLocation="XMPPStream.cpp:1432" Detail="onConnected - starting timeout for stream:stream element"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,292" ThreadID="140111839241984" Module="cm-2.vcse-mydomain-com" Level="INFO " CodeLocation="debug" Detail="xcoder=2432F27CA0 onStreamOpen:: <stream:stream id='56C8538DFFA8DB3F' xmlns='jabber:server' xmlns:db='jabber:server:dialback' xmlns:stream='http://etherx.jabber.org/streams'/>"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,354" ThreadID="140111839241984" Module="cm-2.vcse-mydomain-com" Level="VBOSE" CodeLocation="stanza.component.in" Detail="xcoder=2432F27CA0 received:: <db:result from='gmail.com' to='mydomain.com'>CAESBxDzoKnQ/igaEDVOM/jT9pq38KBjfWM1jKs=</db:result>"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,354" ThreadID="140111839241984" Module="cm-2.vcse-mydomain-com" Level="DEBUG" CodeLocation="XMPPStream.cpp:279" Detail="got a request to close"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,354" ThreadID="140111839241984" Module="cm-2.vcse-mydomain-com" Level="DEBUG" CodeLocation="XMPPStream.cpp:299" Detail="Enqueuing close request to socket thread"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,354" ThreadID="140111839241984" Module="cm-2.vcse-mydomain-com" Level="DEBUG" CodeLocation="XMPPStream.cpp:319" Detail="Got a _close request. 2"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,354" ThreadID="140111839241984" Module="cm-2.vcse-mydomain-com" Level="DEBUG" CodeLocation="XMPPStream.cpp:333" Detail="Writing our </stream:stream> and waiting. 2"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,354" ThreadID="140111839241984" Module="cm-2.vcse-mydomain-com" Level="DEBUG" CodeLocation="XMPPStream.cpp:372" Detail="_doneClose"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,354" ThreadID="140111839241984" Module="cm-2.vcse-mydomain-com" Level="VBOSE" CodeLocation="BasicSocket.cpp:483" Detail="Closing Socket: 0x00000000021cc390, IP: 173.194.90.17 Port: 37350"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,354" ThreadID="140111839241984" Module="cm-2.vcse-mydomain-com" Level="DEBUG" CodeLocation="XMPPStream.cpp:1452" Detail="onClose. XML Stream is gone. 0"
2014-08-18T11:53:40-05:00 VCSE XCP_CM2[11820]: UTCTime="2014-08-18 16:53:40,354" ThreadID="140111839241984" Module="cm-2.vcse-mydomain-com" Level="DEBUG" CodeLocation="XMPPStream.cpp:1495" Detail="Firing onClose event"

Can anyone verify that this SHOULD indeed be working?  If so, I'm not sure what else to do to get this working.  If external federation to other hosted and on-prem Jabber implementations are working, shouldn't google talk?

Thanks,

Mike

 

Hi Griffin,

 

I have a TAC case open on this and according to the TAC engineer it should work my problem accrding to them at the moment is the customers ASA firewall.

 

Also they say you need to check with Google if your domain is whitelisted for the xmpp to work.

Best Regards

Thanks for the update sir.  If you don't mind, could you reply here once you have more information?  

 

As far as whitelisting, from what I have read, sending an email to the Jabber's email domain is supposed to whitelist it, but that hasn't seemed to help me.

I believe if you want to federate with Gtalk, you need to create a DNS SRV records as below. Can someone confirm:

 

_xmpp-server._tcp.expresse.yourdomain.com IN SRV 5 0 5269 xmpp-server.l.google.com.
_xmpp-server._tcp.expresse.yourdomain.com. IN SRV 20 0 5269 alt1.xmpp-server.l.google.com.
_xmpp-server._tcp.expresse.yourdomain.com. IN SRV 20 0 5269 alt2.xmpp-server.l.google.com.
_xmpp-server._tcp.expresse.yourdomain.com. IN SRV 20 0 5269 alt3.xmpp-server.l.google.com.
_xmpp-server._tcp.expresse.yourdomain.com. IN SRV 20 0 5269 alt4.xmpp-server.l.google.com

That is correct, sorry for only replying now but my GTalk federation is up and running for more than 3 months already, was just to get the SRV records correct on my external DNS as well as the internal DNS settings.

Best Regards

Thanks   for confirming,

 

What should be set up on internal DNS? I think only external DNS should suffice?

 

HM

Hey Griddin-mike did you solve this problem.

 

Having the same problem here and I cannot see anything about whitelist with google.

 

 

CCIE-Collaboration #24527

Edip Gumuskaya
Level 1
Level 1

I am having the same issue testing with gmail/google XMPP clients too. Same error messages that are logged. Connecting/ closed

I will probably find another external xmpp services to test with.

 

Let me know if you hear anymore.

 

This is my setup:

 

Problem Details:

CUCM Version: 9.1.2.10000-28
CUPS Version: 9.1.1.31900-1
Expressway Version: 8.2.1
Jabber Client Version: 9.7.4 Build 18974

Internal DNS: Setup
External DNS: Setup

Licenses:
Expressway-E
 Expressway Series Active Unlimited
 H323-SIP Interworking Gateway Active Unlimited
 1800 TURN Relays Active Unlimited
 Advanced Networking Active Unlimited
 Traversal Server Active Unlimited

Expressway-C
 Expressway Series Active Unlimited
 H323-SIP Interworking Gateway Active Unlimited

* All Servers have been certified with an internal CA.
* I have UC Traversal Zone between both Expressways
* On Expressway-C Is an Active UC Service with nothing shown as inactive
* We have a Checkpoint Firewall which is not showing any blocks and the ports have been provisioned to be allowed through
 

 

 

I don't see how this solves the problem ?

this is essensialy saying that all your XMPP for your domain should be sent to Google XMPP server ??

 

This should ofcource point to your Expressway E or XMPP server.

please elaborate how this should solve this issue.

Unless you where just missing all your SRV records from the get go.

CCIE-Collaboration #24527

egemenbakirci
Level 4
Level 4

Hello Everyone,

We are still facing this issue with Gtalk, where the connection is established/closed-normally in Expressway like griffin-mike mentioned. Does this SRV change really solve this problem? If so, how will Google and other federated domains will know about our location since we are addressing Gmail servers?

Thank you,

PS: We can federate with cisco.com without any problem through the same path.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: