Professional Documents
Culture Documents
2014 Edition
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 2 of 274
Table of Contents
Section 1: About The Lab .................................................................................................................. 3
What is Cisco Jabber ................................................................................................................................. 4
Related Links ............................................................................................................................................. 7
Lab Overview ....................................................................................................................................... 8
Jabber Specialist I 2013 Edition Video Walk Through ............................................................................. 13
Task 1: Accessing the Lab Equipment ......................................................................................... 14
Task 2: Connecting to Remote Workstations & Servers ....................................................... 16
Section 2: System Preparation ...................................................................................................... 20
Sys Prep: CUCM Server Name to FQDN .................................................................................. 21
Section 3: Jabber Specialist Features ......................................................................................... 22
JST Features Task 1: Service Discovery Configuration ..................................................... 23
JST Features Task 2: Jabber Client Win Standard Install ................................................ 27
JST Features Task 3: Bootstrap Jabber for Windows Install ........................................... 32
JST Features Task 4: Certificate Management ..................................................................... 43
JST Features Task 5: Collab Edge with Cisco ExpressWay .............................................. 68
Short Video on Cisco ExpressWay Virtual Machine Deployment ........................................................... 68
JST Features Task 6: Adding User Photos to Web Server .............................................. 139
JST Features Task 7: URI Dialing ............................................................................................ 148
JST Features Task 8: Persistent Chat .................................................................................... 164
Short video on PostresSQL database install ......................................................................................... 165
JST Features Task 9: Jabber Guest ......................................................................................... 202
Short Video on deploying the Expressway Virtual Machines ............................................................... 205
Short video on deploying Jabber Guest Server Virtual Machine .......................................................... 205
Section 4: Appendix ......................................................................................................................... 270
Appendix A: ExpressWay Options Keys for JSTII Lab ..................................................... 271
Appendix B: CUCM Server Name change to FQDN ........................................................... 272
End Of Lab ............................................................................................................................................ 274
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 3 of 274
Section 1: About The Lab
Welcome To The
Jabber Specialist II Lab
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 4 of 274
What is Cisco Jabber
Cisco Jabber is a unified communications application that enables you to be more
productive from anywhere on any device. Find the right people, see if and how they are
available, and collaborate using your preferred method.
Todays global, distributed work environment has resulted in significant challenges for
workers, making it harder to connect with the right people and significantly increasing the
quantity and modes of communications. Organizations of all sizes are striving to improve
communications in order to retain customers, compete for new business, control costs, and
grow their business globally.
Cisco Jabber for Windows streamlines communications and enhances productivity by
unifying presence, instant messaging, video, voice, voice messaging, desktop sharing, and
conferencing capabilities securely into one client on your desktop. Cisco Jabber for Windows
delivers highly secure, clear, and reliable communications. It offers flexible deployment
models, is built on open standards, and integrates with commonly used desktop
applications. You can communicate and collaborate effectively from anywhere you have an
Internet connection (Figure 1).
Figure 1. Cisco Jabber for Windows
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 5 of 274
Features and Benefits
Reduce communication delays with presence and contact information: The Cisco Jabber
application enables you to see the availability of co-workers and colleagues within and
outside your organization. You can immediately see who is offline, available, busy, on the
phone, in a meeting, presenting, or in a do-not-disturb state. You can create customized
availability states such as Gone to lunch. Back at 1 p.m. to provide added context. These
capabilities help reduce communication delays and result in faster decision making and
enhanced productivity.
Quickly communicate with borderless enterprise-class instant messaging: Instant
messaging is an important communication option that lets you efficiently interact in todays
multitasking business environment. The Cisco Jabber application delivers enterprise-class
instant messaging capabilities that are based on the Extensible Messaging and Presence
Protocol (XMPP). The solution provides personal and group chat so you can quickly connect
with your business colleagues. Chat history and server-based logging capabilities allow you
to view the content of prior chats and to store messages for convenience, compliance, and
regulatory purposes. Instant messaging is integrated with other communication capabilities
so you can simply move between chats, audio conversations, and web conferences. You can
even share presence and send instant messages to people outside your organization who
may not be using Cisco Jabber. The enterprise-class instant messaging capabilities of this
application provide more efficient, highly secure, flexible, and borderless collaboration.
Bring business-class IP telephony and video to the desktop: Cisco Jabber delivers
business-quality voice and video to your desktop. Powered by the market-leading Cisco
Unified Communications Manager call-control solution, Cisco Jabber is a soft phone with
wideband and high-fidelity audio, standards-based high-definition video (720p), and desk
phone control features. These features mean that high-quality and high-availability voice
and video telephony is available at all locations and to your desk phones, soft clients, and
mobile devices. Cisco Jabber for Windows makes voice communications simple, clear, and
reliable (Figure2).
Figure 2. High-Definition Video with Integrated Audio Controls
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 6 of 274
Accelerate team performance with multiparty conferencing and collaboration: The Cisco
Jabber application provides for smooth escalation to desktop sharing or Ciscos market-
leading collaboration solution, Cisco WebEx conferencing. You can instantly share
documents and expand chats and conversations to multiparty voice, video, and web
conferencing.
Collaborate from common business applications: You can access the capabilities of the
Cisco Jabber application from common desktop applications such as Microsoft Outlook,
including lighting up presence and click-to-communicate (instant message and audio and
video calling) capabilities. For Microsoft Outlook 2010, you can use the Microsoft contact
card click-to-communicate icons directly from within the application to save time and
streamline workflows because you can view user availability and initiate communications
such as personal and group voice, video, and chat sessions without having to switch
between applications.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 7 of 274
Related Links
Expressway
Expressway Basic Configuration (Expressway-C with Expressway-E) Deployment
Guide
Expressway Cluster Creation and Maintenance Deployment Guide
Certificate Creation and Use With Expressway Deployment Guide
Expressway Administrator Guide
Deployment Guide for IM and Presence Service on Cisco Unified Communications
Manager Communications Manager
Cisco Collaboration Edge Architecture
Cisco Expressway Series
Cisco Expressway Series Data Sheet
Jabber Clients
Cisco Jabber for Windows
Cisco Jabber for iPad
Cisco Jabber Android
Cisco Jabber MAC
Certificate Management
Security configuration on IM and Presence
Security Certificate management on CUCM
Security Certificate management on VCS/Expressway
Persistent Chat
External Database Setup for IM and Presence Service
PostgreSQL Database Software Download
Jabber Guest
Cisco Jabber Guest
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 8 of 274
Lab Overview
Audience and Prerequisites
This document is intended to assist solution architects, sales engineers, field engineers, and
consultants in learning many of the features of Cisco Unified Communications 10.x System,
and Cisco Jabber. This document assumes the reader has an architectural and
administrative understanding of the CUCM and has reviewed the latest CUCM SRND.
Basic knowledge of how to install and administer CUCM and IM&P is recommended however
not necessary.
This is a complex lab with many servers and devices interacting with each
other. It is strongly recommended that a dedicated and undisturbed six
hour window be committed to when completing this lab.
About The Lab
The Ultimate Cisco Jabber Specialist Lab 2014 Edition is completely self-paced and
virtualized. Although great lengths are taken to make all labs as true to real world as
possible, this lab is a virtual lab where pods are cloned, unconventional techniques are
utilized that would not typically be done in a production environment.
In the lab, we will be using Remote Desktop Protocol (RDP), Jabber softphones as well as
other software applications. The goal of the lab is for the attendee to become familiar with
the setup, implementation and usage of CUCM/IMP and Jabber.
This lab was upgraded from a previous UC 9.x Jabber lab and many of the old host names
have not been changed to save on development time. All CUCM/IM&P/CUC servers have
been upgraded to 10.x but many of the host names have remained the same, so the
student will see for example SiteA-CUCM911 host name but the server is really running
10.0.1 code.
Disclaimer
This lab is primarily intended to be a learning tool. In order to convey specific information,
the lab may not necessarily follow best practice recommendation at all times. This exercise
is intended to demonstrate one way to configure the network, servers and applications to
meet specified requirements for the lab environment. There are various ways that this can
be accomplished, depending on the situation and the customers goals/requirements. Please
ensure that you consult all current official Cisco documentation before proceeding with a
production/lab design or installation. By enrolling in this class or having access to this
document you acknowledge you are aware of this disclaimer and its implications.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 9 of 274
Lab Guide Key
The following is a description of the conventions, colors, and notation used through this
document:
Sections with this background color and this icon cover the technical description of the
step or task, with items and talking points of interest to technical audiences.
Sections with this background color and this icon provide a lab tip for the step or task.
Sections with this background color and this icon are for scenario description: Provides
background information for performing a step or task.
Sections with this background color and this icon represent a warning: read this section for
special instructions and considerations.
Pods
There are 50 pods in this lab environment; each pod contains the following server
configurations:
CUCM 10.0.1.10000-24 Server Providing local device registration and call
control
Cisco Unified CM IM & Presence Server 10.0.1.10000-24 Providing
Presence and Instant Messaging
Cisco Unity Connection 10.0.1.10000-26 Providing Unified Messaging &
Voice Mail
Two Windows 7 Workstations Student pod access and call clients
Expressway Version Collab-Edge 8.1.1
Expressway Version Jabber Guest 8.2.0
Jabber Guest Server Drop9 10.0.1.216
Sections with this background color and this icon touch on the business benefits of the
step or task with items and talking points highlighting a value proposition of a Solution.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 10 of 274
Lab Topology
In this lab topology each device is a virtual machine (VM). This lab is operating on Unified
Computer System (UCS) B-Series or C-Series systems. VMware ESXi 5.1 is the operating
system and hypervisor running on each lab host computer.
The lab UCS host computers are oversubscribed and are not following
Ciscos best practices for UC on UCS. Please follow the best practices
outlined on the uc-virtualized web site, this web site can be found here.
http://cisco.com/go/uc-virtualized
This topology shows one pod of equipment
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 11 of 274
Lab Addressing Tables Internal and External Addresses
Domain SiteB.com X pod number
Subnet Masks /24 50 total pods
Cisc0123 (C i s c zero 1 2 - 3) in most cases is the password used
in this lab for all workstations and systems
C1sc0123 (C 1 s c zero 1 2 3) is used for SiteB-CUCM02,
SiteB-IMP02 platform/OS web page and CLI
Host
Name
IP Address
External
IP Address Internal
(Use from Student
WS)
Domain\User Password
SiteB
SiteB-CUCM911 172.19.X.110 10.1.2.110 Administrator Cisc0123
SiteB-CUCM02 10.1.2.111 Administrator Cisc0123
OS Admin & CLI Administrator C1sc0123
SiteB-IMP911 172.19.X.112 10.1.2.112 Administrator Cisc0123
SiteB-IMP02 10.1.2.113 Administrator Cisc0123
OS Admin & CLI Administrator C1sc0123
SiteB-CUC911 172.19.X.115 10.1.2.115 Administrator Cisc0123
SiteB-AD 172.19.X.120 10.1.2.120 Administrator Cisc0123
SiteB-WS01 172.19.X.201 10.1.2.201 SiteB\aace Cisc0123
StieB-WS02 172.19.X.202 10.1.2.202 SiteB\bbad Cisc0123
SiteB-ExpC01 172.19.X.142 10.1.2.142 admin Cisc0123
SiteB-ExpC02 172.19.X.143 10.1.2.143 admin Cisc0123
SiteB-JabGstC01 172.19.X.42 10.1.2.42 admin Cisc0123
SiteB-JabGstSrv01 172.19.X.43 10.1.2.43 admin Cisc0123
Mock Internet
Mock-Inet-DNS 172.19.X.220 10.1.3.20 Administrator Cisc0123
SiteB-ExpE01 172.19.X.242 10.1.3.142 admin Cisc0123
SiteB-ExpE02 172.19.X.243 10.1.3.143 admin Cisc0123
SiteB-JabGstE01 172.19.X.225 10.1.3.42 admin Cisc0123
SiteB-WS01 172.19.X.240 10.1.3.101 SiteB\aace Cisc0123
StieB-WS02 172.19.X.241 10.1.3.102 SiteB\bbad Cisc0123
If you use the VM Workstations to access the UC Servers web
admin you will need to use the INTERNAL addresses to gain
access to the servers.
If you use your local computers browsers to access the UC
servers web admin you will need to use the NAT addresses
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 12 of 274
System Version Table
Description Version
Cisco Unified Communication Manager 10.0.1.10000-24
Cisco Unified CM IM & Presence 10.0.1.10000-24
Cisco Unity Connection 10.0.1.10000-26
Student Remote Work Stations Windows 7
MS Active Directory Server Windows 2008 R2 64
Jabber for Windows Version 9.7.0.18474
ExpressWay Collab Edge 8.1.1
ExpressWay Jabber Guest 8.2.0
Jabber Guest Server Drop 9 10.0.1.216
Connectivity to the Lab Environment
Detailed instructions will be given at the beginning of Task 1, on how to access the lab.
Connectivity to the lab will be achieved through a VPN connection via Cisco AnyConnect and
thereafter Remote Desktop Procedure (RDP) to the workstations.
Lab Pre-configuration
There are many parts of the lab that are prebuilt and preconfigured before the start of class.
Namely:
CUCM/IM&P/CUC/Expressway/Windows Server & Workstation VM Installations
Basic Dial Plan
User, Passwords, & PINs in Active Directory
Voice Mail Configuration
CIPC devices added to CUCM database
2 Windows 7 workstations per site, two sites per pod with CIPC running at startup
and registered to CUCM
Microsoft Windows 2008 & 2012 R2 server with AD, DNS, DHCP, NTP, FTP installed in
the central HQ. All users and DNS entries configured in advance
Site B is completely pre-configured except for Cisco Expressway
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 13 of 274
This lab is a follow along to last years wildly successful Jabber Specialist 2013 Edition. In
the 2013 edition lab the student performed a full Cisco CUCM/Presence/CUC/Jabber
deployment based on UC version 9.1.1 and Jabber Windows 9.2. This video is a walkthrough
of the 2013 edition of the Jabber Specialist Lab.
Jabber Specialist I 2013 Edition Video Walk Through
Watch this video in HD here - http://youtu.be/S6eoeQsH9ds
The lab guide for this lab can be found at - https://db.tt/TMSpQ4g3
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 14 of 274
Task 1: Accessing the Lab Equipment
This section of the lab walks the student through the process of setting up a VPN connection
to the Solutions Readiness Engineers (SRE) lab
Activity Objective
In this activity, you will learn the methods to access the lab equipment remotely.
Required Resources
Student PC connected to the internet.
Cisco AnyConnect Pre-Installed Install and Connect with Cisco
AnyConnect SSL VPN Client
The ASA might require an upgrade of
the AnyConnect client on the student
computer if an older version is in use
Step 1 Launch the Cisco AnyConnect VPN client
Step 2 Enter uctraining.cisco.com/jabber
Step 3 Click Connect
Step 1 Open a web browser and connect to
http://tinyurl.com/CiscoAC31
Step 2 Download and install Cisco AnyConnect
Step 3 Continue to left side of
this table and use the
Cisco AnyConnect Pre-
Installed steps to VPN
into the SRE Lab after
you have installed AnyConnect on your
computer
This section is for students
that have Cisco AnyConnect
installed on their computer.
This section is for students that
DO NOT have Cisco AnyConnect
installed on their computer.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 15 of 274
Step 4 Enter the lab Username & Password
(username = stu5xy (xy=pod#), for
example stu501 for pod01, and stu522 for
pod22).
The password will be assigned by the
instructor at the start of the lab
Step 5 Click OK to login
Step 6 Click Accept on the connection banner
Step 7 Continue to Task 2
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 16 of 274
Task 2: Connecting to Remote Workstations & Servers
Each pod will connect to 4 RDP connections in this section of the lab
Step 8 Click Start All Programs Accessories Remote Desktop
Connection, from the students personal computer
Step 9 Click Options
Step 10 Select Local Resource Tab
Step 11 Click Settings, under remote audio
Step 12 Select Play on this computer & Do Not Record
Step 13 Click OK
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 17 of 274
Step 14 Select the General tab and fill in the next two steps in the chart
X = you pod number (for example pod 5 = 172.19.5.220)
1
nd
RDP Session 2
nd
RDP Session 3
rd
RDP
Session
4
th
RDP
Session
Step 15 172.19.x.220 172.19.x.120 172.19.x.201 172.19.x.202
Step 16 siteb\Administrator siteb\Administrator siteb\aace siteb\bbad
The 172.19 addresses in the chart below are for students to access their pods various Web
Admin pages from their own computers browser, while a VPN connection is established to
the lab.
Pod # SiteB-InetDns SiteB-AD SiteB-WS01 SiteB-WS02
Users siteb\Administrator siteb\Administrator siteb\aace siteb\bbad
Pod 01 172.19.1.220 172.19.1.120 172.19.1.201 172.19.1.202
Pod 02 172.19.2.220 172.19.2.120 172.19.2.201 172.19.2.202
Pod 03 172.19.3.220 172.19.3.120 172.19.3.201 172.19.3.202
Pod 04 172.19.4.220 172.19.4.120 172.19.4.201 172.19.4.202
Pod 05 172.19.5.220 172.19.5.120 172.19.5.201 172.19.5.202
Pod 06 172.19.6.220 172.19.6.120 172.19.6.201 172.19.6.202
Pod 07 172.19.7.220 172.19.7.120 172.19.7.201 172.19.7.202
Pod 08 172.19.8.220 172.19.8.120 172.19.8.201 172.19.8.202
Pod 09 172.19.9.220 172.19.9.120 172.19.9.201 172.19.9.202
Pod 10 172.19.10.220 172.19.10.120 172.19.10.201 172.19.10.202
Pod 11 172.19.11.220 172.19.11.120 172.19.11.201 172.19.11.202
Pod 12 172.19.12.220 172.19.12.120 172.19.12.201 172.19.12.202
Pod 13 172.19.13.220 172.19.13.120 172.19.13.201 172.19.13.202
Pod 14 172.19.14.220 172.19.14.120 172.19.14.201 172.19.14.202
Pod 15 172.19.15.220 172.19.15.120 172.19.15.201 172.19.15.202
Pod 16 172.19.16.220 172.19.19.120 172.19.19.201 172.19.19.202
Pod 17 172.19.17.220 172.19.17.120 172.19.17.201 172.19.17.202
Pod 18 172.19.18.220 172.19.18.120 172.19.18.201 172.19.18.202
Pod 19 172.19.19.220 172.19.19.120 172.19.19.201 172.19.19.202
Pod 20 172.19.20.220 172.19.20.120 172.19.20.201 172.19.20.202
Pod 21 172.19.21.220 172.19.21.120 172.19.21.201 172.19.21.202
Pod 22 172.19.22.220 172.19.22.120 172.19.22.201 172.19.22.202
Pod 23 172.19.23.220 172.19.23.120 172.19.23.201 172.19.23.202
Pod 24 172.19.24.220 172.19.24.120 172.19.24.201 172.19.24.202
Pod 25 172.19.25.220 172.19.25.120 172.19.25.201 172.19.25.202
Pod 26 172.19.26.220 172.19.26.120 172.19.26.201 172.19.26.202
Pod 27 172.19.27.220 172.19.27.120 172.19.27.201 172.19.27.202
Pod 28 172.19.28.220 172.19.28.120 172.19.28.201 172.19.28.202
Pod 29 172.19.29.220 172.19.29.120 172.19.29.201 172.19.29.202
Pod 30 172.19.30.220 172.19.30.120 172.19.30.201 172.19.30.202
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 18 of 274
Step 17 Enter IP Address for your pod in the computer field
Step 18 Enter Domain\User Name, in the User Name field (see chart above)
Step 19 Click Connect
Step 20 Enter Cisc0123 in the password field
Step 21 Click OK
Step 22 Click Yes for the remote verification warning
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 19 of 274
Step 23 Your Remote Desktop should look something
like this
Step 24 Repeat steps 8 - 23 three more times to
open the all four RDP sessions
If you accidentally close CIPC during this lab or it was closed
when you started the workstation you will get a No
compatible sound devices: error if you try to open it. The
workstation must be rebooted to start CIPC again. Do the
following to reboot the workstation
Double click on the WorkStation Reboot icon on the desktop of the
affected workstation.
Wait for 2 minutes and RDP back into the rebooted workstation.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 20 of 274
Section 2: System Preparation
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 21 of 274
Sys Prep: CUCM Server Name to FQDN
In this section the student will explore changes that are necessary on Cisco Unified
Communications Manager (CUCM). During the installation of Cisco Unified Communications
Manager the server name is configured with host-name. The hostname format needs to be
changed to the Fully Qualified Domain Name (FQDN) format.
The reason for changing the CUCM server names from hostname or IP address
to FQDN, is so they can be resolved by the different services on the UC network.
Also during the certificate validation process for Jabber Windows the FQDN is
usually called out in the CA signed certs.
The use of alternate names could be used in creating the certificates but is not
supported by Cisco.
Activity Objective
In this activity, you will learn the methods to:
Exploration only as this task has already been done for the student
Required Resources
None
Changing the CUCM Server Name
The lab network has already been changed for the student due to certificate issues that
would arise later in the lab. The steps to change the CUCM server name have been posted
to the appendix of this lab guide. Please CLICK HERE to review the steps.
Observe below in the first screen shot on the left that the server names are only host
names, and on the screen shot on the right they have been changed to the FQDN.
All UC Servers in this lab are upgraded from 9.1.1 to version 10.0.1. Due to time
constraints the server hostnames and DNS entries have been left as 9.11
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 22 of 274
Section 3: Jabber Specialist Features
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 23 of 274
JST Features Task 1: Service Discovery Configuration
Service discovery enables clients to automatically detect and locate services on your
enterprise network. Clients query domain name servers (DNS) to retrieve service (SRV)
records that provide the location of servers.
The primary benefits to using service discovery are:
Speeds time to deployment.
Allows you to centrally manage server locations.
Activity Objective
In this activity, you will learn the methods to:
Access Microsoft DNS Administrator
Configure DNS Service Records on a Microsoft Windows 2008 R2 server
Use NSLookUp to confirm the accuracy and operation of configured SRV records
Required Resources
To complete this section of the lab the student will need a computer that is connected to the
lab via VPN and an RDP connection to your pods SiteB-AD (172.19.X.120).
Configure DNS Service Records
Creating DNS SRV records for Presence server discovery allows the
Administrator to streamline the user experience when first logging into
Jabber. If the Jabber client is configured for On Premise operation
the client will automatically connect to the Presence server
infrastructure within an organization without prompting the user for
server information. This can even be configured to work in a multi-
cluster environment where servers will redirect Jabber clients to their
correct home cluster.
Cisco would recommend this method of configuration a best practice.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 24 of 274
Step 25 Switch to SiteB-AD (172.19.X.120) RDP session
opened earlier
Step 26 Click Start Administrative Tools DNS to open
the DNS Manager tool
Step 27 Click the + (plus sign) next to SITEB-AD
Forward Lookup Zone siteb.com
Step 28 Select siteb.com to highlight it
Step 29 Right click siteb.com
Step 30 Select Other New Records, from the pop-up menu
Step 31 Scroll down and select Service Location (SRV)
from the resource record types pop up window
Due to time constraints during the
development of this lab the upgraded CUCM
and IMP server did not get renamed with a
new host name, therefore both the CUCM
and IMP publishers have 911 in their name.
These server have been upgraded to 10.0.1
although their name remains the same.
Step 32 Click Create Record
Step 33 Fill in the following information:
a. Domain siteb.com (pre-filled-in)
b. Service _cisco-uds (underscore cisco)
c. Protocol _tcp (underscore tcp)
d. Priority 0 (default)
e. Weight 0 (default)
f. Port Number 8443
g. Host offering this service =
siteb-cucm911.siteb.com
Step 34 Click OK
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 25 of 274
Step 35 Click Create Record (again)
Step 36 Fill in the following information:
h. Domain siteb.com (pre-filled-in)
i. Service _cisco-uds (underscore cisco)
j. Protocol _tcp (underscore tcp)
k. Priority 0 (default)
l. Weight 0 (default)
m. Port Number 8443
n. Host offering this service =
siteb-cucm02.siteb.com
Step 37 Click OK
Step 38 Click Done
Step 39 Select _tcp, under siteb.com in the DNS Manager
Jabber will query DNS for SRV records based on user domain in parallel
The highest priority returned record will be used for service
Priority Service HTTPRequest/DNS SRV
1 WebEx Messenger HTTP CAS lookup
2 UC Manager 9.x/10.x _cisco-uds._tcp.example.com
3 Cisco Presence 8.x _cuplogin._tcp.example.com
4 Collaboration Edge _collab-edge._tls.example.com
Step 40 Observe that both _cisco-uds and _cuplogin are both present in the _tcp
section of siteb.com DNS records. The _cuplogin was left over from a
previous install of Jabber version 9.2, _cisco-uds takes priority
Step 41 Close DNS Manager
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 26 of 274
FYI The reason the sitea-cucm911.sitea.com FQDN has 911 in it is because this
lab was upgraded from a CUCM 9.11 to CUCM 10.0.1 but the host names have not
been changed. Sorry for the confusion, this will be changed in the future with time
permitting.
Verify _cisco-uds DNS Service Records
Step 42 Switch to SiteB-WS01 (172.19.X.201 Alex Ace RDP Session)
Step 43 Click the Command Prompt icon on the task bar
Step 44 Type nslookup
Step 45 Press Enter to enter into nslookup mode
Step 46 Type set type=srv (in all lower case)
Step 47 Type _cisco-uds._tcp.siteb.com
Step 48 Press Enter
Note the output displays the appropriate
information for the _cisco-uds SRV record
that was built in the previous section.
If an error such as the one pictured below is returned check the command entered in above
or confirm your _cisco-uds service record has been configured properly on SiteBs AD.
Do not continue until a positive result is obtained.
Step 49 Close the Command Prompt window
Step 50 Do not close the RDP sessions
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 27 of 274
JST Features Task 2: Jabber Client Win Standard Install
In this section the students will do two different types of installations of the Jabber client for
Windows. The first will be a standard install from the Jabber Windows MSI file. The second
install will use the Jabber Windows MST file. To complete the second install of Jabber a
Microsoft App called Orca will be used to edit the Jabber Windows MSI install file. The use of
the modified MSI file is called a BootStrap install.
Activity Objective
In this activity the student will install the Cisco Jabber Client for Windows.
One standard install
One bootstrap install
Required Resources
A personal computer VPNed into the lab environment and a RDP session into the labs
workstations.
Logging into Student Remote Workstations
If you have not logged into the student workstations please return to the logging into the
student remote workstations section to login to the student workstations
Installing Jabber on Remote SiteB-WS01
In this section Jabber will be installed on the SiteB-WS01 without any changes to the MSI
file. In the next section the MSI file will be edited.
Jabber for Windows ships as a MSI installer files. Cisco provides a single
MSI file for both on premise and cloud configurations. In its default mode
the MSI will prompt the user for configuration data. Later in the lab you
will see how this file can be customized to avoid asking an end user for this
information.
Step 51 Switch to Siteb-WS01 (172.19.x.201 Alex Ace) RDP Session (if not already
there)
Step 52 Launch the Firefox browser, on SiteB-WS01
Step 53 Browse to the following URL from SiteB-WS01 Firefox
app to download Jabber
http://tinyurl.com/CiscoJabberSetup
Or use the Firefox Favorites Bar on SiteB-WS01, in the
Jabber Install folder
Step 54 Click OK, on warning (if any)
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 28 of 274
Step 55 Click Download Jabber from the Dropbox web site
Step 56 Click Save File
Step 57 Click CiscoJabberSetup.msi in the
Downloads window or folder
Step 58 Click Run
Step 59 Click Accept and Install
Step 60 Click Yes, when asked to allow changes to be
made to this computer (wait For it)
Step 61 Keep Launch Cisco Jabber checked
Step 62 Click Finish
Step 63 Close all Firefox windows
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 29 of 274
Step 64 If the remote desktop screen is minimized (not full screen) Jabber will most
likely open to the far right on the screen. If this happens scroll to the right
to see Jabber on the screen
Step 65 Login to Cisco Jabber will occur in a later section
Checking Certificates
Later in this lab guide the student will work with certificate management. This section is to
start becoming familiar with certificate interaction.
Step 66 Open the Command
Prompt window form the
task bar on SiteB-WS01
Step 67 Enter certmgr
Step 68 Press Enter
Step 69 Select Enterprise Trust Certificates (there might not be a certificate
subfolder for enterprise trust if there are no certificates)
Step 70 Observe there are no trusted certificates in the right panel of Certificate
manager
Step 71 Do not close Certificate Manager
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 30 of 274
This is how it will look if no Enterprise Certs have been entered. This is the
default for the lab workstations.
Step 72 Log in to Jabber with on SiteB-WS01:
a. Username aace@siteb.com
b. Click Continue
If the Cisco Jabber client fails to discover the
network service, this is most likely an issue with the
SRV record created in the first section of this lab
guide. Use NSLOOKUP in the command prompt from
this workstation to troubleshoot this issue. CLICK
HERE to return to the DNS configuration section.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 31 of 274
c. Click Manual setup and sign-in
d. Observe Automatic, is the default install
account type
e. Click Cancel
f. Password Cisc0123
g. Select Sign me in when Cisco Jabber
Starts
h. Click Sign In
Step 73 Observe Certificate Manager with each
certificate you accept, Press F5, to refresh the certificate manager after each
accepted certificate or wait until all certificates and only press F5 once
The certificates presented here are the self-signed certificates that are installed
with CUCM/CUP/CUC
Step 74 Click Accept, to all warning messages to
accept the certificates that are not valid.
(There will be four or five certificate
warnings, sometimes it takes a few minutes
for timers to pop to get all 5)
Step 75 Notice, once logged in, that Alice Adams has a User Photo.
Photos were added to Active Directory during the building
of this lab
Step 76 Close Certificate Manager
Step 77 Close DOS Box
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 32 of 274
JST Features Task 3: Bootstrap Jabber for Windows Install
The CiscoJabberProperties.mst is used to modify the CiscoJabberSetup.msi to create
custom installers. When installing the custom Jabber Install MSI file, edited by Orca, it is
now referred to as a Bootstrap install.
The CiscoJabber-Admin-ffr.9-6 will be downloaded to the SiteB-AD server for use with
this lab. There are only a few entries that are different between the 9.6 and the 9.7 Admin
file, and the additional settings are not needed for this lab. (The 9.7 admin file was not
ready for the we released of this lab)
The Microsoft Orca program from the Microsoft Windows SDK has been installed on the
SiteB-AD server for use with this lab. The Jabber admin might need to edit the Cisco
JabberSetup.msi Installer package (.msi) files directly to customize the installer for their
particular deployment needs. The Orca database editor is a table-editing tool available in
the Windows Installer SDK and can be used to edit your .msi files. This lab discusses how to
use the Orca editor to modify the lab .msi files.
Warning Editing an MSI file can cause serious problems that may leave your
system in an unstable state. Cisco Systems cannot guarantee that problems
resulting from the incorrect use of the MSI file editor can be solved. Modifications
of the MSI file of a shipping product should only be attempted under direct
instruction from the product's vendor. Always make a copy of the file(s) being
modified.
An Administrator can create a customized Jabber installer for their
organization.
In this section a customized Jabber installer will be built using the
Microsoft Orca tool. The Orca tool allows an Administrator to apply an
MST transformation file to an MSI. Cisco provides an MST file in the
Jabber admin pack downloadable on cisco.com
In this section we are going to edit a Jabber MSI install file which is hardcoded to
install with additional parameters to make the end user first login experience
shorter and less frustrating.
This configuration also means the Jabber client will look for a CUCM server by
default using the _cisco-uds SRV Record created earlier in the lab.
Activity Objective
In this activity the student will edit and repackage the CiscoJabberSetup.msi with the
Microsoft Orca app as well as perform a bootstrap install, configure, and operate the Cisco
Jabber Client for Windows.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 33 of 274
Required Resources
A personal computer VPNed into the lab environment and two RDP sessions into the lab.
On to the SiteB workstations and the second to the SiteB-AD server.
Logging into the Student Remote Workstations
If you have not logged into the student workstations please return to the logging into the
student remote workstations section to login to the student workstations
Editing and Repackaging the CiscoJabberSetup.msi install file
In this section the student is going to download TWO files from Dropbox, one MSI and one
MST file. These two files will be downloaded to Siteb-AD, and used to create a Jabber Client
Bootstrap install.
Step 78 Return to or Open SiteB-AD server (172.19.X.120), RDP session
Step 79 Launch Firefox on SiteB-AD
Step 80 Browse to the following URL http://tinyurl.com/CiscoJabberSetup to
download the Jabber MSI Install file
Or use the Favorite in the Jabber Install folder
Step 81 Click Download
Step 82 Click Save File
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 34 of 274
Step 83 Browse to the following URL http://tinyurl.com/CiscoJabberMST to
download the CiscoJabber MST Properties file
Or use the quick link on the Bookmarks Toolbar under
Jabber Install
Step 84 Click Download
Step 85 Select to Save File and Click OK
Step 86 Close all Firefox browser windows
Step 87 Start Microsoft Orca by clicking the Killer Whale icon on the task bar on of
the SiteA-AD server (172.19.x.120)
Step 88 Click File Open
Step 89 Browse to C:\Users\Administrator\Downloads
Step 90 Select CiscoJabberSetup.msi
Step 91 Click Open
Step 92 Click View Summary Information
Step 93 Locate the Languages field
Step 94 Remove all language codes except for 1033
Step 95 Click OK
Step 96 Click Transform Apply Transform
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 35 of 274
Step 97 Browse to C:\Users\Administrator\Downloads (should already be here)
Step 98 Select Installer Transforms (*.MST) for the files of type
Step 99 Select CiscoJabberProperties.mst
Step 100 Click Open (Wait for it its a little slow to open)
Step 101 Scroll down in the list of Tables in the left pane
Step 102 Select the Property table
Step 103 In the Property window scroll down to the green outlined properties (right
pane)
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 36 of 274
Step 104 Enter siteb.com in the Value for the SERVICE DOMAIN property field
Step 105 Enter 1 (number one) in the CLEAR property field
Step 106 Now select and highlight USE FT GATEWAY, 3
rd
from the top of the green
bordered list
Step 107 Hold the SHIFT key
Step 108 Select EXCLUDE SERVICES, while holding shift key it should highlight all the
fields except the two that were edited
There are many different customizable fields in the MSI file. In this lab we
will change two: Service_Domain and Clear. By setting Clear to 1 you
enable Jabber directories to be deleted during upgrade or uninstall. To see
more about the different fields Click Here
SERVICES_DOMAIN Domain Sets the value of the domain where the
DNS SRV records for Service
Discovery reside.
This argument can be set to a domain
where no DNS SRV records reside if
you want the client to use installer
settings or manual configuration for this
information. If this argument is not
specified and Service Discovery fails,
the user will be prompted for services
domain information.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 37 of 274
Step 109 Click Table Drop Rows from the Orca menus. Only two green outlined
rows should remain as seen below
Caution! Do not to click Drop Table
Step 110 Click OK to confirm the dropped rows
Step 111 Click Tools Options
Step 112 Select the Database Tab
Step 113 Select Copy embedded streams
during Save As
Step 114 Click Apply
Step 115 Click OK
Step 116 Click File Save Transformed As
Step 117 Browse to C:\Users\Public\Jabber
Step 118 Type SiteBJabberInstall in the name
field
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 38 of 274
Step 119 Click Save
Step 120 Click OK to the Orca copy error message, if
one pops up
Step 121 Close Orca
Step 122 Click NO on the save changes to CiscoJabberSetup.msi pop-up warning
Bootstrap Jabber Install on Remote SiteB-WS02 Using the Custom MSI File
Default Configuration
In most environments, Cisco Jabber for Windows does not require any configuration to
connect to the CUCM server and perform directory queries.
In on-premises deployments, Cisco Jabber for Windows uses the _cisco-uds SRV record to
automatically discover Cisco Unified Communications Manager. If you add a DNS SRV record
for the _cisco-uds service name in the DNS server on the CUCM server domain, Cisco
Jabber for Windows can automatically connect to that CUCM server.
For directory integration in on-premises deployments, Cisco Jabber for Windows uses
Enhanced Directory Integration by default. If you install Cisco Jabber for Windows on a
workstation that is registered to an Active Directory domain, Cisco Jabber for Windows
automatically discovers the directory service and connects to a Global Catalog in the
domain.
In cloud-based deployments, Cisco WebEx Messenger provides Cisco Jabber for Windows
with presence capabilities and contact resolution. You perform all configurations for Cisco
Jabber for Windows using the Cisco WebEx Administration Tool. However, you can configure
Cisco Jabber for Windows in hybrid cloud-based deployments with additional options.
Custom Configuration
You should configure Cisco Jabber for Windows if:
You do not install Cisco Jabber for Windows on a workstation that is registered to an
Active Directory domain.
You plan to connect to Cisco Unified Communications Manager User Data Service or
another supported LDAP directory instead of EDI.
You need to specify custom settings so that Cisco Jabber for Windows can correctly
use your directory service. Custom directory settings include the following:
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 39 of 274
o Attribute mappings
o Connection settings
o Contact photo retrieval settings
o Directory search settings
o Intradomain federation settings
You plan to deploy with custom content such as the following:
o Scripts that allow users to submit problem reports
o Files that enable automatic updates
o Custom embedded tabs for displaying HTML content
o URLs that enable users to reset or retrieve forgotten passwords
You plan to deploy with custom policy configuration such as the following:
o Disabling screen captures
o Disabling file transfers
o Disabling video calls
You plan to specify a credentials configuration in your deployment.
In the previous section we used Microsoft ORCA to customize the MSI file, in this
section of the lab we are going to use the newly created MSI file to install our
second student workstation with Jabber. The end result is the end user will skip
the email section of sign-in and go right to logging in.
The same result could be achieved by using the command line install that follows,
from the directory that the MSI directory exists in.
Bootstrap Jabber Install for Jabber for Windows
Step 123 Switch to SiteB-WS02 (172.19.X.202 Black Bad) RDP session
Step 124 Click the button formally known as Start
Step 125 Type \\10.1.2.120\Users\Public\Jabber in the Run
field just above the Start button
Press Enter. An Explorer window should open to the
mapped drive
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 40 of 274
Step 127 Double Click SiteBJabberInstall to start the Jabber installation (wait for it)
Step 128 Click Run on the security warning (if any). Be
patient as this takes some time
Step 129 Click Accept and Install
Step 130 Click Yes, to allow the following program to make changes to this computer
(This window takes a min to pop up)
Step 131 Keep Launch Cisco Jabber Checked
Step 132 Click Finish
Step 133 Minimize the windows Explorer window
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 41 of 274
Step 134 If the remote desktop screen is minimized (not full screen) Jabber will most
likely open to the far right on the screen. If this happens scroll to the right
to see Jabber on the screen.
In the previous section the student did a standard install with no
customization to the CiscoJabberSetup.msi file. When Jabber started
for the first time the student was presented with a login screen that
asked for the users email address.
In this second Jabber install the student installed
the customized CiscoJabberSetup.msi file that
was edited with the MS Orca tool. The follow two
parameters were added to the MSI file.
When Jabber starts for the first
time with the customized install Jabber should skip the
email address screen and go directly to the user name
and password screen. Jabber uses the _cisco-uds
service record in DNS to locate the Cisco Unified Communications Manager to login using TCP
on port 8334.
Another way to see if the bootstrap values made it to the computer
running Jabber is to look at the Jabber bootstrap file on the
workstation.
The file exist on the workstation that Jabber Client is installed.
Located in the C:\ProgramData\Cisco Systems\Cisco Jabber - In the
case of our lab it is on SiteB-WS02. ProgramData is a hidden folder
so it will need to be un-hidden, or programdata can be typed in
manually at the top of the file explorer even when it is hidden.
Notice in the screen shot the entries that were added to the MSI
install file are in the jabber-bootstrap file
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 42 of 274
Step 135 DO NOT login to SiteB-WS02s Jabber client at this time
In a previous section of this lab the student installed Cisco Jabber default MSI
install file on SiteB-WS01. After the install the student logged in the Jabber client
as Alex Ace. During the login process the Jabber client presented five invalid
certificates.
The next task focuses on Certificate Management. At the end of the task
SiteB-WS02 Jabber client we be logged in as Blake Bad and the Jabber
client should NOT present any invalid certificates.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 43 of 274
JST Features Task 4: Certificate Management
In this section of the lab the self-signed certificates that are on the UC servers at the time
of install will be replaced by Certificate Authority (CA) signed certificates.
The certificates for SiteB-CUCM911, SiteB-CUC911 & SiteB-IMP911 have already been
uploaded with CA signed certificates. The student will replace the self-signed certificates on
SiteB-CUCM02 and SiteB-IMP02 with CA signed certificates.
Cisco Jabber uses certificate validation to establish secure connections with servers.
When attempting to establish secure connections, servers present Cisco Jabber with
certificates. Cisco Jabber validates those certificates against certificates in the
Microsoft Windows certificate store. If the client cannot validate a certificate, it
prompts the user to confirm if they want to accept the certificate.
Activity Objective
In this activity, you will learn the methods to:
Access Microsoft Certificate Manager
Create CA signed certificates using Microsoft Certificate Authority (CA)
Deploy CA signed certificates to CUCM/IM&P/CUC
Required Resources
To complete this section of the lab the student will need a computer that is connected to
the lab via VPN, and an RDP connection to your pods SiteB-AD (172.19.X.120).
Installing Certificate Authority Role on Windows 2008 R2 Server
Although installing MS Certificate Authority (CA) Role is not part of the Cisco Unified
Communication solution, it is necessary to have access to a 3
rd
party CA server to create
signed certificates. For simplicity, the MS CA Role was chosen for this lab since an MS
Windows 2008 R2 (Win2K8R2) server running as the Active Directory and Exchange server
already exists. This quick video will show the steps completed to prepare the Win2K8R2
server to be a CA.
Short Video on Installing Microsoft Certificate Authority Role on Win2K8R2
Watch this video in HD here - http://youtu.be/pr-mJrJSfV8
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 44 of 274
Download CA Root Certificate from CA Server
In this section the Certificate Authority (CA) Root Certificate will be downloaded from the CA
server, and uploaded to SiteB-CUCM02, and SiteB-IMP02 tomcat-trust.
As part of the building of this lab the developers already uploaded
the CA Root Certificate to the publishers, or SiteB-CUCM911, and
SiteB-IMP911 servers. This section does not need to be done in the
lab due to the fact that the CS Root Cert will be replicated from the
publisher to all servers in the cluster. You will notice when you look
at the subscribers in the lab the CA Root Cert will already be on the
servers. We are going to go ahead and add the CA Root Cert to the
subscribers so the student understands what process was taken on
the publishers to add the CA Root cert to the UC Servers.
Step 136 Switch to the SiteB-AD (172.19.X.120 x=pod#) RDP session
Step 137 Launch Firefox by clicking the icon on the task bar at the bottom of the
desktop
Step 138 Click Certificate Services on Firefoxs favorite bar
a: Log in to Certificate Services
with:Username Administrator
b: Password Cisc0123
Step 139 Click Download a CA certificate, certificate
chain, or CRL
Step 140 Select Base 64 under Encoding Method
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 45 of 274
Step 141 Click Save File (should be the default)
Step 142 Click Download CA Certificate
Step 143 Click OK to save the CA certificate
Step 144 Click the Firefox Download Arrow in the
upper left corner
Step 145 Click the File Folder next to certnew.cer
Step 146 Click Download CA certificate
Step 147 Right click certnew.cer in the Explorer window
Step 148 Click Rename from the pop-up menu
During the course of this lab the student will create many certificates, it is much
easier to track which certificates are which but renaming each one as you create
them.
Step 149 Rename the file to CARootCert.cer
Step 150 Close File Explorer window
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 46 of 274
Upload CA Root Certificate to CUCM
This section is going to be repeated two times, to gain an understanding of certificate
management. Notice that the first part of certificate management is not being repeated
because the same CA Root certificate download file can be reused on all devices that need a
copy of the CA Root certificate.
Step 151 Return to the Firefox browser on SiteB-AD (172.19.X.120 x=pod#) RDP
Session
Step 152 Click + to open another browser
tab
This section of the lab will be done two times so that the certificates for 2 UC
servers will get their CA signed certificates. The server OS passwords are different,
notice the i is really a 1 (one) on these servers. (this section will repeat at step 253)
SiteB-CUCM02 SiteB-IMP02
OS Pass = C1sc0123 OS Pass = C1sc0123
SiteB-CUCM02
First Pass
SiteB-IMP02
Second Pass
Step 153 Click SiteB-CUCM02 favorite
in the SiteB-UC Favorite folder
Click SiteB-IMP02 favorite in the SiteB-UC
Firefox Favorite folder
Step 154 Click Cisco Unified Communications Manager (2
nd
time click Cisco
Unified Communications Manager IM and Presence)
Step 155 Click I Understand the Risks on the untrusted connection warning (If
presented)
Step 156 Click Add Exception on the untrusted connection warning (If presented)
Step 157 Click Confirm Security Exception on the add security exception pop-up (If
presented)
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 47 of 274
Step 158 Select Cisco Unified OS Administration from the top left Navigation drop-
down menu (IM and Presence OS Administrator on the 2
nd
pass)
Step 159 Click Go
Step 160 Log in using the following credentials:
a. Username Administrator (Case Sensitive)
b. Password C1sc0123 (Case Sensitive)
c. Click Login
Step 161 Click Security Certificate Management
Step 162 Click Find
Step 163 Observe the self-signed certificates that exist on CUCM by default at install
The CA Root Certificate was uploaded to the Tomcat-trust of the publisher during
lab development, and has been replicated to the subscribers in the cluster.
Observe the tomcat-trust has a certificate from siteb-STITEB-AD-CA.pem, that is
the root certificate that was replicated from the publisher to this subscriber.
Previous to the upload of the CA Root Cert the tomcat-trust on the publisher and
this subscriber was the self-signed certificate generated by the CUCM server
installer during the server install.
In this section the student will upload the CA Root to the subscriber so the student
understands what was done to the publisher, although this step could be skipped
due to the replication of the CA Root Certificate form the publisher to the
Subscribers.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 48 of 274
Step 164 Click Upload Certificate/Certificate Chain
Step 165 Select tomcat-trust, (careful here)
Step 166 Enter SiteB-AD CA Root Certificate, in the description
Step 167 Click Browse
Step 168 Click Downloads, on the left side navigation pane
Step 169 Click and Select CARootCert.cer from the list of files and folders
Step 170 Click Open
Step 171 Click Upload File, on the upload pop-up
window
Step 172 Verify the file uploaded successfully
Step 173 Click Close, to close the file upload pop-up window
Step 174 Click Find, to refresh the certificate list
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 49 of 274
Step 175 Observe that the SiteB-AD CA Root Certificate is now listed (notice no real
change due to the CA Root Cert being replicated form the publisher, also in
some cases the description will not change that is a version issue and has not
effect on the operation)
Generate and Download Certificate Signing Request (CSR)
In this section the student will generate a Certificate Signing Request which in turn will be
used on the MS CA to generate a self-signed certificate for each service on each server.
The following Certificate Management sections will always be done to all of the
servers in the cluster. Each server will have its own CA signed certificate.
Step 176 Click Generate CSR form the OS Administrator web page
Step 177 Fill in the following information in the Generate Certificate Signing Request
pop-up windows:
a. Certificate Name tomcat
b. Key Length 2048
c. Hash Algorithm SHA1
d. Click Generate CSR (will warn you of overwrite and will proceed)
Step 178 Verify Success of CSR generation
Step 179 Click Close, on the Generate CSR pop-up window
Step 180 Click Download CSR
Step 181 Confirm tomcat, is selected
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 50 of 274
Step 182 Click Download CSR
Step 183 Select Save File
Step 184 Click OK to save the CSR
Step 185 Click Close on the Download Certificate Signing Request pop-up window
Step 186 Click the Download Arrow in the upper right corner of Firefox
Step 187 Click the File Folder
Step 188 Right click tomcat.csr in Explorer window
Step 189 Click Rename from the pop-up menu
It is good practice to rename each certificate file as you download them to your
local computer, so the certificates do not get mixed up.
Step 190 Rename the file to SiteB-CUCM02_tomcat.csr (2
nd
time use SiteB-
IMP02_tomcate.csr)
The following are the file names for each server you create a cert for (remember this
section is repeated for SiteB-IMP02)
SiteB-CUCM02 SiteB-IMP02
SiteB-CUCM02_tomcat.csr SiteB-IMP02_tomcat.csr
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 51 of 274
Step 191 Double click SiteB-CUCM02_tomcat.csr, in Windows File Explorer (2
nd
pass
SiteB-IMP02_tomcat.csr)
Step 192 Pick Select a program from a list of installed programs (by passed the
2
nd
time)
Step 193 Click OK (bypassed the 2
nd
time)
Step 194 Select Notepad
Step 195 Click OK
Step 196 Select Format Word Wrap, from the
Notepad menus
Step 197 Press CTRL-A, to highlight everything in the CSR file
Step 198 Press CTRL-C, to copy highlighted data into the computer buffer
Be careful to not change anything in this test file, this is also a difficult
troubleshoot.
Step 199 Close NotePad
Step 200 Close the Windows File Explorer window
Submit and Download SiteB-CUCM02 Tomcat Signed CA Certificate
Step 201 Return to Firefox on SiteA-AD RDP session
Step 202 Switch back to the MS AD Certificate Services Web Page tab
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 52 of 274
Step 203 Click Certificate Services favorite link to return to the CA Services home
page
Step 204 Click Request A Certificate
Step 205 Click Advanced Certificate Request
Step 206 Click in the Saved Request field to make it
active
Step 207 Press CTRL-V to past the data saved to the
computer buffer
Step 208 Select Web Server for the Certificate
Template
Step 209 Click Submit
Step 210 Select Base 64 encoded
Step 211 Click Download Certificate (careful here)
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 53 of 274
Step 212 Select Save File (default)
Step 213 Click OK to save the certificate
Step 214 Click the Download Arrow in the upper right corner of Firefox
Step 215 Click the File Folder
Step 216 Right click certnew.cer in Explorer window
Step 217 Click Rename on the pop-up menu
Step 218 Enter SiteB-CUCM02_CAtomcat.cer to rename the file (2
nd
pass SiteB-
IMP02_CAtomcat.cer)
SiteB-CUCM02 SiteB-IMP02
SiteB-CUCM02_CAtomcat.cer SiteB-IMP02_CAtomcat.cer
Step 219 Close the File Explorer window
Upload SiteB-CUCM02 CA Signed Tomcat Certificate to CUCM
Step 220 Click the 2
nd
Firefox tab to switch to SiteB-CUCM02 Cisco Unified Operating
System Administration web page (2
nd
pass select the 3
rd
Firefox tab for
SiteB-IMP02)
Step 221 Login with the following information if the previous session logged out
a: Username Administrator
b: Password Cisc0123
c: Click Login
Step 222 Click Security Certificate Management (if not all ready there)
Step 223 Click Upload Certificate/Certificate Chain
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 54 of 274
Step 224 Select the following Certificate upload information
a: Certificate Name tomcat
b: Description Self-signed Certificate (default)
c: Upload File Click Browse
d: Upload file Downloads\SiteB-CUCM02_CAtomcat.cer
2nd pass = SiteB-IMP02_CAtomcat.cer
SiteB-CUCM02 SiteB-IMP02
SiteB-CUCM02_CAtomcat.cer SiteB-IMP02_CAtomcat.cer
e: Click Open
f: Click Upload file
g: Click OK, to acknowledge that the Tomcat service needs to be
restarted (if presented with a pop-up box)
Step 225 Verify Successful certificate upload
Step 226 Click Close, to close the certificate upload pop-up window
Step 227 Click Find, to update the Certificate List
Step 228 Observe the updated tomcat and tomcat-trust certificates. Tomcat-trust has a
siteb-SITEB-AD-CA.pem file, and tomcat has a siteb-SITEB-AD-CA in the
description field
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 55 of 274
Step 229 Click the PuTTy icon on the task bar at the bottom of the SiteB- AD
RDP session
Step 230 Select SiteB-CUCM02 (2
nd
pass select SiteB-
IMP02), from the saved sessions
SiteB-CUCM02 SiteB-IMP02
SiteB-CUCM02 SiteB-IMP02
To open two PuTTy session at a time do the following
Right click the PuTTy icon on the bottom task bar of SiteB-AD
Select SSH, Telnet and Rlogin client
Step 231 Click Open
Step 232 Login With
a: Login as
Administrator (Case
Sensitive)
b: Password C1sc0123
(Case Sensitive)
Step 233 Enter utils service restart
Cisco Tomcat, (Case
Sensitive)
Step 234 Observe and wait for the
Tomcat service to fully stop
and restart (takes about 1
minute You can leave PuTTy open and repeat this section for SiteB-IMP02,
while you wait for SiteB-CUCM02 Tomcat service to restart)
Step 235 Repeat steps 152 235, one more time for SiteB-IMP02 Go ahead and do
the repeat while the service restarts, Close both PuTTy screens when you are
done with both servers
Step 236 Close both PuTTy windows once the Tomcat service has restarted on both
servers
Step 237 Click OK to confirm PuTTy window close
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 56 of 274
Adding CA Signed XMPP Certificate to SiteB-IMP02
In this section the student will upload the CA signed XMPP certificate to SiteB-IMP02 server.
The CA Root Certificate was uploaded to the publisher IMP server during the
development of this lab, and was replicated to the subscribers. The students are
simply doing this section to ensure their understanding of uploaded the CA Root
Cert to the Tomcat-trust before you generate a CSR form each server.
Step 238 Switch to SiteB-AD (172.19.X.120) RDP Session (if not already there)
Step 239 Switch to the 3
rd
Firefox tab pointing to SiteB-IMP02 OS Administration Web
Page
Step 240 Click Security Certificate Management Do this step even if you are
already there. Force the new certificate to be accepted by Firefox.
Step 241 Accept the invalid certificates
Step 242 Login with the following information if the previous session logged out
a. Username Administrator
b. Password C1sc0123
c. Click Login
Step 243 Click Upload Certificate/Certificate Chain
Step 244 Select the following Certificate upload information
a. Certificate Name cup-xmpp-trust
b. Description SiteB-AD CA Root Cert
c. Upload File Click Browse Downloads\CARootCert.cer
d. Click Upload File
Step 245 Observe the Successful Upload
Step 246 Click Close to close the file upload pop-up
window
Step 247 Click Find to refresh the certificate list
Step 248 Observe that the SiteB-AD CA Root Certificate is now listed for cup-xmpp-
trust
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 57 of 274
Generate and Download Certificate Signing Request (CSR)
In this section the student will generate and download the CSR for the xmpp service on
SiteB-IMP02.
Step 249 Click Generate CSR
Step 250 Fill in the following information
in the Generate Certificate Signing Request pop-up windows:
a. Certificate Name cup-xmpp
b. Key Length 2048
c. Hash Algorithm SHA1
d. Click Generate CSR (will warn you of
overwrite and will proceed)
Step 251 Verify Success of CSR generation
Step 252 Click Close on the Generate CSR pop-up window
Step 253 Click Download CSR
Step 254 Select cup-xmpp, from the Certificate name filed
Step 255 Click Download CSR
Step 256 Select Save File
Step 257 Click OK to save the CSR
Step 258 Click Close on the Download Certificate Signing Request pop-up window
Step 259 Click the Download Arrow in the upper right corner of Firefox
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 58 of 274
Step 260 Click the File Folder
Step 261 Right click cup-xmpp.csr in File Explorer window
Step 262 Click Rename from the pop-up menu
It is good practice to rename the certificates as you download them to your local
computer so they do not get mixed up or overwritten with the same name form a
different server.
Step 263 Rename the file to SiteB-IMP02_XMPP.csr
Step 264 Double click the newly renamed file SiteB-IMP02_XMPP.csr
Step 265 Choose Select a program from a list of installed
programs (bypassed the 2
nd
time)
Step 266 Click OK (bypassed the 2
nd
time)
Step 267 Select Notepad
Step 268 Click OK
Step 269 Select Format Word Wrap from the Notepad
menus
Step 270 Press CTRL-A to highlight everything in the CSR file
Step 271 Press CTRL-C to copy highlighted data into the computer buffer
Step 272 Close Notepad
Step 273 Close the File Explorer window
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 59 of 274
Submit and Download Signed CA Certificate
Step 274 Return to Firefox, on SiteA-AD RDP session
Step 275 Switch back to the first Firefox Tab, with MS AD Certificate Services Web Page
Step 276 Click Certificate Services, favorite in Firefox to return to the CA Services
home page
Step 277 Click Request A Certificate
Step 278 Click Advanced Certificate Request
Step 279 Click Saved Request field to make it active
Step 280 Press CTRL-V to past the data saved to the
computer buffer
Step 281 Select Web Server for the Certificate
Template
Step 282 Click Submit
Step 283 Select Base 64 encoded
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 60 of 274
Step 284 Click Download Certificate (careful here)
Step 285 Select Save File (default)
Step 286 Click OK to save the certificate
Step 287 Click the Download Arrow in the upper right corner of Firefox
Step 288 Click the File Folder
Step 289 Right click certnew.cer in Windows File Explorer
Step 290 Click Rename on the pop-up menu
Step 291 Enter SiteB-IMP02_CAxmpp.cer to rename the file
Step 292 Close the File Explorer window
Upload CA Signed Certificate to IMP02
Step 293 Click 3
rd
Firefox Tab, to switch to SiteB-IMP02 Operating System Console
web page
Step 294 Login with the following information if the previous session logged out
a. Username Administrator
b. Password C1sc0123
c. Click Login
Step 295 Click Security Certificate Management (if not all ready there)
Step 296 Click Upload Certificate/Certificate Chain
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 61 of 274
Step 297 Select the following Certificate upload information
a. Certificate Name cup-xmpp
b. Description Self-signed Certificate (default)
c. Upload File Click Browse
d. Upload file Downloads\SiteB-IMP02_CAxmpp.cer
e. Click Open
f. Click Upload file
g. Click OK, service restart (if presented)
Step 298 Verify the Successful certificate upload
Step 299 Click Close, to close the certificate upload pop-up window
Step 300 Click Find, to update the Certificate List
Step 301 Observe the updated cup-xmpp and cup-xmpp-trust
Step 302 Click PuTTy icon on the task bar at the bottom of the SiteB-AD
RDP session
Step 303 Select SiteB-IMP02
Step 304 Click Open
Step 305 Enter Administrator login as name
Step 306 Enter C1sc0123 as the password
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 62 of 274
Step 307 Enter utils service restart Cisco XCP Router, (Case Sensitive)
Step 308 Observe and wait for the Tomcat service to fully stop and restart (takes about
2 to 5 minutes You can leave PuTTy open and continue on and come back in
a few min to finish this section
Step 309 Close the PuTTy window
Step 310 Click OK to confirm closing the PuTTy window
When you are done with this section you will have done certificate management on
2 of the 5 UC servers in the SiteB pod. The other 3 servers certifications were
deployed during lab development.
SiteB-CUCM02
SiteB-IMP02
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 63 of 274
Adding the CA Root Certificate to SiteB-WS02
In this section the CA Root Certificate will be manually installed to the SiteB-WS02.
The CA Signed Root Certificate can be manually installed on to the workstation or
can be pushed down to the workstations using the group polices on the Active
Directory server.
Step 311 Switch to SiteB-WS02 (172.19.X.202 Blake Bad) RDP session
Step 312 Click Command icon on the bottom task bar
Step 313 Enter certmgr
Step 314 Press Enter
Step 315 Click the Arrow next to Trusted Root Certification
Authority
Step 316 Click and highlight Certificates
Step 317 Observe there is no SiteB-AD certifications in the
Trusted Root CAs
Step 318 Launch Firefox on SiteB-WS02
Step 319 Click Certificate Services on the Firefox favorites bar
Step 320 Login with:
a. Username Administrator
b. Password Cisc0123
Step 321 Click login
Step 322 Click Download a CA certificate, certificate chain, or CRL
Step 323 Select Base 64
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 64 of 274
Step 324 Click Download CA Certificate
Step 325 Select Save File
Step 326 Click OK
Step 327 Click the Download Arrow in the upper right
corner
Step 328 Click the File Folder, next to the latest
downloaded file
Step 329 Right Click certnew.cer
Step 330 Click Rename
Step 331 Rename the file CARootCert.cer
Step 332 Double click CARootCert.cer
Step 333 Observe that the certificate is from the siteb-
SiteB-AD-CA
Step 334 Click Install Certificate
Step 335 Click Next, on the certificate import wizard welcome screen
Step 336 Select Place all certificates in the following store
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 65 of 274
Step 337 Click Browse
Step 338 Select Trusted Root Certification Authorities, from the select certificate
store
Step 339 Click OK
Step 340 Click Next on the certificate import wizard
Step 341 Click Finish
Step 342 Click Yes on the security warning
Step 343 Click OK on the import was successful message
Step 344 Click OK to close the certificate window
Step 345 Close the File Explorer windows
Step 346 Close Firefox
Step 347 Return to Certificate Manager
Step 348 Select Trusted Root Certification
Authorities (if not all ready there)
Step 349 Press F5 to refresh the list of issued trusts
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 66 of 274
Step 350 Observe there is now a siteb-SITEB-AD-CA certificate in the trusted root certs
(sometimes CertMgr needs to be closed and reopened to see the CA Cert)
Step 351 Keep Certificate Manager open it will be used in the next section
Testing the CA Signed Certificates
Step 352 Switch to SiteB-WS02 (172.19.X.202) RDP session (if
not already there)
Step 353 Double click Cisco Jabber, if Jabber is not open (Jabber
was left at login screen after the Jabber Bootstrap install)
Step 354 Enter bbad, in the username field
Step 355 Enter Cisc0123, in the password field
Step 356 Click Sign me in when Cisco Jabber Starts
Step 357 Click Sign In
Step 358 Observe that the Jabber client Opens with no prompts to
accept invalid certificates
On the previous section the student had to login to SiteB-
WS01 and five invalid certificates had to be accepted
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 67 of 274
If for some reason you have to accept one or two invalid certificate but
not all five that means something went wrong with the certificate
uploads on the service in question. If an invalid certificate warning
message appears, note the name of the service that is issuing the
invalid certificate and return to that server and check the certificates.
For example during this certificate management session one certificate
did not get placed on the SiteB-IMP911.siteb.com server
If you go back to fix the certificate on the server, you will need to delete the
accepted certificate on the workstation in the certificate manager, under Enterprise
Certificates.
Step 359 If a certificate gets missed and the invalid certificate has to be accepted to
login. You can troubleshoot the issue, or move on to the next section. Invalid
certificates will not impede progress going forward in this lab
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 68 of 274
JST Features Task 5: Collab Edge with Cisco ExpressWay
In this section the students will configure a Cisco Expressway E and C cluster as well as test
access from a remote workstation traversing the Expressway pair.
This lab consists of two Expressway Es and two Expressway Cs that have
already been deployed for the student to save time. Also with each deployment
of an Expressway server the serial number is different, which would pose
issues with applying option keys in the lab.
The following video will demonstrate how the Expressways were deployed on
the ESXi hosts in the lab.
Short Video on Cisco ExpressWay Virtual Machine Deployment
Watch this video in HD here - http://youtu.be/Uoi3hosvygs
Activity Objective
In this activity, you will learn the methods to:
Configure Service Records (SRV) on public and internal DNS Servers
Performing the initial configuration of the Expressway E and C Initial Config as well
as configure Traversal zones, Domains, and Certificate Management
Required Resources
To complete this section of the lab the student will need a computer that is connected to the
lab via VPN, a compatible browser on the students computer, and RDP sessions to the five
devices in the lab.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 69 of 274
About the Cisco Expressway
Cisco Expressway is designed specifically for comprehensive collaboration
services provided through Cisco Unified Communications Manager. It features
established firewall-traversal technology and helps redefine traditional enterprise
collaboration boundaries, supporting our vision of any-to-any collaboration.
As its primary features and benefits, Cisco Expressway:
Offers proven and highly secure firewall-traversal technology to extend your
organizational reach.
Helps enable business-to-business, business-to-consumer, and business-to-cloud-
service-provider connections.
Provides session-based access to comprehensive collaboration for remote workers,
without the need for a separate VPN client.
Supports a wide range of devices with Cisco Jabber for smartphones, tablets, and
desktops.
Complements bring-your-own-device (BYOD) strategies and policies for remote and
mobile workers.
The Expressway is deployed as a pair: an Expressway-C with a trunk and line-side
connection to Unified CM, and an Expressway-E deployed in the DMZ and configured with a
traversal zone to an Expressway-C.
The Expressway runs on VMware on a range of Cisco UCS servers. See Expressway on
Virtual Machine Installation
Expressway-C
Expressway-C delivers any-to-any enterprise wide conference and session management and
interworking capabilities. It extends the reach of Telepresence conferences by enabling
interworking between Session Initiation Protocol (SIP)- and H.323-compliant endpoints,
interworking with third-party endpoints; it integrates with Unified CM and supports third-
party IP private branch exchange (IP PBX) solutions. Expressway-C implements the tools
required for creative session management, including definition of aspects such as routing,
dial plans, and bandwidth usage, while allowing organizations to define call-management
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 70 of 274
applications, customized to their requirements.
Expressway-E
The Expressway-E deployed with the Expressway-C enables smooth video communications
easily and securely outside the enterprise. It enables business-to-business video
collaboration, improves the productivity of remote and home-based workers, and
enables service providers to provide video communications to customers. The
application performs securely through standards-based and secure firewall
traversal for all SIP and H.323 devices. As a result, organizations benefit from
increased employee productivity and enhanced communication with partners and
customers.
It uses an intelligent framework that allows endpoints behind firewalls to discover
paths through which they can pass media, verify peer-to-peer connectivity through each of
these paths, and then select the optimum media connection path, eliminating the need to
reconfigure enterprise firewalls.
The Expressway-E is built for high reliability and scalability, supporting multivendor firewalls,
and it can traverse any number of firewalls regardless of SIP or H.323 protocol.
Standard features
The primary purpose of the Expressway is to provide secure firewall traversal and session-
based access to Cisco Unified Communications Manager for remote workers, without the
need for a separate VPN client.
Rich media session features
The following features are available when rich media session licenses are installed on the
Expressway:
SIP Proxy
SIP / H.323 interworking
IPv4 and IPv6 support, including IPv4 / IPv6 interworking
QoS tagging
Bandwidth management on both a per-call and a total usage basis
Automatic downspeeding option for calls that exceed the available bandwidth
URI and ENUM dialing via DNS, enabling global connectivity
Up to 100 rich media sessions on Small/Medium VM server deployments and 500 rich
media sessions on Large VM server deployments
1000 external zones with up to 2000 matches
Flexible zone configuration with prefix, suffix and regex support
Can be neighbored with other systems such as a Cisco VCS or other gatekeepers and
SIP proxies
n+1 redundancy, can be part of a cluster of up to 6 Expressways for increased
capacity and redundancy
Intelligent Route Director for single number dialing and network failover facilities
Call Policy (also known as Administrator Policy) including support for CPL
Support for external policy servers
AD authentication for administrators of the Expressway
Embedded setup wizard using a serial port for initial configuration
System administration using a web interface or RS-232, SSH, and HTTPS
Intrusion protection
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 71 of 274
Mobile and remote access
Cisco Unified Communications mobile and remote access is a core part of the Cisco
Collaboration Edge Architecture. It allows endpoints such as Cisco Jabber to have their
registration, call control, provisioning, messaging and presence services provided by Cisco
Unified Communications Manager when the endpoint is not within the enterprise network.
The Expressway provides secure firewall traversal and line-side support for Unified CM
registrations.
The overall solution provides:
Off-premises access: a consistent experience outside the network
for Jabber and EX/MX/SX Series clients
Security: secure business-to-business communications
Cloud services: enterprise grade flexibility and scalable solutions
providing rich WebEx integration and Service Provider offerings.
Gateway and interoperability services: media and signaling
normalization, and support for non-standard endpoints
Figure 1: Unified Communications: mobile and remote access
Figure 2: Typical call flow: signaling and media paths
Unified CM provides call control for both mobile and on-premises endpoints.
Signaling traverses the Expressway solution between the mobile endpoint and Unified
CM.
Media traverses the Expressway solution and is relayed between endpoints directly;
all media is encrypted between the Expressway-C and the mobile endpoint.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 72 of 274
Jabber client connectivity without VPN
The mobile and remote access solution supports a hybrid on-premises and cloud-based
service model, providing a consistent experience inside and outside the enterprise. It
provides a secure connection for Jabber application traffic without having to connect to the
corporate network over a VPN. It is a device and operating system agnostic solution for Cisco
Unified Client Services Framework clients on Windows, Mac, iOS and Android platforms.
It allows Jabber clients that are outside the enterprise to:
use instant messaging and presence services
make voice and video calls
search the corporate directory
share content
launch a web conference
access visual voicemail
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 73 of 274
Public & Local DNS Requirements for Expressway
The local internal DNS has been configured for SRV records in previous sections of this lab,
in the next section the student will enter needed SRV records into the public DNS, as well as
needed A type DNS records in both the public and local DNS.
Public DNS
The public (external) DNS must be configured with _collab-edge._tls.<domain> SRV records
so that endpoints can discover the Expressway-Es to use for mobile and remote access. SIP
service records are also required. That Is for general deployment and not specifically for mobile
and remote access. For example, for a cluster of 2 Expressway-E systems:
Local DNS
The local (internal) DNS requires _cisco-uds._tcp.<domain>,
cuplogin._tcp.<domain>, _cisco-phone-http.<domain> and standard SIP service SRV
records. For example:
Ensure that the cisco-uds, _cuplogin and cisco-phone-http SRV records are NOT resolvable outside
of the internal network, otherwise the Jabber client will not start mobile and remote access negotiation via the
Expressway-E.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 74 of 274
Entering Local DNS A Records For Expressway
Step 360 Return to the SiteB-AD (172.19.X.120) RDP session
opened earlier
Step 361 Click Start Administrative Tools DNS to open the
DNS Manager tool
Step 362 Click the + (plus signs) next to SITEB-AD Forward
Lookup Zone siteb.com
Step 363 Select siteb.com to highlight it
Step 364 Right click siteb.com
Step 365 Select New Host (A or AAAA) from the pop-
up menu
Step 366 Enter the following in the New Host pop-up
window:
a. Name siteb-expc01
b. IP Address 10.1.2.142
c. Check Create associated pointer
(PTR) record
d. Click Add Host
e. Click OK on the success message
Step 367 Repeat step 384 seven more times. In total eight entries should be created.
Step 368 Click Done on the New Host pop-up windows after entering the last New Host
Name
(Expressway-C)
IP Address Name
(Expressway-E)
IP Address
siteb-expc02 10.1.2.143 siteb-expe01 10.1.3.142
siteb-expc-cluster01 10.1.2.142 siteb-expe02 10.1.3.143
siteb-expc-cluster01 10.1.2.143 siteb-expe-cluster01 10.1.3.142
siteb-expe-cluster01 10.1.3.143
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 75 of 274
Step 369 Review the DNS entries to make sure all eight new entries are correct
Step 370 Close the DNS Manager
An Expressway can be part of a cluster of up to six Expressways. Each
Expressway in the cluster is a peer of every other Expressway in the cluster.
When creating a cluster, you define a cluster name and nominate one peer as
the master from which all relevant configurations is replicated to the other peers
in the cluster. Clusters are used to:
Increase the capacity of your Expressway deployment compared with a
single Expressway.
Provide redundancy in the rare case that an Expressway becomes inaccessible (for
example, due to a network or power outage) or while it is in maintenance mode (for
example, during a software upgrade).
Entering Public DNS A & SRV Records for Expressway
In this section working in the Mock Internet DNS server, the student will add the necessary
A records and SRV records to allow clients to find the Expressway E device from the
Internet (or in this lab case the Mock Internet).
Step 371 Switch to the SiteB-InetDNS (172.19.X.220 x=pod#) RDP session
Step 372 Login in with the following credentials if not already logged in:
a. Username Administrator
b. Password Cisc0123
Step 373 Click the DNS Manager icon on the bottom task bar
Step 374 Click the Arrow next to SITEB-INETDNS Forward Lookup Zone
siteb.com
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 76 of 274
Step 375 Select siteb.com to highlight it
Step 376 Right click siteb.com
Step 377 Select New Host (A or AAAA) from the pop-up menu
Step 378 Enter the following in the New Host pop-up window
a. Name siteb-expc01
b. IP Address 10.1.2.142
c. Check Marked Create associated pointer (PTR) record
d. Click Add Host
e. Click OK on the success message
Step 379 Repeat step 396 to add the following entries. In total there should be eight
entries created
Name
(Expressway-C)
IP Address Name
(Expressway-E)
IP Address
siteb-expc02 10.1.2.143 siteb-expe01 10.1.3.142
siteb-expc-cluster01 10.1.2.142 siteb-expe02 10.1.3.143
siteb-expc-cluster01 10.1.2.143 siteb-expe-cluster01 10.1.3.142
siteb-expe-cluster01 10.1.3.143
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 77 of 274
Step 380 Click Done on the new host pop-up windows
Step 381 Review the DNS entries
to make sure all eight
are correct
Step 382 Right click SiteB.com
in DNS Manager on
SiteB-InetDNS
Step 383 Select Other New
Records from the pop-
up menu
For SRV record type lookups, multiple DNS queries are performed. An SRV query
is made for each of the following _service._protocol combinations:
_h323ls._udp.<domain>
_h323rs._udp.<domain>
_h323cs._tcp.<domain>
_sips._tcp.<domain>
_sip._tcp.<domain>
_sip._udp.<domain>
_collab-edge._tls
_collab-edge._tcp
_cuplogin._tcp
_cisco-uds._tcp
_cisco-phone-http._tcp
_xmpp-client._tcp
_turn._udp.<domain>
Step 384 Scroll down and select Service Location (SRV) from the Resource Record
Type pop up window
Step 385 Click Create Record
Step 386 Create the following record:
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 78 of 274
a. Domain siteb.com (pre-filled-in)
b. Service _collab-edge (underscore
collab)
c. Protocol _tls (underscore tls)
d. Priority 0 (default)
e. Weight 0 (default)
f. Port Number 8443
g. Host Offering This Service =
h. siteb-expe01.siteb.com
Step 387 Click OK
Step 388 Click Create Record (again)
Step 389 Create the following record:
a. Domain siteb.com (pre-filled-in)
b. Service _collab-edge (underscore
collab)
c. Protocol _tls (underscore tls)
d. Priority 0 (default)
e. Weight 0 (default)
f. Port Number 8443
g. Host Offering This Service =
h. siteb-expe02.siteb.com
Step 390 Click OK
Step 391 Click Done
Step 392 Select _tls, under siteb.com in the DNS Manager
Step 393 Observe that both _collab-edge are in the _tls folder and have the correct
addresses
Step 394 Close DNS Manager
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 79 of 274
Initial Expressway Configuration for Expressway C and E
These Expressways have been deployed and locked down for this lab. No initial
administration was done on these devices. The student will make all configuration changes
to the Expressways.
There are 4 Expressways in this lab for Collab Edge, two Cs and two Es. The
student will configure the first C and the first E of a two clustered pairs. SiteB-
ExpC02 and SiteB-ExpE02 have already had this configure done before class
started.
The following Video shows the deployment of an Cisco Expressway
Watch this video in HD here - http://youtu.be/Uoi3hosvygs
Step 395 Switch to the SiteB-AD (172.19.X.120 x=pod#) RDP Session
Step 396 Launch Firefox from the task bar at the bottom of the desktop (if not already
open)
This section will be done twice, once for Siteb-ExpC01 and once for SiteB-ExpE01
Follow from here down and when you get to a table take the left side the first time
through for SiteB-ExpC01, and take the right side when doing the second pass for
SiteB-ExpE01
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 80 of 274
SiteB-Expressway C 01
Use Left Column First Pass of Section
SiteB-Expressway E 01
Do this step when repeating
Step 397 Click Expressway SiteB-
ExpC01 from the Firefox
favorite bar
Open a new tab in Firefox and browse to
Expressway SiteB-ExpE01 from the Firefox
favorite bar
Step 398 Click I Understand the Risks (if presented)
Step 399 Click Add Exception (if presented)
Step 400 Click Confirm Security Exception (if presented)
Step 401 Login in with the following credentials
a. Username admin (all lower case)
b. Password TANDBERG (all upper case)
c. Click Login
Step 402 Observe the Expressway/VSC Web Administration page
Step 403 Click the Red Box that indicates This system has 5 alarms
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 81 of 274
Step 404 Review the five system alarms listed
Step 405 Click the time link on the first alarm under the Action heading. Alternatively,
Click System Time
Step 406 Observe that the first three NTP servers have place holders in the address
field
Step 407 Delete and clear all the default entries in the address fields
Step 408 Enter 128.107.212.175 in the first NTP Server Address space
Step 409 Select US/Pacific for the time Zone
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 82 of 274
Step 411 Click Save
Step 412 Observe the bottom of the time page for a minute or so. Eventually the status
will go from Starting, to Rejected, to Synchronized. (There is no need to
manually refresh as it will do so automatically).
Step 413 Click the Red Alarms box again in the upper right corner.
Notice the number of alarms has changed from five to
three. If not enough time has passed clicking on the red
box again should update it to reflect the new number of
alarms.
Step 414 Click Change the admin password link under Action on the alarm page.
Alternatively click Users Administrator Accounts
Step 415 Click admin to open the admin
configuration page
Step 416 Enter Cisc0123 in the password
field
Step 417 Enter Cisc0123 in the confirm
password field
Step 418 Click Save
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 83 of 274
Step 419 Click the Red Alarms box again in the upper right corner. Notice it has
dropped from 5 alarms to 2 alarms.
Step 420 Click View Instruction on changing the root password under the Action
column heading
Step 421 Review the Using the Root Account Help page pop-up
Step 422 Close the Help Page when finished reading it
Step 423 Click the PuTTy icon on the bottom tool bar
SiteB-Expressway C 01
Use Left Column First Pass of Section
SiteB-Expressway E 01
Do this section when repeating
Step 424 Click SiteB-ExpC01 from the
saved sessions list in PuTTy
Click SiteB-ExpE01 from the saved session
list in PuTTy
Step 425 Click Open
Step 426 Click Yes on PuTTy Security Alert (if presented)
Step 427 Login as root (all lower case)
Step 428 Enter the password TANDBERG (all uppercase)
Step 429 Type the UNIX command passwd at the # prompt
Step 430 Press Enter
Step 431 Type in Cisc0123 as the new
UNIX password (It will not look
like you are typing.)
Step 432 Press Enter
Step 433 Retype Cisc0123 to confirm
the new password
Step 434 Press Enter
Step 435 Close the PuTTy window
Step 436 Click OK to confirm closing PuTTy
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 84 of 274
Step 437 Click the Red Alarms box again in the upper right corner. Notice it has
dropped from three alarms to one alarm.
Option keys are used to add additional features to the Expressway. Option keys
can either be valid for a fixed time period or have an unlimited duration. Your
Expressway may have been shipped with one or more optional features pre-
installed. To purchase further options, contact your Cisco representative.
The Option keys page (Maintenance Option keys) lists all the existing
options currently installed on the Expressway, and allows you to add new
options.
The System information section summarizes the existing features installed on the
Expressway and displays the Validity period of each installed key. The options that you
may see here include:
Traversal Server: enables the Expressway to work as a firewall traversal server.
H.323 to SIP Interworking gateway: enables H.323 calls to be translated to SIP
and vice versa.
Advanced Networking: enables static NAT functionality and the LAN 2 port on an
Expressway-E.
Rich media sessions: determines the number of non-Unified Communications calls
allowed on the Expressway (or Expressway cluster) at any one time. See the Call
types and licensing [p.264] section for more information.
TURN Relays: the number of concurrent TURN relays that can be allocated by this
Expressway (or Expressway cluster). See About ICE and TURN services [p.49] for
more information.
Encryption: indicates that AES (and DES) encryption is supported by this software
build.
Microsoft Interoperability: enables encrypted calls to and from Microsoft Lync
2010 Server (for both native SIP calls and calls interworked from H.323). It is also
required by the Lync B2BUA when establishing ICE calls to Lync 2010 clients. It is
required for all types of communication with Lync 2013.
Expressway Series: identifies and configures the product for Expressway Series
system functionality.
Step 438 Click Add a Release Key under the Action heading
Alternatively click Maintenance Option Keys
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 85 of 274
Step 439 Observe the Option Keys admin page and take note of the active options
Notice the Serial Number (S/N) in the lower right hand corner of the admin page.
This is the serial number that is used to generate licenses and options keys
The Release Keys and Options keys have already been installed
into SiteB-ExpC02 and SiteB-ExpE02 (the cluster pair of
expressway servers)
Step 440 Observe the server model name at the
top of the admin page, this will change
once all the option keys are installed
Step 441 Observe the Active Options
This key is the Service Contract Release Key:
SiteB-Expressway C 01
Use Left Column First Pass of Section
SiteB-Expressway E 01
Do this section when repeating
Step 442 Copy and Paste this license number into
the Release Key field
4360497995181665
into the Release Key field
Careful to make sure you have the Release Key
field and not the Software Option key field. This
key validates the service contract on the server.
Ignore the two new alarms that appear for an
invalid key, these will clear after a restart that
will be performed later in this section.
Copy and Paste this license number into
the Release key field
7176023658098439
into the Release Key field
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 86 of 274
Step 443 Click Set Release Key
Step 444 Observe the Yellow message at the top of the screen (Do not restart as
that will be completed in a later step)
This Software option key is the Expressway Series key:
SiteB-Expressway C 01
Use Left Column First Pass of Section
SiteB-Expressway E 01
Do this section when repeating
Step 445 Copy and Paste this license
number (Must Be All Caps)
116341E00-1-096C2A6F
into the Software Option Field
Copy and Paste this license number (Must Be
All Caps)
116341E00-1-745E2397
into the Software Option Field
Notice that although this will ultimately be
an Expressway-E server, at this point it is an
Expressway-C server. This role will change
when a later option key is installed.
Step 446 Click Add Option
Step 447 Observe the server model name at the top has change to Expressway-C. This
will change to Expressway-E later in this section.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 87 of 274
Step 448 Observe the Yellow message at the top of the screen. Do not restart as
this will be done later in this section.
This Software option key is the H323 SIP Interworking key:
SiteB-Expressway C 01
Use Left Column First Pass of Section
SiteB-ExpressWay E 01
Do this section when repeating
Step 449 Copy and Paste this license
number (Must Be All Caps)
116341G00-1-87EACCFB
into the Software Option Field
Copy and Paste this license number (Must Be
All Caps)
116341G00-1-A7FB3D03
into the Software Option Field
Step 450 Click Add Option
Step 451 Observe the Interworking Active Options has been added
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 88 of 274
SiteB-Expressway C 01
Use Left Column First
Pass of Section
SiteB-ExpressWay E 01
Do this section when repeating
No configuration required
here for the Expressway-C
Move on to the next step
below if this is the first pass
through this section of the
lab
Step 452 Copy and Paste this license number (Must Be All
Caps)
116341I1800-1-8F82AD62
into the Software Option Field (this option key is for the
E expressway only). This option key is the Turn Relay 1800
Step 453 Click Add Option
Step 454 Copy and Paste this license number (Must Be All
Caps)
116341T00-1-F768D3DC
into the Software Option Field (this option key is for the E
expressway only). This option key is the Traversal Service for E
option key
Step 455 Click Add Options
Step 456 Observe the updated model name at the top of
the page change from C to E
Step 457 Observe the options added to the Expressway-E
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 89 of 274
Step 458 Click System DNS, in the Expressway web admin
Step 459 Enter the following information for each Expressways:
SiteB-Expressway C 01
Use Left Column First Pass of Section
SiteB-ExpressWay E 01
Do this section when repeating
a. System Host Name siteb-expc01
b. Domain Name siteb.com
c. Address 1 10.1.2.120
d. Click Save
a. System Host Name siteb-expe01
b. Domain Name siteb.com
c. Address 1 10.1.3.20
d. Click Save
Step 460 Scroll down and click DNS Lookup Utility
Step 461 Enter siteb-expc02.siteb.com
Step 462 Click Lookup
Step 463 Observe the successful DNS Lookup. (Keep going the restart will take place
later in the lab)
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 90 of 274
Configuring the Expressway Cluster
About clusters
An Expressway can be part of a cluster of up to six Expressways. Each
Expressway in the cluster is a peer of every other Expressway in the cluster.
When creating a cluster, you define a cluster name and nominate one peer as
the master from which all relevant configurations is replicated to the other peers
in the cluster. Clusters are used to:
Increase the capacity of your Expressway deployment compared with a single
Expressway.
Provide redundancy in the rare case that an Expressway becomes inaccessible (for
example, due to a network or power outage) or while it is in maintenance mode (for
example, during a software upgrade).
About the configuration master
All peers in a cluster must have identical configuration for subzones, zones, links, pipes,
authentication, bandwidth control and Call Policy. To achieve this, you define a cluster name
and nominate one peer as the configuration master. Any configuration changes made to the
master peer are then automatically replicated across all the other peers in the cluster.
You should only make configuration changes on the master Expressway. Any
changes made on other peers are not reflected across the cluster, and will be
overwritten the next time the masters configuration is replicated across the peers.
The only exceptions to this are some peer-specific configuration items.
You may need to wait up to one minute before changes are updated across all peers in the
cluster.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 91 of 274
Step 464 Click System Clustering on the Expressway Admin web page
SiteB-Expressway C 01
Use Left Column First Pass of Section
SiteB-ExpressWay E 01
Do this section when repeating
Step 465 Enter the following
a: Cluster Name FQDN
siteb-expc-cluster01.siteb.com
b: Configuration Master 1
c: Cluster pre-shared key
Cisc0123
d: Peer 1 IP Address 10.1.2.142
e: Peer 1 IP Address 10.1.2.143
f: Click Save
After the restart it might take a few min to
sync up the databases. Ignore the errors
as they should clear after a few min.
However, DO NOT restart now! They
will be restarted later in this section.)
The clustering page should look something
like this once in sync:
Enter the following:
a: Cluster Name FQDN
siteb-expe-cluster01.siteb.com
b: Configuration Master 1
c: Cluster pre-shared key Cisc0123
d: Peer 1 IP Address 10.1.3.142
e: Peer 1 IP Address 10.1.3.143
f: Click Save
Step 466 Click Maintenance Restart Options
Step 467 Click Restart (Be careful to not click shutdown!)
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 92 of 274
Step 468 Click OK to restart the system
Step 469 Observe the system restarting
Step 470 Repeat Steps 397 469 for SiteB-EXPE01 while siteb-expc01 is restarting
STOP - make sure to go back and do SiteB-ExpE01!
Step 471 Switch to the Firefox tab with SiteB-expC01 Web admin in it
Step 472 Log in with:
a. Username admin (all lower case)
b. Password Cisc0123
(case sensitive)
Step 473 Click Login
Step 474 Click System Clustering
Step 475 Observe that clustering is
now active
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 93 of 274
Configuring the Expressway-E Unified Communications
This section sets the SiteB-ExpE01 Mobile and Remote Access to ON. This will automatically
turn this option on for the SiteB-ExpE02 Expressway since it is clustered with SiteB-ExpE01.
Cisco Unified Communications mobile and remote access is a core part of the
Cisco Collaboration Edge Architecture. It allows endpoints such as Cisco Jabber
to have their registration, call control, provisioning, messaging and presence
services provided by Cisco Unified Communications Manager (Unified CM) when
the endpoint is not within the enterprise network. The Expressway provides
secure firewall traversal and line-side support for Unified CM registrations.
The overall solution provides:
Off-premise access: a consistent experience outside the network for Jabber and
EX/MX/SX Series clients
Security: secure business-to-business communications
Cloud services: enterprise grade flexibility and scalable solutions providing rich
WebEx integration and Service Provider offerings.
Gateway and interoperability services: media and signaling normalization, and
support for non-standard endpoints
Unified Communications: mobile and remote access
Jabber client connectivity without VPN
The mobile and remote access solution supports a hybrid on-premise and cloud-based
service model, providing a consistent experience inside and outside the enterprise. It
provides a secure connection for Jabber application traffic without having to connect to the
corporate network over a VPN. It is a device and operating system agnostic solution for Cisco
Unified Client Services Framework clients on Windows, Mac, iOS and Android platforms.
It allows Jabber clients that are outside the enterprise to:
Use instant messaging and presence services
Make voice and video calls
Search the corporate directory
Share content
Launch a web conference
Access visual voicemail
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 94 of 274
Step 476 Switch to the Firefox tab connected to SiteB-expE01 web admin
Step 477 Wait for the SiteB-ExpE01 to restart if not already restarted (about 1 to 3
minutes)
Step 478 Login with:
a. Username admin (all lower case)
b. Password Cisc0123
Step 479 Click Login
Step 480 Click Configuration Unified Communications Configuration
Step 481 Select Mobile and Remote Access from the Unified Communications mode
drop down menu
Step 482 Click Save
Step 483 Click System Clustering
Step 484 Observe that clustering is active on the Expressway-E servers.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 95 of 274
Configuring the Expressway-C for Unified Communications
In this section the student will configure the Expressway-C to communicate with CUCM and
IM&P servers
Caution! This section is only for Expressway-C
Step 485 Switch to the Firefox Tab with SiteB-ExpC01 web admin web page
Step 486 Login with the following credentials (if Logged out):
a: Username admin (lower case)
b: Password Cisc0123 (CaSe SeNsAtIvE)
Step 487 Click Login
Step 488 Click Configuration Unified Communications Configuration
Step 489 Select Mobile and Remote Access from the Unified Communications Mode
drop down menu
Step 490 Click Save
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 96 of 274
Configuring the domains to route to Unified CM
You must configure the domains for which registration, call control, provisioning,
messaging, and presence services are to be routed to Unified CM for.
SIP registrations and provisioning on Unified CM: endpoint
registration, call control and provisioning for this SIP domain is serviced by
Unified CM. The Expressway acts as a Unified Communications gateway to provide
secure firewall traversal and line-side support for Unified CM registrations.
IM and Presence services on Unified CM: instant messaging and presence
services for this SIP domain are provided by the Unified CM IM and Presence service.
Step 491 Click Configuration Domains
Step 492 Click New
Step 493 Enter siteb.com in the Domain
Name field
Step 494 Set On for the SIP registration and
provisioning on Unified CM
Step 495 Set On for the IM and Presence
services on Unified CM
Step 496 Click Create Domain
Step 497 Observe that the domain was created
Discovering IM&P and Unified CM servers
The Expressway-C must be configured with the address details of the IM&P
servers and Unified CM servers that are to provide registration, call control,
provisioning, messaging and presence services.
To have TLS verify mode set to On (the default and recommended setting) when
discovering the IM&P and Unified CM servers, the Expressway-C must be configured to trust
the tomcat certificate presented by those IM&P and Unified CM servers.
Determine the relevant CA certificates to upload:
If the servers are using self-signed certificates, the Expressway-C's trusted CA list must include a
copy of the tomcat certificate from every IM&P / Unified CM server.
If the servers are using CA-signed certificates, the Expressway-C's trusted CA list must include
the root CA of the issuer of the tomcat certificates.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 97 of 274
Step 498 Click Configuration Unified Communications IM and Presence
Servers
Step 499 Click New
Step 500 Enter the following IM&P information
a: IM&P Publisher Address siteb-imp911.siteb.com
b: Username AXLuserCUP
c: Password Cisc0123
d: TLS Verify Mode ON
Step 501 Click Add Address
Step 502 Observe the IM&P Server Discovery failed due to TLS Certificate
Uploading CA Root Certification to Expressway
Just like all other PKI certificate security based systems the CA Root Certificate must be
downloaded from the CA and uploaded to the Expressways. In this section the student will
obtain the CA Root certificate from the CA and upload it to two of the Expressways.
Step 503 Open a new Firefox Tab
Step 504 Click Certificate Services, on the Firefox favorites bar
Step 505 If requested to, login with:
a. Username Administrator
b. Password Cisc0123
Step 506 Click Login (if login pop-up is presented)
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 98 of 274
Step 507 Click Download a CA certificate, certificate chain, or CRL
Step 508 Select Base 64, Encoding Method
Step 509 Click Download CA Certificate
Step 510 Click OK to save the file to the students computer
Step 511 Click the Download Arrow in the upper left corner of Firefox
Step 512 Click the Folder next to certnew.cer file to browse the folder where the new
CA Root Certificate was downloaded to
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 99 of 274
In the Certificate Management section in this lab, a CA Root
Certificate was already downloaded to the SiteB-AD server. The
original CA Root Certificate that was previously downloaded may be
used for this section of the lab as well.
The reason the CA is being downloaded again is in the event a student
wishes to only perform the Expressway section of the lab.
Step 513 Rename the file to SiteB-CARoot2Cert.cer
Step 514 Close the File Explorer window
Step 515 Return to the Firefox tab for the SitebB-ExpC01 Expressway Web Admin
Step 516 Click Maintenance Security Certificates Trusted CA Certificates
Step 517 Click Browse
Step 518 Click Downloads on the left side
navigation pane
Step 519 Select the SiteB-CARoot2Cert.cer
file
Step 520 Click Open on the file upload screen
Step 521 Click Append CA Certificate
Step 522 Observe at the top of the page that the certificate was uploaded
Step 523 Click Configuration Unified Communications IM and Presence
Servers
Step 524 Click New
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 100 of 274
Step 526 Enter the following IM&P information
a: IM&P Publisher Address siteb-imp911.siteb.com
b: Username AXLuserCUP
c: Password Cisc0123
d: TLS Verify Mode ON
Step 527 Click Save
Step 528 Observe the IM&P Server Discoverys successful discovery. (Notice that it
found both SiteB-IMP911 and SiteB-IMP02.) Remember that without the Root
CA Certificate and TLS verify mode set to ON the system would not connect to
IM&P server.
Step 529 Click Configuration Unified Communications Unified CM Server
Step 530 Click New
Step 531 Enter the following CUCM information
a: CUCM Publisher Address siteb-CUCM911.siteb.com
b: Username AXLuserCUP
c: Password Cisc0123
d: TLS Verify Mode ON
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 101 of 274
Step 533 Click Add Address
Step 534 Observe the successful discovery message for the CUCM servers.
Add Client Server Template to MS CA Server
In this section the student will make the necessary changes to the Microsoft Certificate
Authority server, to prepare it to create CA Signed certificates for Expressway.
This next section although not part of the Cisco UC solution and is not a function
of the Microsoft CA server. This section was included because it is mandatory to
create a new CA template in MS CA server to create server certificates for
Expressway.
This template only needs to be created once on the MS CA server and can be reused each
time you need to create CA Signed certificates for the Expressway servers.
The new Client Server Template will be used again later in this lab for the Jabber Guest
Expressways
Step 535 Click Start All Programs Administrative Tools Certification
Authority on the SiteB-AD RDP session (Should already be on this server)
Step 536 Click the + (plus sign) next to siteb-SITEB-AD-CA to open the sub-folders
Step 537 Click and highlight Certificate Templates
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 102 of 274
Step 538 Right click certificate templates and select Manage from the pop-up menu
Step 539 Click and highlight Web Server from the Certificate Templates Console
Step 540 Right click Web Server
Step 541 Click Duplicate Templates from the pop-up menu
Step 542 Select Windows Server 2003 Enterprise. It
must be 2003 or this new template, that is
being created, will not show up when
requesting a certificate.
Step 543 Click OK
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 103 of 274
Step 544 Enter ClientServer in the Template Display Name field
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 104 of 274
Step 546 Click the Request Handling, Tab
Step 547 Select Allow private key to be
exported
Step 548 Click the Extensions tab
Step 549 Select Application Policies
Step 550 Click Edit
Step 551 Click Add on the Edit Application Policies Extension pop-up window
Step 552 Click Client Authentication
Step 553 Click OK
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 105 of 274
Step 554 Click OK to confirm the addition of Client Authentication
Step 555 Click Apply
Step 556 Click OK to close the properties of
New Template
Step 557 Close the Certificate Templates
Console
Step 558 Right Click Certificate Templates in
the Certification Authority console
Step 559 Click New
Step 560 Click Certificate Template to Issue
Step 561 Select ClientServer from the list of
Certificate Templates
Step 562 Click OK
Step 563 Close the Certification Authority console
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 106 of 274
Configuration of Certificates to prepare for Implementing Traversal Zones
In this section the student will generate and upload the appropriate certificates on the
Expressways and create a Traversal Zone between the Es and Cs so they can communicate
with each other.
Configuring traversal server zones
An Expressway-E can act as a traversal server, providing firewall traversal on
behalf of traversal clients (such as an Expressway-C).
To act as a traversal server, the Expressway-E must have a special type of two-
way relationship with each traversal client. To create this connection, you create
a traversal server zone on your local Expressway-E and configure it with the
details of the corresponding zone on the traversal client. (The client must also be
configured with details of the Expressway-E.)
After you have neighbored with the traversal client you can:
Provide firewall traversal services to the traversal client
Query the traversal client about its endpoints
Apply transforms to any queries before they are sent to the traversal client
Control the bandwidth used for calls between your local Expressway and the traversal
client
Note: traversal client-server zone relationships must be two-way. For firewall traversal to
work, the traversal server and the traversal client must each be configured with the others
details. The client and server will then be able to communicate over the firewall and query
each other.
CLICK HERE to find the Expressway documentation on Cisco.com
Step 564 Open Internet Explorer on SiteB-AD. This one server certificate will only
download from IE and not in Firefox
Step 565 In IE browse to http://siteb-ad.siteb.com/certsrv/
or click Certificate Services, on the IE Favorite bar
Step 566 Enter Administrator in the Field of the pop-up login window
Step 567 Enter Cisc0123 in the Password field of the pop-up login window
Step 568 Click OK
Step 569 Click Download a CA Certificate, Certificate chain, or CRL
Step 570 Click Yes if presented with a Web Access Warning
Step 571 Select Base 64
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 107 of 274
Step 572 Click Download Latest Base CRL
Step 573 Click Save in the pop-up window at the bottom of the IE Screen
Step 574 Click Open Folder
Step 575 Right click certcrl.crl
Step 576 Click Rename on the pop-up menu
Step 577 Enter CARootCRL.crl to rename the file
Step 578 Close Windows File Explorer
Step 579 Close Internet Explorer (IE)
Step 580 Switch to the SiteB-ExpC01 web admin Firefox tab
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 108 of 274
Step 582 Login in to SiteB-ExpC01 with the following credentials (if needed)
a. Username admin (lower case)
b. Password Cisc0123 (case sensitive)
c. Click Login
Step 583 Click Maintenance Security Certificates CRL Management
Step 584 Click Browse in the Manual CRL Update section
Step 585 Click Downloads in the left
navigation pane
Step 586 Select CARootCRL.crl
Step 587 Click Open
Step 588 Click Upload CRL File
Step 589 Confirm the successful upload of CRL
Step 590 Click Maintenance Security Certificates Server Certificate
Step 591 Click Generate CSR
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 109 of 274
Step 593 Enter the following information
a. Common Name FQDN of Expressway
b. Subject Alternative Names FQDN of Expressway Cluster Plus
FQDNs of all peers in the cluster
c. IM and Presence chat note aliases delete entry
d. Key Length (in bits) 2048
e. Country US
f. Sate or province CA
g. Locality (town name) San Jose
h. Organization (company name) Cisco
i. Organizational Unit Cisco
j. Click Generate CSR
Step 594 Click Download to download CSR file
Step 595 Select Open
Step 596 Click OK to open the CSR in a notepad
Step 597 Click Format Word Wrap in Notepad to see the
whole file (might already be done)
Step 598 Click CTRL-A to highlight the whole text in notepad
Step 599 Click CTRL-C to copy the text into your computer buffer
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 110 of 274
Be careful not to change anything in this certificate while you have it open in
Notepad. It is not easy to troubleshoot if something changes in this file.
Step 600 Close Notepad
Step 601 Switch to the MS Certificate Server web admin page tab in Firefox
Step 602 Click on the Favorite link Certificate Service to bring the CA server web
admin to the home page
Step 603 Click Request a Certificate
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 111 of 274
Step 605 Click Advanced Certificate Request
Step 606 Click inside the Saved Request field
Step 607 Press CTRL-V to paste the CRS test into the
saved request field
Step 608 Select ClientServer from the Certificate
Template field (this is the template crated in
the previous section)
Step 609 Click Submit
Step 610 Select Base 64 Encode
Step 611 Click Download Certificate
Step 612 Select Save File
Step 613 Click OK
Step 614 Click the Download Arrow in the upper right corner or Firefox
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 112 of 274
Step 615 Click the File Folder
Step 616 Right Click certnew.cer
Step 617 Select Rename from the pop-up windows
Step 618 Rename the file to SiteB-ExpC01Cert.pem (Caution! Make sure to change
the extension to PEM when renaming the file.)
Step 619 Click Yes to confirm name extension change
Step 620 Close the File Explorer window
Step 621 Switch to the SiteB-ExpC01 tab in the Firefox browser on SiteB-AD RDP
session
Step 622 Click Browse at the bottom of the server certificate screen to upload a new
certificate
Step 623 Click Downloads in the left navigation pane
Step 624 Find and select the SiteB-ExpC01Cert.pem from the downloads directory
Step 625 Click Open
Step 626 Click Upload Server Certificate Data
The browser will reinitialize and ask to accept the certificate again.
Step 627 Click I Understand The Risk
Step 628 Click Add Exception
Step 629 Click Confirm Security Exception
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 113 of 274
Step 630 Observe the certificate was uploaded but the system needs a restart
Step 631 Click Restart from the yellow warning message at the top of the Server
Certificate page
Step 632 Click Restart again on the Restart Options window
Step 633 Click OK to confirm the restart
Add CA Signed Certificate on SiteB-ExpE01
Step 634 Switch to the SiteB-ExpE01 web admin tab in Firefox
Step 635 Login with the following credentials (if logged out)
a. Click Home
b. Username admin
c. Password Cisc0123
d. Click Login
Step 636 Click Maintenance Security
Certificates Trusted CA Certificate
Step 637 Click Browse
Step 638 Click Downloads in the left side
navigation pane
Step 639 Select SiteB_CARoot2Cert.cer
Step 640 Click Open
Step 641 Click Append CA Certificate
Step 642 Observe and confirm that CA Root Certificate has
been uploaded
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 114 of 274
Step 643 Click Maintenance Security Certificates CRL Management
Step 644 Click Browse
Step 645 Click Downloads in
the left side
navigation pane
Step 646 Select CARootCRL.crl
Step 647 Click Open
Step 648 Click Upload CRL File
Step 649 Observe and confirm the CRL was uploaded successfully
Step 650 Click Maintenance Security Certificates Server Certificate
Step 651 Click Generate CSR
Step 652 Enter the following information
a. Common Name FQDN of Expressway
b. Subject Alternative Names FQDN of Expressway Cluster Plus
FQDNs of all peers in the cluster
c. IM and Presence chat note aliases delete entry (if any)
d. Key Length (in bits) 2048
e. Country US
f. Sate or province CA
g. Locality (town name)
San Jose
h. Organization (company
name) Cisco
i. Organizational Unit
Cisco
j. Click Generate CSR
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 115 of 274
Step 653 Click Download, to download CSR file
Step 654 Select Open
Step 655 Click OK to open the CSR in a Notepad
Step 656 Click Format Word Wrap in Notepad to see the whole file (if needed)
Step 657 Click CTRL-A to highlight the whole text in Notepad
Step 658 Click CTRL-C to copy the text into your computer buffer
Step 659 Close Notepad
Step 660 Switch to the MS CA Server web admin tab in
Firefox
Step 661 Click Certificate Services on the Firefox favorite
bar to return to the CA home page
Step 662 Click Request a Certificate
Step 663 Click Advanced Certificate Request
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 116 of 274
Step 664 Select and make active the Saved
Request field
Step 665 Select ClientServer from the Certificate
Template field
Step 666 Click Submit
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 117 of 274
Step 667 Select Base 64 Encode
Step 668 Click Download Certificate
Step 669 Select Save File
Step 670 Click OK
Step 671 Click the Download Arrow in the upper right corner or Firefox
Step 672 Click the File Folder
Step 673 Right Click certnew.cer
Step 674 Select Rename from the pop-up windows
Step 675 Rename the file to SiteB-ExpE01Cert.pem
Step 676 Click Yes to confirm name extension change
Step 677 Close File Explorer window
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 118 of 274
Step 678 Switch to the SiteB-ExpE01 tab in the Firefox browser on SiteB-AD RDP
session
Step 679 Click Browse at the bottom of the server certificate screen to upload a new
certificate
Step 680 Find and select the SiteB-ExpE01Cert.pem file from the Downloads
directory
Step 681 Click Open
Step 682 Click Upload Server Certificate Data
The browser will reinitialize and ask to accept the certificate again
Step 683 Click I Understand the Risks
Step 684 Click Add Exception
Step 685 Click Confirm Security Exception
Step 686 Observe the certificate has been uploaded but the system needs a restart
Step 687 Click Restart from the yellow warning message at the top of the Server
Certificate page
Step 688 Click Restart again on the Restart Options window
Step 689 Click OK to confirm the restart
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 119 of 274
Configuring Traversal Zones
In this section the student will configure the Traversal zones between the Es and Cs so
they can communicate across the firewalls.
Step 690 Switch to the SiteB-ExpE01 web admin Firefox tab (if not all ready there) on
the SiteB-AD RDP session
Step 691 Wait for SiteB-ExpE01 to finish restarting
Step 692 Login as
a. Username admin (lower case)
b. Password Cisc0123
c. Click Login
Step 693 Click Configuration Zones Zones
Step 694 Click New
Step 695 Enter the following information
a. Name TraversalZoneSiteB
b. Type Traversal Server
Step 696 Click Add/Edit Local Authentication Database
Step 697 Click New
Step 698 Enter TraversalAdmin in the Name field
Step 699 Enter Cisc0123 in the password field
Step 700 Click Create Credential
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 120 of 274
Step 701 Close the Local Authentication Database pop-up window
Step 702 Fill in the following information (leaveing all un-mentioned fields at default):
a. Username TraversalAdmin
b. H323 Mode Off
c. Unified Communications Service Yes
d. TLS Verify Mode On
e. TLS Verify Subject Name SiteB-ExpC-Cluster01.siteb.com
f. Media Encryption Mode Forced Encrypted
g. Authentication Policy Treat As Authenticated
h. Click Create Zone
Step 703 Switch to SiteB-ExpC01 tab in Firefox on SiteB-AD RDP Session
Step 704 Login as:
a. Username admin (lower case)
b. Password Cisc0123
c. Click Login
Step 705 Click configuration Zones Zones
Step 706 Click New
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 121 of 274
Step 707 Enter the following information:
a. Name TraversalZoneSiteB
b. Type Traversal Client
Step 708 Fill in the following information:
a. Username TraversalAdmin
b. Password Cisc0123
c. H323 Mode Off
d. Port 7001
e. Unified Communications Service Yes
f. TLS Verify Mode On
g. Media Encryption Mode Forced Encrypted
h. Authentication Policy Treat As Authenticated
i. Peer 1 Address siteb-expe01.siteb.com
j. Peer 2 Address siteb-expe02.siteb.com
k. Click Create Zone
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 122 of 274
Observe that SiteB-ExpC01 show active traversal zone
Step 709 Click Configuration Zones Zones
Step 710 Click TraversalZoneSiteB
Step 711 Scroll to the bottom and observe that the State status is Active
If there is a warning or a connection has failed, wait a min and try to go back
in again. Sometimes it takes a minute or so to update and connect.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 123 of 274
Observe that the SiteB-ExpE01 show active traversal zone
Step 712 Switch to SiteB-ExpE01, Firefox tab admin web page
Step 713 Click Configuration Zones Zones
Step 714 Click TraversalZoneSiteB
Step 715 Scroll to the bottom and observe that SIP Reachable and the State status is
Active
Validate Internal and External Jabber Client Usage
In this section the Cisco Jabber client on the workstations well be logged into both the
Internal and External UC services. By connecting to the Expressway-E while on the Internet
the Cisco Jabber client is able to register with CUCM without having to create a VPN
connection first.
Both SiteB-WS01 and SiteB-WS02 have Cisco IP Communicator
(CIPC) install, open, and registered with CUCM. Although you will
not have CIPC and Jabber running on the same computer in a
production network, the CIPC phone serves a purpose in the lab
environment. The CIPC is there to represent the users physical desk
phone, so the student can see what changes would be happening on
the desk phone as the Cisco Jabber client is being used.
CIPC is an EOL Cisco Product and should not be used in production.
Jabber Client Internal Validation Test
In this section the student will test the preconfigured system with the Jabber Clients
connected to the local internal network.
Step 716 Switch to SiteB-WS01 (172.19.X.201 Alex Ace) RDP Session
Step 717 Open Cisco Jabber if not already open
Step 718 Use the following login credentials (if login is needed)
a. Username aace
b. Password Cisc0123
c. Click Login
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 124 of 274
Step 719 Click Line One, on the CIPC phone
Step 720 Observe when the CIPC (desk phone) goes off hook
the Jabber Presence changes to On a call
Step 721 Click EndCall on CIPC
Step 722 Set Alex Aces presence to away
Step 723 Click Away to set a custom presence
Step 724 Type Gone To The Beach
Step 725 Press Enter
Step 726 Switch to SiteB-WS02 (172.19.X.202 Blake Bad)
RDP Session
Step 727 Observe that Alex Ace, in the contacts list, has a
presence indicator of amber that reads Gone To
The Beach
Step 728 Hover your mouse over Alex Ace in Blakes contact list. The Icon of a phone
handset on the right side of Alexs name appears.
Step 729 Click the Call Icon
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 125 of 274
Step 730 Click Alexs Work Number, to call Alex
Step 731 Quickly switch to SiteB-WS01 (172.19.X.201 Alex Ace)
RDP session
Step 732 Click Answer on the Incoming Call pop-up window in the lower right hand
corner of Alexs desktop
Step 733 Observe on Alexs Jabber Client that the status is still Gone
to the beach. This is because she manually set it. On
Blake Bads Jabber client, however, it indicates On A Call.
Step 734 Click the Red Hand Set on the Blake Bads conversation
window to disconnect the call
Observe this call came up as a video call, and both users have the world
VCAM as their video feed in place of where their video should be.
Both workstations are virtual machines in our lab, and there for do not have
a video camera attached to the workstation. e2eSoft VCam virtual video
driver has been installed on both workstations.
Although video was not needed for this lab, A video driver was required for
the Jabber Guest part of this calls.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 126 of 274
Jabber Client Internal Voice Mail Validation Test
In this section the student will validate that both workstations are connected to Unity
Connection voice mail
Step 735 Switch to SiteB-WS01 (172.19.X.201 Alex Ace) RDP Session
Step 736 Switch Alexs presence indicator back to
Available
Step 737 Click the Voice Mail tab on Alex Aces
Jabber client
Step 738 Observe that it indicates that she does not
have any VM at this time, but is connected
to voicemail
Step 739 Click Help Show Connection Status,
on Alexs Jabber client
Step 740 Observe that the Jabber client is connected to the following services (the
server names might be different during your lab)
a. Softphone SiteB-CUCM02.siteb.com (CCMCIP)
b. VoiceMail Siteb-cuc911.siteb.com
c. Presence SiteB-IMP911.siteb.com
d. Outlook Yes
e. Directory LDAP
f. Close Connection Status, when done observing
Step 741 Switch to SiteB-WS02 (172.19.X.201 Blake Bad) RDP Session
Step 742 Click Help Show Connection Status, on Blakes Jabber client
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 127 of 274
Step 743 Observe Blakes Jabber Connection status
Step 744 Close Connection Status, on Blakes desktop when done observing
Step 745 Click the Voice Mail tab on Blakes Jabber client
Step 746 Observe that it indicates that he has voice mail
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 128 of 274
Moving SiteB-WS02 From The Internal To The External (internet) Network
In previous sections of the lab the SiteB-WS01 & SiteB-WS02 workstations have been
connected to the internal corporate network. In this section SiteBWS02 workstations will be
moved out of the corporate office and connect Jabber to the CUCM via the Expressways
without a VPN connection.
To demonstrate the Expressway functions the two workstations will
be moved from the internal corporate network, out on to the public
internet. For this lab we have create a MOCK INTERNET by using two
vlans. The 5xx series vlans are for the internal network, and the 6xx
vlans are the DMZ or our external MOCK internet.
The workstations have two network cards in them. To simulate
moving the computer from internal to external, the student will turn off the
internal network card and turn on the external network card. The following series
of lab steps will not only switch the network cards but prove to the student that
the workstation is now on a different network.
Step 747 Switch to siteB-WS02 (172.19.X.202 Blake Bad) RDP Session (if not already
there)
Step 748 Click the DOS Prompt icon on the task bar at the bottom of the desktop
Step 749 Enter ipconfig
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 129 of 274
Step 750 Observe that the workstation is on the .2 network (3
rd
Octet), the .2 network
is the internal corporate network
Step 751 Type nslookup and press Enter to enter into nslookup mode
Step 752 Type set type=srv (in all lower case)
Step 753 Type _cisco-uds._tcp.siteb.com
Step 754 Press Enter
Step 755 Type _collab-edge._tls.siteb.com
As a reminder dont forget two DNS servers were previously configured:
Internal with _cisco-uds SRV records for the Jabber Clients to find the CUCM
External with _collab-edge SRV records for the Jabber Client to find the
Expressway E while it is outside on the Internet.
Step 756 Observe that the _cisco-uds is able to be resolved and that _collab-edge was
not able to be resolved
Step 757 Close the DOS Prompt
Step 758 Navigate to 172.19.X.110 (x=pod#) in a browser from the students
computer
Step 759 Click Cisco Unified Communications Manager
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 130 of 274
Step 760 Login in with the following credentials
a. Username Administrator
b. Password Cisc0123
c. Click Login
Step 761 Click Device Phone
Step 762 Click Find
Step 763 Observe the IPv4 Address of the two CFS (disregard the Dyslexic lab
developer, CFS should be CSF). Notice that both CSF devices are registered
on the .2 network
Step 764 Switch to SiteB-WS02 (172.19.X.202 Blake Bad) RDP Session
Step 765 Click File Exit on SiteB-WS02 Jabber Client to exit the app
The External Network On bat file turns off the internal network card
and turns on the external network card.
The Internal Network On bat file does the oppsit it turns off the
external network card and turns on the internal network card.
The two bat files move the SiteB workstations between the internal
network and the mock lab internet.
Step 766 Right Click External Network ON icon on SiteB-WS02s desktop
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 131 of 274
Step 768 Click Run as Administrator from the pop-up menu
Step 769 Click Yes to allow the application to make changes to the computer
When you click YES in the previous step, the RDP session will drop. In the
following steps an RDP connection will be created to the new workstation address
Step 770 Click Start All Programs Accessories Remote Desktop
Connection, from the students personal computer
Step 771 Enter 172.19.X.241, (x=pod#) in the Computer filed
Step 772 Click Connect
If the new RDP connection to .241 does not connect at first wait 30 seconds and
try again. Due to lab issues it takes a little time for the network to converge.
Step 773 Click Use Another Account
Step 774 Enter siteb\bbad
Step 775 Password Cisc0123
Step 776 Click OK
Step 777 Click Yes to the invalid certificate warning
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 132 of 274
Step 778 Click Accept on the SiteB-ExpE01.siteb.com invalid certificate (If jabber is
open it will reconnect and an invalid certificate will be presented.)
Step 779 Click Accept on the SiteB-ExpE02.siteb.com invalid certificate (If jabber is
open it will reconnect and an invalid certificate will be presented.)
Validate SiteB-WS02 Is Connected To The External Network
The student should now be RDPed to SiteB-WS02 via the external address. This section will
validate that connection.
Step 780 Click the Command Prompt icon on the task bar at the bottom of the
desktop
Step 781 Enter ipconfig
Step 782 Observe that the workstation is on the .3 network (3
rd
Octet), the .3 network
in our lab is the MOCK internet which confirms the network change
Step 783 Type nslookup and press Enter to enter into nslookup mode
Step 784 Type set type=srv (in all lower case)
Step 785 Enter _cisco-uds._tcp.siteb.com
Step 786 Press Enter
Step 787 Enter _collab-edge._tls.siteb.com
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 133 of 274
Step 788 Observe that the _cisco-uds is NOT able to be resolved and that _collab-edge
IS able to be resolved, which is opposite form the previous section
Step 789 Close the Command Prompt
Step 790 Navigate to 172.19.X.110 (x=pod#) in a browser from the students
computer
Step 791 Click Cisco Unified Communications Manager
Step 792 Login in with the following credentials
a. Username Administrator
b. Password Cisc0123
c. Click Login
Step 793 Click Device Phone
Step 794 Click Find
Step 795 Observe the IPv4 Address of the two CFS (disregard the Dyslexic lab
developer, CFS should be CSF). Notice that one CSF devices is registered on
the .201 which is SiteB-WS01 and is still connected to the internal network.
But the CFSUSER02 is connected to .143 which is the address of
Expressway-C
Step 796 Switch back to SiteB-WS02 (172.19.X.241 Blake Bad) RDP Session
Step 797 Double click the Jabber Icon on the desktop to open Jabber
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 134 of 274
Step 798 Accept any and all Invalid Certificates
Step 799 Click Help Show Connection Status, on the Jabber client
Step 800 Observe that softphone is connected to Expressway, also notice that the
Voicemail is not connected
Step 801 Click the VoiceMail tab on the Jabber Client
Step 802 Observe that voice mail is not connected
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 135 of 274
Creating a White List entry for VoiceMail on Expressway-C
In this section the student will create a white list entry for the voicemail server that will
allow the Jabber clients to access voicemail services.
Jabber client endpoints may need to access additional web services inside the
enterprise. This requires an "allow list" of servers to be configured to which the
Expressway will grant access for HTTP traffic originating from outside the
enterprise.
The features and services that may be required, and would need whitelisting,
include:
Visual Voicemail
Jabber Update Server
Custom HTML tabs / icons
Directory Photo Host
The IP addresses of all discovered Unified CM nodes (that are running the CallManager or
TFTP service) and IM&P nodes are added automatically to the allow list and cannot be
deleted . Note, however, that they are not displayed on the HTTP server allow list page.
Step 803 Switch to SiteB-Ad (172.19.X.120 Administrator) RDP Session
Step 804 Open Firefox, if not already open
Step 805 Click Expressway SiteB-ExpC01, or switch to the tab that already has
SiteB-ExpC01 open in it
Step 806 Enter the following credentials to login in
a. Username admin (lower case)
b. Password Cisc0123 (case sensitive)
c. Click Login
Step 807 Click Configurations Unified Communications Configuration
Step 808 Click Configure HTTP Server Allow List
Step 809 Click New
Step 810 Enter siteb-cuc911.siteb.com, in the Server Hostname
Step 811 Enter Visual VoiceMail White List, in the description field
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 136 of 274
Step 812 Click Create Entry
Step 813 Switch to SiteB-WS02 (172.19.X.241 Blake Bad)
RDP Session
Step 814 Click File Exit, to exit Jabber
Step 815 Double click the Jabber icon
Step 816 Click the VoiceMail tab on the Jabber Client
Step 817 Observe that voice mail is now connected
Step 818 Press the Triangle Play button on some of the
VMs to test if they play. The audio if any will be
garbbled due to lab issues, but you should see the play status bar moving
across the VM if you cant hear it.
Step 819 Click the Contact tab in the Jabber client
Step 820 Hover the mouse over Alex Ace, in Blakes contact list
Step 821 Click the Call button
Step 822 Select Alexs Work
(+14085552001) number
Step 823 Switch to SiteB-WS01 (172.19.X.201 Alex Ace) RDP session
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 137 of 274
Step 824 Click Answer, on the Incoming Call pop-up window in the lower left corner
The call that is active right now is a call between Blake Bad (SiteB-WS02) external
and connected via the Expressway, and Alex Ace (SiteB-WS01) connected on the
internal network.
Step 825 Switch to SiteB-Ad (172.19.X.120 Administrator) RDP Session
Step 826 Open Firefox, if not already open
Step 827 Click Expressway SiteB-ExpC01, or open Firefox tab with SiteB-ExpC01
already open in it
Step 828 Enter the following credentials to login in
a. Username admin (lower case)
b. Password Cisc0123 (case sensitive)
c. Click Login
Step 829 Observe that on the main Status Overview status page there is one
current call. At this time the Expressway-C shows this as a video call
Step 830 Click Status Calls Calls
Step 831 Observe there is one call active
Step 832 Click the Start Time link for this call
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 138 of 274
Step 833 Observe the call information
Step 834 Click Status Calls History
Step 835 Observe the call history log (there might not be any calls here till you end the
first call)
Step 836 Switch to SiteB-WS02 (172.19.X.241 Blake Bad) RDP Session
Step 837 Click the Red Phone Handset, to disconnect the call
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 139 of 274
JST Features Task 6: Adding User Photos to Web Server
In this section the student will configure the jabber-config.xml file to point to our network
web server for the Jabber Clients to obtain the user photos at login. In previous sections of
the lab the Jabber Clients used EDI to obtain the photos from the Active Directory.
Activity Objective
In this activity, you will learn the methods to:
Configure jabber-config.xml to allow for web based photos
Configure Expressway C to white list the photo web server
Required Resources
To complete this section of the lab the student will need a computer that is connected to the
lab via VPN, and an RDP connection to your pods SiteB-AD (172.19.X.120).
Contact Photo Retrieval with UDS
UDS dynamically builds a URL for contact photos with a directory attribute and a
URL template.
To resolve contact photos with UDS, you specify the format of the contact photo
URL as the value of the
UdsPhotoUriWithToken parameter. You also include a %%uid%% token to
replace the contact username in
the URL, for example,
<UdsPhotoUriWithToken>http://server_name/%%uid%%.jpg</UdsPhotoUriWithToken>
UDS substitutes the %%uid%% token with the value of the userName attribute in UDS. For
example, a user
named Mary Smith exists in your directory. The value of the userName attribute for Mary
Smith is msmith.
To resolve the contact photo for Mary Smith, Cisco Jabber takes the value of the userName
attribute and
replaces the %%uid%% token to build the following URL:
http://staffphoto.example.com/msmith.jpg
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 140 of 274
Configure jabber-config.xml
The photos for our lab are stored on the external/DNS/webserver at
C:\inetpub\wwwroot\userphotos directory.
Step 838 Switch to SiteB-AD, (172.19.X.120) RDP Session
Step 839 Double click the Jabber Config folder on the desktop
Step 840 Double click the 03_Video_Case_Num_CFg folder
Step 841 Right click Jabber-config.xml
Step 842 Click Edit from the pop-up menu
Step 843 Add the following line of code in the directory section of the jabber-
config.xml. You should be able to copy and paste the line below
<UDSPhotoURIWithToken>http://10.1.3.20/userphotos/%%uid%%.jpg</UDSPhotoURIWithToken>
The whole file should look like this when the one line is added just in
the directory section:
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 141 of 274
Step 845 Click File Save on notepad
Step 846 Click File Exit to close notepad
Step 847 Open Firefox, on SiteB-AD (172.19.X.120) RDP session, or create a new
tab in the session of Firefox that is already open
Step 848 Click SiteB-UC SiteB-CUCM911 from the Firefox favorite bar
Step 849 Click Cisco Unified Communications
Manager
Step 850 Select Cisco Unified OS Administrator, from the navigation drop-down in
the upper right corner of the login page
Step 851 Click I Understand The risk
Step 852 Click Add Exception
Step 853 Click Confirm Security Exception
Step 854 Select Cisco Unified OS Administration, from the navigation drop-down
menu
Step 855 Click Go
Step 856 Login with the following credentials
a. Username Administrator
b. Password Cisc0123
c. Click Login
Step 857 Click Software Upgrades TFTP File Management
Step 858 Click Upload file
Step 859 Click Browse
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 142 of 274
Step 860 Select Desktop from the left side navigation pane
Step 861 Double click the Jabber Config file folder
Step 862 Double click 03_Video_Case_Num_CFG
Step 863 Select jabber-config.xml
Step 864 Click Open
Step 865 Click Upload File
Step 866 Verify File Uploaded Successfully, at
the top of the upload pop-up window
Step 867 Click Close, to close the upload pop-up
window
Step 868 Select Cisco Unified Serviceability, form the Navigation drop-down
window
Step 869 Click GO
Step 870 Login with the following credentials
a. Username Administrator (Case Sensitive)
b. Password Cisc0123 (Case Sensitive)
c. Click Login
Step 871 Click Tools Control Center Feature Services
Step 872 Select SiteB-CUCM911.siteb.comeCUCM Voice/Video, from the Select
Server drop-down menu
Step 873 Click Go
Step 874 Select Cisco Tftp
Step 875 Click Restart
Step 876 Click OK, on the page refresh warning
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 143 of 274
Testing jabber-config.xml
In this section the student will point a browser to the URL below and it should retrieve the
jabber-config.xml from the CUCM TFTP server. All changes should be reflected in the output.
Step 877 Open Firefox, on SiteB-AD (if not already open), or open a new tab in
Firefox
Step 878 Navigate to http://10.1.2.110:6970/jabber-config.xml
The browser should present the output that is shown below, with the edit
that was made to the Directory section
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 144 of 274
White List Web Server
The student will add the web server with the photos on to the allow list on expressway, so
the Jabber client is permitted to access the web server.
Step 879 Switch to SiteB-AD (172.19.X.120) RDP
session
Step 880 Open Firefox, if not already open
Step 881 Click Expressway SiteB-ExpC01, on
the Firefox favorites bar
Or switch to the tab that already has
SiteB-ExpC01 already open in it
Login with the following credentials (if not
already logged in)
a. admin (lower case)
b. Password Cisc0123 (case sensitive)
Step 882 Click Configuration Unified Communications Configuration, in the
SiteB-ExpC01 administration web page
Step 883 Click Configure HTTP Server Allow List
Step 884 Click New
Step 885 Enter 10.1.3.20, in the Server hostname field
Step 886 Description Internet Web Server
Step 887 Click Create Entry
Step 888 Switch to SiteB-WS02, (172.19.X.241 Blake Bad) this workstation should
still be connected to the external network from a previous section
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 145 of 274
If you are not sure if the workstation is connected to the external
network confirm that SiteB-WS02 is connected to the external
network do the following
Click Help Show Connection Status
Observe that the Address in the first section says (CCMCIP
Expressway)
Close the Jabber Connection status screen
If it does say Expressway move on to the next step (outside
of this aqua box)
If the system does not say Expressway do the follow to switch SiteB-WS02 to the
external network.
Right Click External Network On icon on the desktop of
SiteB-WS02
Click Run As Administrator, from the pop-up menu
Click Yes to the warning, at this point you will loose
connectivity to the RDP session. Close the RDP window
Open a new RDP window and login to the following
Computer = 172.19.X.241
Username = siteb\bbad
Password = Cisc0123
Click Help Show Connection Status
Observe that the Address in the first section says
(CCMCIP Expressway)
Close the Jabber Connection status screen
Step 889 Click the Contacts tab on the left side of Cisco Jabber
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 146 of 274
Step 890 Observe that the Cisco Jabber contacts for Blake Bad do not have any
pictures (due to lab variations sometimes the pictures are still showing form
AD, this is OK keep going)
Step 891 Click File Exit, on the Cisco Jabber client to close it on SiteB-WS02
Due to issues in the lab, the two Jabber directories on the
workstation will need to be erase so they will be recreated when
Jabber Client is turned on again. The issue is that if the Jabber Client
has pictures already in the local photo directory the ones on the new
web server will not overwrite the photos previously downloaded from
the internal AD server. In a product network one or the other type of
photo source will exist not both as we demonstrated in the lab.
The bat file erases the Jabber directory and all sub directories below it in two
location on the local workstation.
C:\Users\bbad\AppData\Roaming\Cisco\Unified Communications
C:\Users\bbad\AppData\Local\Cisco\Unified Communications
Step 892 Right Click EraseJabber_02.bat, bat file on the SiteB-WS02 desktop
Step 893 Click Run as Administrator, from the pop-up menu
Step 894 Click Yes to allow the app to change the computer
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 147 of 274
Step 895 Double click the Jabber Client icon to open Jabber
Step 896 Enter the following credentials to login to the Jabber client
a. Username bbad
b. password Cisc0123
c. Sign me in when Cisco Jabber start Checked
d. Click Sign In
Step 897 Accept any invalid certificates (if needed)
In the next step when the Jabber client obtains the user photos
from the Mock Internet Web server, notice that the pictures look
WEIRD. They have intentionally changed with a special effect so
they look different then the pictures in the internal Active
Directory to help the student very quickly realize this is a
different set of pictures.
In most production network there will usually only be one source
for the photos unlike the experience we have just stepped through in the lab.
The altered user photos were copied into a directory
(C:\inetpub\wwwroot\userphotos) on the Mock Internet Web Server before the
class started. Also the IIS role has been installed and started on this server, to
enable it to be a web server.
Step 898 Observe that the Jabber Client now has pictures that were
retrieved from the web server (notice the pictures have been
made to look weird to prove the difference in source of the
photos)
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 148 of 274
JST Features Task 7: URI Dialing
In this section the students will configure CUCM to allow the Jabber Client to dial via URI.
Activity Objective
In this activity, you will learn the methods to:
Configure CUCM to allow for URI dialing on the Jabber Clients
Configure jabber-config.xml and push to the TFTP server
Required Resources
To complete this section of the lab the student will need a computer that is connected to the
lab via VPN, and an RDP connection to your pods SiteB-AD (172.19.X.120).
Confirm URI Dialing Is Not Configured Form the Jabber Clients
Step 899 Switch to SiteB-WS01 (172.19.X.201 Alex Ace) RDP session
Step 900 Click Blake Bad from Alexs contact list
Step 901 Click the Calling Hand Set Icon
Step 902 Observe the list of phone numbers available to call Blake with, notice none of
them are a Directory URI
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 149 of 274
LDAP Sync Directory URI
Step 903 Navigate to 172.19.X.110 (x=pod#), from the students computer browser
Step 904 Accept any invalid certificate warnings
Step 905 Click Cisco Unified Communications Manager
Step 906 Login with the following credentials
a. Username Administrator
b. Password Cisc0123
c. Click Login
Step 907 Click User Management End User
Step 908 Click Find
Step 909 Click aace (Alex Ace), to open and edit her
user profile
Step 910 Observe that Directory URI is not filled in,
but mail ID is filled in via LDAP sync
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 150 of 274
Step 911 Click System LDAP LDAP Directory
Step 912 Click Find
Step 913 Click cucmLDAP
When you synchronize your LDAP directory server with Cisco Unified
Communications Manager, you can populate the end user configuration tables in
both the Cisco Unified Communications Manager and the Cisco Unified
Communications Manager IM and Presence databases with attributes that
contain values for the following:
User ID
You must specify a value for the user ID on Cisco Unified Communications
Manager. This value is required for the default IM address scheme and for users to log in.
The default value is sAMAccountName.
Directory URI
You should specify a value for the directory URI if you plan to:
Enable URI dialing in Cisco Jabber.
Use the directory URI address scheme on Cisco Unified Communications Manager IM and
Presence version 10 and higher.
When Cisco Unified Communications Manager synchronizes with the directory source, it
retrieves the values for the directory URI and user ID and populates them in the end user
configuration table in the Cisco Unified Communications Manager database.
The Cisco Unified Communications Manager database then synchronizes with the Cisco
Unified Communications Manager IM and Presence database. As a result, the values for the
directory URI and user ID are populated in the end user configuration table in the Cisco
Unified Communications Manager IM and Presence database.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 151 of 274
The following two pictures show the changes made to the LDAP Directory sync on CUCM, to
allow the Directory URI field to be populated on the CUCM.
Step 914 Set Directory URI to Mail
Step 915 Click Save
Step 916 Verify a successful result at the top of the page
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 152 of 274
Step 917 Click Perform Full sync Now, at the top of the page
Step 918 Click OK, on the LDAP sync warning message
Step 919 Click User Management End User
Step 920 Click Find
Step 921 Click aace (Alex Ace), to open and edit her user profile
Step 922 Observe that Directory URI is filled in, by the mail ID via LDAP sync
Creating Partition and Calling Search Space for URI Dialing
In this section Calling Search Spaces and Partitions will be configured for use with URI
dialing configuration.
Step 923 Click Call Routing Class of Control Partitions
Step 924 Click Add New
Step 925 Type URIDialing-PRT, in the name field
Step 926 Click Save
Step 927 Click Call Routing Class of Control
Calling Search Space
Step 928 Click Add New
Step 929 Enter Unlimited-CSS
Step 930 Type URI Dialing Testing, in the description field
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 153 of 274
Step 931 Select ALL Available Partitions, by using the shift key
Step 932 Select the Down Arrow, to move all partitions to the Selected partitions
Step 933 Click Save
Setting Directory URI Alias Partition
Step 934 Click System Enterprise Parameters
Step 935 Press CTRL-F, to bring up the browser search field
Step 936 Enter Directory URI (case sensitive) in the browser search field
Step 937 Select URIDialing-PRT
Step 938 Click Save
Setting SIP Profile Configuration
Step 939 Click Device Device Settings Sip Profile
Step 940 Click find
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 154 of 274
Step 941 Select Standard SIP Profile (a new SIP profile is best practice for this, but
since we are in the lab lets just use the default SIP profile)
Step 942 Confirm Phone number consists of characters 0-9, *, #, and + (others
treated as URI addresses), is selected for Dial String Interpretation
Step 943 Check Use Fully qualified Domain Name in SIP Request
Step 944 Select Allow Presentation Sharing using BFCP is checked at the bottom of
the page
Step 945 Select Allow iX Application Media, is checked at the bottom of the page
Step 946 Click Apply Config
Step 947 Click OK
Configure Partition and Calling Search on CSF Device
In this section the CSF Phone devices will be associated with the new CSS and Partition
created previously.
Step 948 Click Bulk Administrator Phones Add Update Lines Update Lines
Step 949 Click Find
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 155 of 274
Step 950 Click Next, (disregard the Dyslexic lab developer, CFS should be CSF)
Step 951 Click and check Route Partition
Step 952 Select URIDialing-PRT as the Route Partition
Step 953 Click and check Calling Search Space
Step 954 Select Unlimited_CSS as the Calling Search Space
Step 955 Click and select Run Immediately, at the bottom of
the screen (scroll to bottom)
Step 956 Click Submit
Step 957 Click Bulk Administration Job Scheduler
Step 958 Click Find
Step 959 Click the latest Job to view its status
Step 960 Observe that 4 records have been successfully updated
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 156 of 274
Setting End User Primary Extension
Step 961 Click User Management End User
Step 962 Click Find
Step 963 Click aace (Alex Ace), to open and edit her user profile
Step 964 Select \+14085552001 in URIDialing-PRT (might already be set)
Step 965 Click Save
Step 966 Click Go, next to related links
Step 967 Select bbad, to edit Blake Bads user profile
Step 968 Select \+14085552002 in URIDialing-PRT (might already be set)
Step 969 Click Save
Step 970 Click Device Phone
Step 971 Click Find
Step 972 Click CFSUSER01, (disregard the Dyslexic lab developer, CFS should be CSF)
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 157 of 274
Step 974 Click Line [1] on the left side association panel
Step 975 Observe that the Directory URI synced up from LDAP is now one of the lines
Directory URIs
Edit and Upload the Jabber-Config.xml to Activate URI Dialing
In this section the jabber-config.xml will be updated to enable the Jabber client to use URI
dialing.
Step 976 Switch to SiteB-AD, (172.19.X.120) RDP Session
Step 977 Double click the Jabber Config folder on the desktop
Step 978 Double click the 03_Video_Case_Num_CFg folder
Step 979 Right click Jabber-config.xml
Step 980 Click Edit from the pop-up menu
Step 981 Add the following 3 lines of code just above the </config> line at the bottom.
The text below can be copy and pasted for ease of use
<Policies>
<EnableSIPURIDialling>True</EnableSIPURIDialling>
</Policies>
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 158 of 274
The whole file should look like this when the three lines are added
just above </config> at the bottom of the file
Step 982 Click File Save on notepad
Step 983 Click File Exit to close notepad
Step 984 Open Firefox on SiteB-Ad (172.19.X.120) RDP session (if not already open)
Step 985 Click SiteB-UC SiteB-CUCM911 from the Firefox favorite bar, or open
the tab that already has SiteB-CUCM911 already open in it
Step 986 Click Cisco Unified Communications
Manager
Step 987 Select Cisco Unified OS Administrator from the navigation drop-down in
the upper right corner of the login page
Step 988 Click Go
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 159 of 274
Step 989 Login with the following credentials
a. Username Administrator
b. Password Cisc0123
c. Click Login
Step 990 Click Software Upgrades TFTP File
Management
Step 991 Click Upload file
Step 992 Click Browse
Step 993 Select Desktop from the left side navigation pane
Step 994 Double click the Jabber Config file folder
Step 995 Double click 03_Video_Case_Num_CFG
Step 996 Select jabber-config.xml
Step 997 Click Open
Step 998 Click Upload File
Step 999 Verify File Uploaded Successfully at the top of the upload pop-up window
Step 1000 Click Close, to close the upload pop-up window
Step 1001 Select Cisco Unified Serviceability form the Navigation drop-down
window
Step 1002 Click GO
Step 1003 Login with the following credentials
a. Username Administrator
b. Password Cisc0123
c. Click Login
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 160 of 274
Step 1004 Click Tools Control Center Feature Services
Step 1005 Select SiteB-CUCM911.siteb.comeCUCM Voice/Video from the Select
Server drop-down menu
Step 1006 Click Go
Step 1007 Select Cisco Tftp
Step 1008 Click Restart
Step 1009 Click OK on the page refresh warning
Testing URI Dialing
Step 1010 Switch to SiteB-WS01 (172.19.X.201 Alex Ace) RDP session
Step 1011 Open Windows File Explorer, by clicking the icon on the
task bar at the bottom of SiteB-WS01s desktop
Step 1012 Browse to (AppData is hidden you have to type it in or unhide hidden
directories)
C:\Users\aace\AppData\Roaming\Cisco\Unified Communications\Jabber\CSF\Config
Step 1013 Right click jabber-config
Step 1014 Click Edit from the pop-up menu
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 161 of 274
In the following step the EnableSIPURIDialling (2 Ls is due to British spelling,
and Jabber is developed across the pond) is not included in the SiteB-WS01 local
copy of jabber-config.xml. Although in the previous steps the student edited the
jabber-config.xml and uploaded it to the CUCM TFTP server, the Jabber client
only gets a fresh copy of the jabber-config.xml at startup time.
In subsequent steps the Jabber client will be restarted and will download the new
version of jabber-config.xml, which will enable URI dialing.
Step 1015 Observe that the following text is not included in this version of the jabber-
config.xml
<Policies>
<EnableSIPURIDialling>True</EnableSIPURIDialling>
</Policies>
Step 1016 Click File Exit to close the jabber-config.xml file in notepad
Step 1017 Click File Exit to close the Jabber Client
Due to issues in the lab, the two Jabber directories on the workstation will need to
be erased, they will be recreated when Jabber Client is turned on again. The issue
is the jabber-config.xml is not being downloaded while one already exist in the
workstations.
The bat file erases the Jabber directory and all sub directories below it in two
location on the local workstation.
C:\Users\bbad\AppData\Roaming\Cisco\Unified Communications
C:\Users\bbad\AppData\Local\Cisco\Unified Communications
Step 1018 Right Click EraseJabber_ws01.bat bat file on the SiteB-WS01 desktop
Step 1019 Click Run as Administrator from the pop-up menu
Step 1020 Click Yes, to allow the app to change the computer
Step 1021 Double click the Jabber Client icon on the SiteB-WS01 desktop
Step 1022 Enter aace@siteb.com in the email field
Step 1023 Click Continue
Step 1024 Enter Cisc0123 in the password field
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 162 of 274
Step 1025 Click and Check sign me in when Cisco Jabber Starts
Step 1026 Click Sign in
Step 1027 Accept any Invalid Certificates, that might pop up
Step 1028 Open Windows File Explorer, by clicking the icon on the task bar at the
bottom of SiteB-WS01s desktop
Step 1029 Browse to (AppData is hidden you have to type it in or unhide hidden
directories)
C:\Users\aace\AppData\Roaming\Cisco\Unified Communications\Jabber\CSF\Config
Step 1030 Right click jabber-config
Step 1031 Click Edit, from the pop-up menu
Step 1032 Observe now the URIDialling Enable is now included in this version of the
jabber-config.xml, proving the new jabber-config file was downloaded at
startup of the Jabber Client
Step 1033 Click File Exit, to close the jabber-config.xml file in notepad
Step 1034 Close Window File Explorer
Step 1035 Click and Highlight Blake Bad, in Alexs contact list
Step 1036 Click the Call Handset
Step 1037 Observe the new URI entry in the list of numbers pop-up window
Step 1038 Select bbad@siteb.com, to call Blake via URI dialing
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 163 of 274
Step 1039 Switch to SiteB-WS02 (172.19.X.202 or .241)
RDP Session depending on if WS 2 is internal or
external
Step 1040 Click Answer on the incoming call pop-up
window in the lower right hand corner
Step 1041 Click Red Hand Set on either workstations conversation window to end the
call
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 164 of 274
JST Features Task 8: Persistent Chat
In this section persistent chat rooms will be enabled on the Jabber client
Activity Objective
In this activity, you will learn the methods to:
PostgreSQL Database configuration
Configure the IM & P server to connect to the PostgreSQL external databse
Persistent Chat end user usage
Required Resources
To complete this section of the lab the student will need a computer that is connected to the
lab via VPN, and an RDP connection to your pods SiteB-AD (172.19.X.120).
Enterprise Instant Messaging
Feature-rich enterprise IM is an important real-time communications medium for
customers; it introduces another mode of communication among users,
customers, and suppliers.
Instant messaging is an important communication option that lets you efficiently
interact in today's multitasking business environment. Cisco Unified Presence
provides personal chat, group chat, and persistent chat capabilities so you can quickly
connect with individuals and groups and conduct ongoing conversations.
Group chat allows you to create a temporary IM enterprise chat room and invite internal
and external colleagues to the chat room to join an IM conference.
Persistent chat is a permanent chat room that offers your ongoing access to a discussion
thread. It is available even if no one is currently in the chat and remains available until
explicitly removed from the system. It allows workers in different locations, countries, and
time zones to participate with fellow team members, customers, partners, and suppliers to
communicate, quickly gain context to ongoing conversations, and easily collaborate in real
time.
Database Setup for IM and Presence Service on Cisco Unified Communications Manager,
Release 10.0(1)
Click Here
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 165 of 274
Configuring the PostgreSQL Database
For sake of time and ease of use the PostgreSQL database has already been
installed for the students on the Mock Internet DNS/Web server
Short video on PostresSQL database install
Watch this video in HD here - http://youtu.be/VIFrOeNbRWE
Step 1042 Switch to Mock Internet DNS (172.19.X.220 x=pod#) RDP Session
Step 1043 Click Start All Programs PostgreSQL 9.1 pgAdmin III, in the
lower right corner
Step 1044 Double Click PostgreSQL 9.1 (localhost:5432), from the left hand
navigation pane in pgAdmin III
Step 1045 Enter Cisc0123, for the
PostgreSQL password
Step 1046 Click and Mark Store Password
Step 1047 Click OK
Step 1048 Click OK, for the save password
warning. This is not recommended
in a production network since the
password is saved in clear text
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 166 of 274
Step 1049 Right Click Login Roles, from the left hand side object browser
Step 1050 Click New Login Role, from the pop-up role
Step 1051 Enter tcuser, in the Role Name on the properties tab
Step 1052 Click Role Privileges tab
Step 1053 Select Inherits rights from parent roles (on by default)
Step 1054 Select Superuser
Step 1055 Select Can Create Database Objects
Step 1056 Select Can Modify Catalog Directly (auto check when Superuser is
checked)
Step 1057 Click OK, to finish creating role
Step 1058 Click and Highlight Databases (1), in the object browser navigation pane
on the left side of pgAdmin
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 167 of 274
Step 1059 Click the Create a New Object, blue arrow Icon on the pgAmin tool bar to
create a new database
Step 1060 Enter tcmadb, in the Name field of the new database pop-up window
Step 1061 Select tcuser, form in the Owner field drop down menu
Step 1062 Click Definition tab
Step 1063 Select SQL_ASCII, from the Encoding drop down menu
Step 1064 Select Template0, from the template drop down menu
Step 1065 Click OK, to finish creating the new database
Step 1066 Click Command Prompt, icon on the task bar at the bottom of the desktop
Step 1067 Enter cd C:\Program Files\PostgreSQL\9.1\bin, at the DOS prompt
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 168 of 274
Step 1068 Enter psql.exe tcmadb postgres, at the DOS prompt
Step 1069 Copy and paste the following commands in the DOS prompt, one at a time
if you get an error that one of these items already exists move on to the
next item
CREATE FUNCTION plpgsql_call_handler () RETURNS LANGUAGE_HANDLER AS '$libdir/plpgsql'LANGUAGE C;
CREATE TRUSTED PROCEDURAL LANGUAGE plpgsql HANDLER plpgsql_call_handler;
ALTER ROLE tcuser WITH PASSWORD 'Cisc0123';
ALTER ROLE tcuser WITH SUPERUSER;
\q (to end session)
Step 1070 Close the Command Prompt
Step 1071 Click Tools Server Configuration postgresql.conf, from the
pgAdmin III tool menu
Step 1072 Double click Escape_string_Warning, (to find it just type es and the
backend config editor should scroll right to the setting)
Step 1073 Click and check enabled
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 169 of 274
Step 1074 Type off, in the value field
Step 1075 Click OK
Step 1076 Observe the escape_string_warning is now checked and value = off
Step 1077 Double click Standard_conforming_strings, (to find it just type stand
and the backend config editor should scroll right to the setting)
Step 1078 Click and check enabled
Step 1079 Type off, in the value field
Step 1080 Click OK
Step 1081 Click Save, (blue disk in tool bar) on the Backend
Config Editor
Step 1082 Click Yes, to confirm the save
Step 1083 Click Reload, (green right facing arrow) on the
Backend Config Editor
Step 1084 Click Yes, to confirm reload
Step 1085 Close Backend Configuration Editor
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 170 of 274
Step 1086 Click Tools Server Configuration
pg_hba.conf
Step 1087 Double click the Blank Line at the bottom of the
Backend Access Config Editor
Step 1088 Click and check Enabled (default)
Step 1089 Select Host, from the type drop-down menu
Step 1090 Select tcmadb, form the database drop-
down menu
Step 1091 Select tcuser, form the user drop-down
menu
Step 1092 Enter 10.0.0.0/8 in the IP Address field
Step 1093 Select Password, form the method
Step 1094 Click OK
Step 1095 Observe the Backend Access Config Editor
should look something like this. The entry just created is like a access list
for who is allow to access the database and from what network
Step 1096 Click Save, (blue disk in tool bar) on the Backend Config Editor
Step 1097 Click Yes, to confirm the save
Step 1098 Click Reload, (green right facing arrow) on the Backend Config Editor
Step 1099 Click Yes, to confirm reload
Step 1100 Close the Backend Access Config Editor
Step 1101 Open File Explorer window by clicking the Folder icon on the
bottom tool bar
Step 1102 Navigate to C:\Program Files\PostgreSQL\9.1\data, in Windows File
Explorer
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 171 of 274
Step 1103 Double click pg_hba.conf
Step 1104 Click Select a program from a list of installed programs
Step 1105 Click OK
Step 1106 Select Notepad
Step 1107 Click OK
Step 1108 Scroll to the bottom of the pg_hba.conf file
Step 1109 Remove the bottom line that says
host tcmadb tcuser 10.0.0.0/8 crypt
Step 1110 Copy and paste the following two lines to the bottom of the pg_hba.conf file
in Notepad
host all tcuser 10.0.0.0/8 password
host tcmadb all 0.0.0.0 0.0.0.0 password
Step 1111 Click File Save, in Notepad to save the pg_hba.conf file
Step 1112 Close Notepad
Step 1113 Click and Highlight PostgreSQL 9.1 (localhost:5432), in the pgAmin III
Step 1114 Right click PostgreSQL 9.1 (localhost:5432)
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 172 of 274
Step 1115 Click Stop Service, from the pop-up menu
Step 1116 Click Yes, to confirm shutdown
Step 1117 Right click PostgreSQL 9.1 (localhost:5432)
Step 1118 Click Start Service, from the pop-up menu
Step 1119 Double click PostgreSQL 9.1 (localhost:5432) to login
Configuring the IM&P Sever
In this section the IM&P server will be configured to communicate with the external
PostgreSQL server.
Step 1120 Navigate to 172.19.X.112 (x=pod#), from the students computer browser
Step 1121 Click Cisco Unified Communications Manager IM and Presences
Step 1122 Accept any and all invalid certificates if any
Step 1123 Enter the following credentials to login in to IM&P
a. Username Administrator
b. Password Cisc0123
c. Click Login
Step 1124 Click Messaging External Server Setup External Databases
Step 1125 Click Add New
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 173 of 274
Step 1126 Enter tcmadb, in the Database Name field
Step 1127 Select Postgres, from the Database Type drop-down field
(default)
Step 1128 Enter Persistent Chat DB, in the Description field
Step 1129 Enter tcuser, in the User Name field
Step 1130 Enter Cisc0123, in the Password field
Step 1131 Enter Cisco123, in the Confirm Password field
Step 1132 Enter 10.1.3.20, in the Hostname field
Step 1133 Enter 5432, in the Port Number field (default)
Step 1134 Click Save
Step 1135 Observe that after the Database information is saved the status at the
bottom of the page should look like this
Step 1136 Click Messaging Group Chat and Persistent Chat
Step 1137 Click and check Enable Persistent Chat
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 174 of 274
Step 1138 Select tomadb (10.1.3.20), for the node of SiteB-IMP911.siteB.com (only
use one node the system will only let one node be connected to the external
database)
Step 1139 Scroll down and click and check Users can add themselves to rooms
and as members
Step 1140 Click Save
Step 1141 Select Cisco Unified IM and Presence Serviceability, form the
Navigation drop-down menu in the upper right corner of the IM&P web
admin
Step 1142 Click Go
Step 1143 Click Tools Control Center Network Services
Step 1144 Select SiteB-IMP911.siteb.com-CUCM IM and Presence, from the
server drop-down menu
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 175 of 274
Step 1145 Click GO
Step 1146 Scroll down and select Cisco XCP Router
Step 1147 Click Restart (this will take a minute or so, please be patient)
Step 1148 Click OK, to confirm the restart
Step 1149 Wait for the loading pop-up to go away and the screen to refresh
Step 1150 Select Cisco Unified CM IM and Presence Administration, from the
navigation drop-down menu
Step 1151 Click Go
Step 1152 Click Messaging External Server Setup External Databases
Step 1153 Click Find
Step 1154 Click tcmadb, to open and edit the database connection
Step 1155 Observe the status of the external database
Update jabber-config.xml
In this section the jabber-config.xml will be updated to include turning on Persistent Chat
Step 1156 Switch to SiteB-Ad (172.19.X.120) RDP Session
Step 1157 Double Click Jabber Config, folder on the desktop of SiteB-AD
Step 1158 Double Click 03_Video_Case_Num_Cfg, folder
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 176 of 274
Step 1159 Right click jabber-config.xml
Step 1160 Click Edit, from the pop-up menu
Step 1161 Add the following line to the policies section of the Jabber-config.xml
<Persistent_Chat_Enabled>true</Persistent_Chat_Enabled>
The whole jabber-config.xml file should look like the following at
this point in the lab
Step 1162 Click File Save, to save the jabber-config.xml
Step 1163 Click File Exit, to close the notepad
Step 1164 Open or switch to Firefox, on the SiteB-AD RDP session, or bring to focus
the Firefox that is already open
Step 1165 Click SiteB-UC SiteB-CUCM911, or open tab with SiteB-CUCM911
admin already open
Step 1166 Click Cisco Unified Communications Manager (if requested)
Step 1167 Select Cisco Unified OS Administration, form the Navigation drop-down
Step 1168 Click Go
Step 1169 Login in with the following credentials
a. Username Administrator
b. Password Cisc0123
c. Click Login
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 177 of 274
Step 1170 Click Software Upgrades TFTP File Management
Step 1171 Click Upload File
Step 1172 Click Browse
Step 1173 Click Desktop, in the left side navigation pane
Step 1174 Double Click Jabber Config, file folder
Step 1175 Double Click 03_Video_Case_Num_CFG
Step 1176 Select Jabber-config.xml
Step 1177 Click Open
Step 1178 Click Upload File
Step 1179 Verify a Successful Upload
Step 1180 Click Close
Step 1181 Select Cisco Unified Serviceability, from the navigation drop-down menu
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 178 of 274
Step 1182 Click Go
Step 1183 Login in with the following credentials
a. Username Administrator
b. Password Cisc0123
c. Click Login
Step 1184 Click Tools Control Center Features Services
Step 1185 Select SiteB-CUCM911.siteb.comCUCM Voice/Video, from the select
server drop-down menu
Step 1186 Click Go
Step 1187 Select Cisco Tftp
Step 1188 Click Restart
Step 1189 Click OK, to confirm the restart
Step 1190 Wait for the Loading pop-up windows goes away and the page refreshes
Step 1191 Open a new tab in Firefox, or to the tab that was used to test the jabber-
config.xml previously if it is still open
Step 1192 Navigate to http://10.1.2.110:6970/jabber-config.xml
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 179 of 274
Step 1193 Observe and confirm that the new jabber-config.xml is active on the TFTP
server, with the persistent chat enabled in it
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 180 of 274
Configuring Persistent Chat (P Chat) Conference Rooms
In this section the students will create, manage, administer and destroy conference room
for Persistent Chat
What are Conference Rooms?
Conference rooms enable you to chat with a number of people within a
conference room. People typically set up conference rooms to gather a specific
group together, or to talk about a specific subject. Once you enter a conference
room, you can see the presence of everyone in the conference room and can
participate in the ongoing conversation.
The different type of conference rooms
Room Type Description
Permanent
Rooms
If the purpose of a conference room is long-standing (for example, a meeting
place for discussing an ongoing project), it is usually created as a permanent
room. That is, the conference room continues to exist, even when all members
have left. Members come and go, as they want. Depending on the configuration
of your environment, you may not have the option to create permanent rooms.
The server can be configured so that only occupants with administrator's rights
have this capability.
Temporary
Rooms
If the purpose of a conference room is short-term (for example, a quick decision
on where to go for lunch), it is usually created as a Temporary room. When
everyone leaves the conference room, it ceases to exist. That is, the conference
room exists only for as long as there are people in it.
Moderated
Rooms
Moderators manage the moderated room. If you are not a member of a
moderated room, you enter the moderated room without the ability to speak in
the conference room until the moderator grants you voice.
Open Rooms
This is a conference room that anyone can join without being on the members
list.
Members Only
Rooms
The owner or administrator adds you to the members list in order for you to join
the conference room.
Anonymous
Rooms
In Anonymous rooms, the occupant's ID is hidden to everyone. You can send
private chats to occupants in an Anonymous room.
Non-
Anonymous
Rooms
In Non-Anonymous rooms, the occupant's ID is shown to everyone in the
conference room. You can send one-to-one chats to occupants in Non-
Anonymous room.
Password
Protected
Rooms
A password is required in order to join a password protected conference room.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 181 of 274
Roles within a conference room
Your role within a conference room is temporary, and does not persist
once you leave the conference room, unless you have an affiliation with
that conference room. Also, a role within a conference room depends on
whether a conference room is moderated or non-moderated.
In moderated rooms, unaffiliated occupants do not have voice
initially. Moderators can grant or revoke voice to occupants of that
conference room. If the occupant was granted voice and then the occupant leaves the
conference room, the next time the occupant joins the conference room, the unaffiliated
occupant will not have voice.
In non-moderated rooms, occupants have voice within that conference room. However,
Owner or Administrator can revoke voice to occupants of that conference room. If the
occupant's voice was revoked and then the occupant leaves the conference room, the next
time the occupant joins the conference room, the occupant has voice.
The following table describes the roles within a conference room.
Role Description
Observers
Observers in moderated rooms are not able to speak (voice) within the moderated
room unless the Moderator grants them voice. For example, you might want to set
up a conference room for a debate between three individuals. While many people
would be able to view the debate, only the three visitors will be granted voice
within that moderated room and can enter messages.
Participants Participants are able to speak (voice) within the conference room.
Moderators
If room moderation has been enabled for a conference room, the conference room's
owners and administrators can grant moderator privileges. In addition to basic
conference room activities, such as chatting, inviting, and changing the subject,
moderators can grant and revoke voice, which is the ability for a conference room
occupant to send messages within the conference room (voice). If a conference
room occupant has no voice, he or she cannot chat in the conference room.
Affiliations within a conference room
Affiliations have a permanent association with a conference room. Affiliation
includes owner, administrator, member, unaffiliated, and banned. The following
table describes the conference room affiliations:
Affiliation Description
Owner
These occupants can modify conference room options, grant and revoke
administrator privileges, grant and revoke voice, add and remove membership,
grant and revoke moderator privileges, remove and ban occupants, and delete
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 182 of 274
conference rooms. When you create a conference room, you are the owner of the
conference room and a moderator in a moderated or non-moderated room. You
may also become the owner of a conference room if the current owner grants you
ownership.
Administrator
These occupants can grant and revoke voice, add and remove membership, grant
and revoke moderator privileges, and remove and ban occupants. In addition to
being administrator in a conference room, an administrator is also a moderator in
a moderated or non-moderated room.
Member
These occupants are members of an open conference room or members-only
room.
Unaffiliated
These occupants can join open conference rooms, but they do not have an
affiliation within the conference room.
Banned These occupants are banned from joining the conference room.
Configuring Conference Rooms with MomentIM
In this section the students will configure MomentIM to connect with Cisco IM&P server, and
administer conference rooms
Due to feature limitation, that should be available in future releases of Cisco Jabber
Client, the lab will use MomentIM a 3
rd
party client to administer conference rooms
Step 1194 Switch to Internet_DNS_Srv, (172.19.X.220 x=pod#) RDP Session
Step 1195 Click on the MomentIM icon on the bottom task bar
Step 1196 Click Yes, to remove plug-in list warning
Step 1197 Click Create a new Profile, at the bottom of the main
screen
Step 1198 Enter Alex Ace, in the
New Profile name pop-up
window
Step 1199 Click OK
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 183 of 274
Step 1200 Enter the following information on the Account Details page
a. Username aace
b. server siteb.com
c. password Cisc0123
d. Save password Checked
e. This is a new account Un-Checked
f. Click Connection on the left hand side
Step 1201 Enter the following on the Connection page
a. Select Specify host and port:
b. Enter 10.1.2.113
c. Port 5222 (default)
d. Secure connection Encrypt the connection whenever possible
(default)
e. Click OK
Step 1202 Click Alex Ace, on the main screen to connect
Step 1203 Select Always allow this SSL certificate (if presented)
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 184 of 274
Step 1204 Click OK
Step 1205 Observe that Alex logs in and has all her contacts as she does on her Cisco
Jabber client on WorkStation 01
Step 1206 Click the Join a conference, button (Brown Door Icon) on the top tool bar
Step 1207 Select Join or Create the following
conference room
Step 1208 Select conference-X-
standalonecluster from the drop
down conference room name
Step 1209 Enter Alex Ace Tech Talk - Persistent
Step 1210 Click Finish
Step 1211 Click and check Make the room persistent
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 185 of 274
Step 1212 Click OK
Step 1213 Observe the main MomentIM conversation window
Step 1214 Switch to SiteB-WS01 (172.19.X.201 Alex Ace) RDP Session
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 186 of 274
Step 1215 Observe what tabs are on the Jabber client before exit and restart
Step 1216 Click File Exit, on the Jabber client to close the client
Step 1217 Right click Erase Jabber.bat, on the desktop of SiteB-WS01
Step 1218 Click Run as administrator, from the pop up menu
Step 1219 Click on Yes, to allow the bat file to make changes to the computer
Step 1220 Double Click the Jabber Client icon to open Jabber
Step 1221 Enter aace@siteb.com in the email address field
Step 1222 Click Continue
Step 1223 Enter Cisc0123, in the password field
Step 1224 Click and check Sign me in when Cisco Jabber Starts
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 187 of 274
Step 1225 Click Sign in
Step 1226 Click the new P-Chat Tab
Step 1227 Click the All Rooms Tab
Step 1228 Click Refresh, if the Alex Ace tech talk room does not show up
Step 1229 Switch to SiteB-WS02 (172.19.X.202 Black Bad) RDP Session
Step 1230 Click File Exit, on the Jabber client to close the client
Step 1231 Right click Erase Jabber.bat, on the desktop of SiteB-WS01
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 188 of 274
Step 1232 Click Run as administrator, from the pop up menu
Step 1233 Click on Yes, to allow the bat file to make changes to the computer
Step 1234 Double Click the Jabber Client icon to open Jabber
Step 1235 Enter bbad@siteb.com in the email address field
Step 1236 Click Continue
Step 1237 Enter Cisc0123, in the password field
Step 1238 Click and check Sign me in when Cisco Jabber Starts
Step 1239 Click Sign in
Step 1240 Click the new P-Chat Tab
Step 1241 Click the All Rooms Tab
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 189 of 274
Step 1242 Click Refresh, if the Alex Ace tech talk room does not show up
Step 1243 Click Join, on Blake Bads Jabber Client
Step 1244 Observe the Check Mark, that is replace for the green join button
indicating Black has just joined this room
Step 1245 Observe the new conversation window that just opened with the persistant
chat room in it
Step 1246 Enter Hello Alex, do you have time for a question
Step 1247 Press Enter to submit the text to the chat room
Step 1248 Switch to SiteB-WS01 (172.19.X.201 Alex Ace) RDP Session
Step 1249 Click the Green Join, button from the All Rooms tab on Alexs Jabber client
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 190 of 274
Step 1250 Observe that Alex can see the past messages to her in the text area
Configuring Conference Rooms Filters
Step 1251 Click the Filters tab on Alexs Jabber client
Step 1252 Click Create Filter at the bottom of the Jabber Client
Step 1253 Enter the following in the Create Filter
pop-up window
a. Filter Label Jabber Talk
b. keywords 1 XMPP
c. Keyword 2 Presence
d. Keyword 3 Jabber
e. Click Create
Step 1254 Click Create Filter (again)
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 191 of 274
Step 1255 Enter the following in the Create Filter pop-
up window
a. Filter Label Alex is Paranoid
b. keywords 1 Alex
c. Keyword 2 Ace
d. Keyword 3 Your Fired
e. Click Create
Step 1256 Observe Alexs new filters
Step 1257 Switch to SiteB-WS02 (172.19.X.202 Blake Bad) RDP Session
Step 1258 Type Alex my question is in regards to XMPP in Jabber, please
contact me when you have a chance, in the Alex Ace Tech Talk chat
room. There are two word Alex is filtering on XMPP and Jabber in this text
Step 1259 Close the Conversation Window, so Blake is not active in the conversation
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 192 of 274
Step 1260 Observe that Blake is still a member of the conversation by looking in the
All rooms tab of the Jabber Client
Step 1261 Switch to SiteB-WS01 (172.19.X.201 Alex Ace) RDP Session
Step 1262 Click Filters Tab, in Alexs Jabber Client
Step 1263 Observe there are 2 Filtered items waiting, and it shows in two places the
left navigation tab and the upper filter tab
Step 1264 Double click the Alex is P filter
Step 1265 Double click the Jabber T. filter
Step 1266 Observe the filter indicators clear on the Jabber client
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 193 of 274
Step 1267 Observe the two filter conversation in the conversation window
Step 1268 Click on Alex Ace Tech Talk, chat room
Step 1269 enter @bl in the enter text section, observe it brings up a contact search
Step 1270 Select Blake Bad
Step 1271 Enter I will get back to you this
afternoon
Step 1272 Press Enter
Step 1273 Switch to SiteB-WS02 (172.19.X.202 Blake
Bad) RDP Session
Step 1274 Click the P-Chat navigation tab is not all
ready selected
Step 1275 Click the Filters tab at the top of the p-chat
window
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 194 of 274
Step 1277 Observe there is a filter indicator
Step 1278 Double click the My Ment
Step 1279 Observe the mentioned conversation
Step 1280 Switch to Internet-DNS-Srv (172.19.x.220) RDP Session
Step 1281 Click the Join Room brown door icon on the MomentIM upper tool bar
Step 1282 Enter the following in the Join Room
pop-up window
a. Join or Create the following
conference rooms Selected
b. Conference Room server
conference-2-
standalonecluster
c. conference Room Name IT
Team Chat Persistent
d. Click Finish
Step 1283 Click and check make the room
Persistent
Step 1284 Click OK
Step 1285 Click the Join Room brown door icon on the MomentIM upper tool bar
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 195 of 274
Step 1286 Enter the following in the Join Room pop-up window
a. Join or Create the following conference rooms Selected
b. Conference Room server conference-2-standalonecluster
c. conference Room Name Brown Bag Lunch Tech Talk
Persistent
d. Click Finish
Step 1287 Click and check Make the room Persistent
Step 1288 Click OK
Step 1289 Click the Disconnect switch icon on the MomentIM upper tool bar
Step 1290 Click Create a New Profile, on the bottom of the MomentIM client
Step 1291 Enter Nancy Fox, in the new profile
pop-up window
Step 1292 Click OK, to create the profile
Step 1293 Enter the following in the account
details
a. Username nfox
b. Server siteb.com
c. password Cisc0123
d. Save Password Checked
e. This is a new account
UNChecked
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 196 of 274
Step 1294 Click Connection, on the left side navigation pane
Step 1295 Enter the following information into the connection window
a. Specify host and port Selected
b. Host 10.1.2.112
c. Port 5222
d. Secure connection Encrypt the connection whenever possible
e. Click OK, to create the profile
Step 1296 Click Nancy Fox, profile to connect as nancy
Step 1297 Click the Add Contact, button on the MomentIM upper tool bar
Step 1298 Click Add Contact, from the pop-up menu
Step 1299 Enter the following in the add contact pop-up window
a. Contact Type Jabber
b. Contact ID aace
c. NickName Alex Ace
d. Group Unified
e. Click OK
Step 1300 Add another contact for Black Bad (bbad)
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 197 of 274
Step 1301 Observe the two contacts have been added to MomentIM contacts for Nancy
fox
Step 1302 Click Join Room, brown door icon
Step 1303 Enter the following information in the Join Room pop-up window
a. Join or Create the following conference room Checked
b. Conference Room Server Conference-2-standalone-cluster
c. Conference Room Name Nancy Fox Tech Talk Persistent
d. Click Finish
Step 1304 Click and Check Make the room persistent
Step 1305 Click and check Enable room
moderation
Step 1306 Click OK
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 198 of 274
Step 1307 Click and Drag Blake Bad, form Nancys MomentIM contact list to the
Nancy Fox Tech Talk Chat room conversation window. This will send a invite
to Blake for this chat room
Step 1308 Click OK, to invite Blake to the conference
Step 1309 Switch to SiteB-WS01 (172.19.X.201 Alex Ace) RDP session
Step 1310 Select P-Chat tab in Alexs Jabber Client
Step 1311 Click All Rooms
Step 1312 Click Refresh
Step 1313 Click Join, to join Nancy Foxs Tech Talk
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 199 of 274
Step 1314 Observe the conversation window
Step 1315 Switch to SiteB-WS02 (172.19.X.202 Blake Bad) RDP Session
Step 1316 Observe the chat room notification, in the lower right corner of Blakes
desktop.
Step 1317 Click Enter
Step 1318 Observe the conversation window, also notice Blake and Ace did not have
permission to send message because it is a moderated chat room
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 200 of 274
Deleting Chat Rooms
Step 1319 Switch to Internet-DNS-Server (172.19.X.220) RDP Session
Step 1320 Right Click the Conversation window, for the chat room Nancy Fox Tech
Talk. MomentIM calls this Destroying the Conference Room
Step 1321 Select Admin Destroy Conference Room, from the pop-up menu
Step 1322 Click Yes, to confirm the destroy of the room
Step 1323 Click OK, to confirm the Destroy Reason. The reason can be edited if wished
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 201 of 274
Step 1324 Click OK, on the room destroy conformation
Step 1325 Switch to SiteB-WS01 (172.19.X.201 Alex Ace) RDP Session
Step 1326 Click OK, and clear the broadcast message about the room being destroyed
Step 1327 Observe that Nancys room has been removed from Alexs All Rooms tab in
her Jabber Client
Step 1328 Switch to SiteB-WS02 (172.19.X.202 Blake Bad) RDP Session
Step 1329 Click OK, and clear the broadcast message about the room being destroyed
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 202 of 274
JST Features Task 9: Jabber Guest
In this section one Expressway E and one Expressway C will be configured to perform the
task of Jabber guest.
In this activity, you will learn the methods to
Configure Expressway E
Configure Expressway C
Configure Jabber Guest Server
Required Resources
To complete this section of the lab you will need a computer that is connected to the lab via
VPN.
Jabber Guest server software runs as a virtual machine, deployed with the Cisco
Expressway Series gateway alongside your existing Cisco Unified
Communications installation. A Second Expressway Series edge server in the
demilitarized zone between your firewall and the Internet gives your business
or organization secure access to Jabber Guest features. And when visitors to
your website or mobile application click the Jabber Guest link, their
communications are secure, too-their video calls, the information they research,
and the information they give your agents.
Figure 1 shows you how Jabber Guest looks to your customer.
Simple, straightforward, and welcoming.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 203 of 274
And Figure 2 shows you how Jabber Guest looks to your IT department.
Also simple and straightforward.
Jabber Guest is designed to be easy:
It's easy to develop the parts of your website that use it: We've built in a developer quick-
start approach with software development kits (SDKs), documentation, sample codes, and
other provisions.
It's easy to deploy: Access to your site is through URLs, and URLs are also the pathway by
which the links in your portal are made with your contact center, business office, or other
places in your organization. You can create these links in a number of ways, including
through a RESTful API that can be integrated into your application.
It's easy to access: Your guest just clicks on a link on your website or mobile application.
The user experience is simple.
Jabber Guest relies on the Cisco Unified Communications Manager (UCM). It offers two
features from the Cisco UCM portfolio that we've been discussing as especially valuable for
satisfying your customers: instant-on voice and video; and the ability to display information
such as flash videos, images, and URLs to the customer.
You see video of your customer captured by a camera on his or her computer, tablet, or
smartphone.
As guests, your visitors have a great deal of choice:
Point-to-point video
Point-to-many video (videoconference)
The ability to see themselves before going live on video
In-call control through a keypad
The ability to mute video, audio, or both
The ability to see themselves as well as your employee(s)
The choice of camera and audio device
The choice of clicking on your website from a tablet or PC or clicking on an app from a
mobile device
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 204 of 274
As developers, your IT personnel can:
Use an SDK to create desktop web applications: We provide sample HTML and JavaScript
with which they can set up video widgets and an event handler
Use SDKs to set up mobile native applications for iOS devices
Embed Jabber Guest functions easily into any web-based or mobile application
In addition, Jabber Guest call control is designed to be compatible with upcoming WebRTC
standards.
We make life easier for your other employees, too. They can:
Bring videos and other content into a conversation with a guest
Bring in an expert at another location - even halfway around the world
Focus on the business at hand, rather than the technology
Even relax and enjoy the interaction
Jabber Guest Deployment
Configuring Expressway for Jabber Guest Functionality
In this section two Expressways, a C and an E, will be configured These two Expressways
are two completely different set of Expressways from what was used in the previous Collab-
Edge section of this lab. Future releases of Expressway will support both Collab-Edge and
Jabber Guest on the same set of Expressways.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 205 of 274
Both Expressways and the Jabber Guest VMs have been deployed in the lab for
the student.
Short Video on deploying the Expressway Virtual Machines
Watch this video in HD here - http://youtu.be/Uoi3hosvygs
Short video on deploying Jabber Guest Server Virtual Machine
Watch this video in HD here - http://youtu.be/hsT5Jejx9Ow
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 206 of 274
Step 1330 Switch to SiteB-AD (172.19.X.120) RDP Session
Step 1331 Click Firefox, from the task bar at the bottom of the desktop
This section will be done twice, once for Siteb-JabGstC01 and once for
SiteB-JabGstE01 Follow from here down and when you get to a table
take the left side the first time through for SiteB-JabGstC01, and take
the right side when doing the second pass for SiteB-JabGstE01
In this first section of Jabber Guest Expressway configuration, many of
the same initial steps will be performed on the Expressways in the Collab-edge
section done earlier in this lab.
SiteB-Jabber Guest C 01
Use Left Column First Pass of Section
SiteB-Jabber Guest E 01
Do this section when repeating
Step 1332 Click Jabber Guest SiteB-
JabGstC01, from the Firefox
favorite bar
Step 1332 Open a new tab in Firefox
Step 1333 Click Jabber Guest SiteB-
JabGstE01 from the Firefox
favorite bar
Step 1334 Click I Understand the Risks, (if presented)
Step 1335 Click Add Exception, (if presented)
Step 1336 Click Confirm Security Exception, (if presented)
Step 1337 Login in with the following credentials
admin (all lower case)
Password TANDBERG (all upper case)
Click Login
Step 1338 Observe the Expressway/VSC web administrator
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 207 of 274
Step 1339 Click the Red Box, that says this system has five alarms
Step 1340 Observe the five system alarms
Step 1341 Click Time, under on the first alarm under the Action heading
Alternatively Click System Time
Step 1342 Observe that the first three NTP servers have place holders in the address
field
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 208 of 274
Step 1343 Delete and clear all the default entries in the address fields
Step 1344 Enter 128.107.212.175, in the first NTP Server Address
Step 1345 Select US/Pacific, for the time Zone
Step 1346 Click Save
Step 1347 Observe the bottom of the time page for a minute or so, eventually the
status will go from Rejected to Starting to Synchronized
Step 1348 Click the Red Alarms box again in the upper right corner. Notice it has
dropped from five alarms to three alarms (you might have to click on the
red alarm box to get it to change from five to three if you dont give it
enough time)
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 209 of 274
Step 1349 Click Change the admin password link under action on the alarm page
Or Click Users Administrator Accounts
Step 1350 Click admin, to open the admin
configuration page
Step 1351 Enter Cisc0123, in the
password field
Step 1352 Enter Cisc0123, in the confirm
password field
Step 1353 Click Save
Step 1354 Click the Red Alarms box again in the upper right corner. Notice it has
dropped from five alarms to two alarms
Step 1355 Click View Instruction on changing the root password, under actions
Step 1356 Observe the Using the Root Account, help page pop-up
Step 1357 Close the Help Page, when finished reading it
Step 1358 Click the PuTTy, icon on the bottom tool bar
SiteB-Jabber Guest C 01
Use Left Column First Pass of Section
SiteB-Jabber Guest E 01
Do this section when repeating
Step 1359 Click SiteB-JabGstC01, from
the saved sessions list in PuTTy
Click SiteB-JabGstE01, from the saved
session list in PuTTy
Step 1360 Click Open
Step 1361 Click Yes on the PuTTy security warning
Step 1362 Enter root, to login as (all lower case)
Step 1363 Enter TANDBERG, FOR Password (all uppercase)
Step 1364 Enter passwd, at the prompt
Step 1365 Press Enter
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 210 of 274
Step 1366 Enter Cisc0123, for new UNIX password (it will not look like you are
typing)
Step 1367 Press Enter
Step 1368 Enter Cisc0123, to
retype the new UNIX
password
Step 1369 Press Enter
Step 1370 Close the PuTTy
window
Step 1371 Click OK, to confirm
closing PuTTy
Step 1372 Click the Red Alarms box again in the upper right corner. Notice it has
dropped from two alarms to one alarms
Options are used to add additional features to the Expressway. Option keys can
either be valid for a fixed time period or have an unlimited duration. Your
Expressway may have been shipped with one or more optional features pre-
installed. To purchase further options, contact your Cisco representative.
The Option keys page (Maintenance > Option keys) lists all the existing
options currently installed on the Expressway, and allows you to add new
options.
The System information section summarizes the existing features installed on the
Expressway and displays the Validity period of each installed key. The options that you
may see here include:
Traversal Server: enables the Expressway to work as a firewall traversal server.
H.323 to SIP Interworking gateway: enables H.323 calls to be translated to SIP
and vice versa.
Advanced Networking: enables static NAT functionality and the LAN 2 port on an
Expressway-E.
Rich media sessions: determines the number of non-Unified Communications calls
allowed on the Expressway (or Expressway cluster) at any one time. See the Call
types and licensing [p.264] section for more information.
TURN Relays: the number of concurrent TURN relays that can be allocated by this
Expressway (or Expressway cluster). See About ICE and TURN services [p.49] for
more information.
Encryption: indicates that AES (and DES) encryption is supported by this software
build.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 211 of 274
Microsoft Interoperability: enables encrypted calls to and from Microsoft Lync
2010 Server (for both native SIP calls and calls interworked from H.323). It is also
required by the Lync B2BUA when establishing ICE calls to Lync 2010 clients. It is
required for all types of communication with Lync 2013.
Expressway Series: identifies and configures the product for Expressway Series
system functionality.
Step 1373 Click Add a Release Key, under action
Or Click Maintenance Option Keys
Step 1374 Observe the Option Keys admin page, take note of the active options
Notice the Serial Number (S/N), in the lower right hand corner of the
admin page. This is the serial number that is used to generate licenses
and options keys
The Release Keys and Options keys have already been installed into SiteB-ExpC02
and SiteB-ExpE02 (the cluster pair of expressway servers)
Step 1375 Observe the server model name at the top of the admin page, this will
change once all the option keys are installed
Step 1376 Observe the Active Options
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 212 of 274
This key is the Service Contract Release key
SiteB-Jabber Guest C 01
Use Left Column First Pass of Section
SiteB-Jabber Guest E 01
Do this section when repeating
Step 1377 Copy and Paste the license number
4871176275042305
in the Release Key Field
Careful to make sure you have the release key
field and not the option key field. This key
validates the service contract on the server
Ignore the two new alarms that appear for a
invalid key, this will clear itself after a restart,
later in the section
Step 1359 Copy and Paste the license
number
4288141040879898
in the Release Key Field
Step 1378 Click Set Release Key
Step 1379 Observe the Yellow message at the top of the screen (do not restart we
will do that later)
This option key is the Expressway series key
SiteB-Jabber Guest C 01
Use Left Column First Pass of Section
SiteB-Jabber Guest E 01
Do this section when repeating
Step 1362 Copy and Paste the license
number (Must Be All Caps)
116341E00-1-8AD9AE82
in the Software Option Field
Step 1362 Copy and Paste the license
number (Must Be All Caps)
116341E00-1-A14E7789
in the Software Option Field
Notice the although this is ultimately going
to be an Expressway-E server at this point
it is an Expressway-C, but will change roles
when a later option key is installed
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 213 of 274
Step 1363 Click Add Option
Step 1364 Observe the server model name at the top has change (The E expressway
will also say C for now, we will change the E to a E later in the section)
Step 1365 Observe the Yellow message at the top of the screen (do not restart we
will do that later)
This option key is the Rich Media Key
SiteB-Jabber Guest C 01
Use Left Column First Pass of Section
SiteB-Jabber Guest E 01
Do this section when repeating
Step 1366 Copy and Paste the license
number (Must Be All Caps)
116341W100-1-6D415BF0
in the software Option Field
Step 1366 Copy and Paste the license
number (Must Be All Caps)
116341W100-1-5B0DD1B0
in the software Option Field
Step 1367 Click Add Option
Step 1368 Observe the Active Options
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 214 of 274
SiteB-Jabber Guest C 01
Use Left Column First
Pass of Section
SiteB-Jabber Guest E 01
Do this section when repeating
Nothing Here
This is an Expressway-E
Only section
Move on to next step below
continue setting up SiteB-
JabGstC01 if this is your
first pass of this section of
the lab
Step 1369 Copy and Paste the license number (Must Be All
Caps)
116341I1800-1-EC92C886
in the Software Option Field (this option key is for the E
expressway only). This option key is the Turn Relay 1800
Step 1368 Click Add Option
Step 1370 Copy and Paste the license number (Must Be All
Caps)
116341T00-1-DE3F1423
in the Software Option Field (this option key is for the E
expressway only). This option key is the Traversal Service for
E option key
Step 1369 Click Add Options
Step 1370 Observe the model name at the top of the page
changed from C to E
Step 1371 Observe the options added to the Expressway-E
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 215 of 274
Step 1372 Click System DNS, in the Expressway web admin
Step 1373 Enter the following information for each Exprssway
SiteB-Jabber Guest C 01
Use Left Column First Pass of Section
SiteB-Jabber Guest E 01
Do this section when repeating
System Host Name siteb-jabgstc01
Domain Name siteb.com
Address 1 10.1.2.120
Click Save
System Host Name siteb-jabgste01
Domain Name siteb.com
Address 1 10.1.3.20
Click Save
Step 1374 Scroll down and click DNS Lookup Utility
Step 1375 Enter siteb-jabgstc01.siteb.com (the domain name is not needed)
Step 1376 Click Lookup
Step 1377 Observe the successful DNS Lookup
Step 1378 Click Maintenance Restart Options
Step 1379 Click Restart, (careful to not click shutdown)
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 216 of 274
Step 1380 Click OK, to restart the system
Step 1381 Observe the system is restarting
Step 1382 Repeat Steps 1332 1382 for SiteB-JABGSTE01, while siteb-jabgstc01 is
restarting
Configuring the Expressway-E Unified Communications
This section sets the SiteB-ExpE01 Mobile and Remote Access and H.323 SIP Interworking
mode configuration.
Step 1385 Switch to the Firefox tab with SiteB-jabgstE01 web admin in it
Step 1386 Wait for the SiteB-jabgstE01 to restart if not already restarted (about 1 to
3 minutes)
Step 1387 Enter admin, (all lower case)
Step 1388 Enter Cisc0123
Step 1389 Click Login
Step 1390 Click the Red Alarm alert message
Step 1391 Click Reconfigure Interworking Mode, in the action column
Step 1392 Select Off, for H.323 SIP interworking Mode
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 217 of 274
Step 1393 Click Save
Step 1394 Confirm successful save
Step 1395 Click Configuration Unified Communications Configuration
Step 1396 Select Jabber Guest Services,
Unified Communications Mode
Step 1397 Click Save
Step 1398 Confirm successful save
Configuring the Expressway-C for Unified Communications
In this section the student will configure the Expressway-C
Careful this section is only for Expressway-C
Step 1400 Switch to the Firefox Tab with SiteB-JabGstC01 web admin web page
Step 1401 Use the following credentials to login to SiteB-ExpC01 (if Logged out)
a. Username admin (lower case)
b. Password Cisc0123 (CaSe SeNsAtIvE)
c. Click Login
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 218 of 274
Step 1402 Click the Red Alarm alert message
Step 1403 Click Reconfigure Interworking Mode, in the action column
Step 1404 Select Off, for H.323 SIP interworking Mode
Step 1405 Click Save
Step 1406 Confirm successful save
Step 1407 Click Configuration Unified Communications Configuration
Step 1408 Select Jabber Guest Services, in the
Unified Communications Mode field
Step 1409 Click Save
Step 1410 Confirm successful save
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 219 of 274
Configuring the domains to route to Unified CM
You must configure the domains for which registration, call control;
provisioning, messaging and presence services are to be routed to Unified CM.
SIP registrations and provisioning on Unified CM: endpoint
registration, call control and provisioning for this SIP domain is serviced
by Unified CM. The Expressway acts as a Unified Communications
gateway to provide secure firewall traversal and line-side support for Unified CM
registrations.
IM and Presence services on Unified CM: instant messaging and presence
services for this SIP domain are provided by the Unified CM IM and Presence service.
Step 1411 Click Configuration Domains
Step 1412 Click New
Step 1413 Enter siteb.com, in the Domain Name field
Step 1414 Set On, Jabber Guest
Step 1415 Click Create Domain
Step 1416 Observe that the domain was created
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 220 of 274
Configuring the Expressway-C for Root CA Certificate
Step 1420 Open a new Firefox Tab
Step 1421 Click Certificate Services, on the Firefox favorites bar
Step 1422 Enter Administrator, in the username field (if login pop-up is presented)
Step 1423 Enter Cisc0123, in the password field (if login pop-up is presented)
Step 1424 Click Login (if login pop-up is presented)
Step 1425 Click Download a CA certificate, certificate chain, or CRL
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 221 of 274
Step 1426 Select Base 64, Encoding Method
Step 1427 Click Download CA Certificate
Step 1428 Click OK, to save the file to the students computer
Step 1429 Click the Firefox Download Arrow
Step 1430 Click the File Folder, to open in containing folder
In the Certificate Management section in this lab, a CA Root Certificate was already
downloaded to the SiteB-AD server. That original CA Root Certificated that was
previously downloaded can be used for this section of the lab as well.
The reason the CA is being downloaded again is for the possible use case where a
student only wants to only perform the Jabber Guest section of the lab.
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 222 of 274
Step 1431 Rename the file to SiteB-CARoot3.cer
Step 1432 Close the Windows File Explorer
Step 1433 Switch back to the Firefox tab with SitebB-JabGstC01
with Expressway web page administrator
Step 1434 Click Maintenance Security Certificates Trusted CA Certificates
Step 1435 Click Browse
Step 1436 Click downloads, on the left side navigation pane
Step 1437 Select CARootCert3, from the folder it was downloaded to on the students
computer
Step 1438 Click Open, on the file upload screen
Step 1439 Click Append CA Certificate
Step 1440 Observe the certificate upload at the top of the page
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 223 of 274
Add Client Server Template to MS CA Server
In this section the Microsoft Certificate Authority server will be customized to add a new
template. This function is not part of the UC solution but is a necessary action that needs to
be performed to use the MS CA to generation CA signed certificates for Expressway.
Adding a new Client Server Certificate Template to the CA server was
performed in the Collab-Edge Section of this lab. If you are only doing
the Jabber Guest section of the lab ONLY you will need to go back and
perform the Adding Client Server Template to MS CA Server from the
Collab-Edge section of the lab. CLICK HERE to go back and add the
Client Server template to the MS CA server. Search on RRR to return
back to here after you are done.
If you have done the Collab-Edge section of this lab, continue on with the next section.
Configuration of Certificates to prepare for Implementing Traversal Zones
Step 1420 Switch back to the Firefox tab with MS Active Directory Certificate
Server with web administrator
Step 1421 Confirm Base 64 under Encoding Method is
selected
Step 1441 Click Download latest base CRL
Step 1442 Select Save
Step 1443 Click OK
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 224 of 274
Step 1444 Click the Firefox Download Arrow
Step 1445 Click the File Folder, to open in containing folder
Step 1446 Right click certcrl.crl
Step 1447 Click Rename, on the pop-up menu
Step 1448 Enter CARootCRL2.crl, to rename the file. The CARootCRL.crl from the
Collab-Edge is the same file and can be used, but for the lab we are
creating a 2
nd
file in the instance that a student only wants to perform the
Jabber Guest section of the lab
Step 1449 Close File Explorer window
Step 1450 Switch to the Firefox Tab with SiteB-ExpC01 web admin open in it
Step 1451 Login in to SiteB-JabGstC01 with the following credentials (if needed)
d. Username admin (lower case)
e. Password Cisc0123 (case sensitive)
f. Click Login
Step 1452 Click Maintenance Security Certificates CRL Management
Step 1453 Click Browse, in the Manual CRL Update section
Step 1454 Click Downloads, in the left navigation pane
Step 1455 Select CARootCRL2.crl
Step 1456 Click Open
Step 1457 Click Upload CRL File
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 225 of 274
Step 1458 Confirm successful upload of CRL
Step 1459 Click Maintenance Security Certificates Server Certificate
Step 1460 Click Generate CSR
Step 1461 Enter the following information
a. Key Length (in bits) 2048
b. Country US
c. Sate or province CA
d. Locality (town name) San Jose
e. Organization (company name) Cisco
f. Organizational Unit Cisco
g. Click Generate CSR
Step 1462 Click Download, to download CSR file
Step 1463 Select Open
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 226 of 274
Step 1464 Click OK, to open the CSR in a notepad
Step 1465 Click Format Word Wrap, in notepad to see the whole file (might
already be done)
Step 1466 Click CTRL-A, to highlight the whole text in notepad
Step 1467 Click CTRL-C, to copy the text into your computer buffer
Step 1468 Close Notepad
Step 1469 Switch to the Firefox tab with MS Certificate Server web admin page open
Step 1470 Click Certificate Service, Firefox favorite to bring the CA server web admin
to the home page
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 227 of 274
Step 1471 Click Request a Certificate
Step 1472 Click Advanced Certificate Request
Step 1473 Click inside the Saved Request field
Step 1474 Press CTRL-V, to paste the CRS test into the saved request field
Step 1475 Select ClientServer, from the Certificate Template field (this is the
template crated in the previous section)
Step 1476 Click Submit
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 228 of 274
Step 1477 Select Base 64 Encode
Step 1478 Click Download Certificate
Step 1479 Select Save File
Step 1480 Click OK
Step 1481 Click the Firefox Download Arrow, in the upper right corner
Step 1482 Click the File Folder
Step 1483 Right Click certnew.cer
Step 1484 Select Rename, from the pop-up windows
Step 1485 Rename the file to SiteB-JabGstC01_CASigned.cer
Step 1486 Close File Explorer window
Step 1487 Switch to the SiteB-JabGstC01, tab in the Firefox browser on SiteB-AD
RDP session
Step 1488 Click Browse, to upload a new certificate, at the bottom of the server
certificate screen
Step 1489 Click Downloads, in the left navigation pane
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 229 of 274
Step 1490 Find and select the SiteB-JabGstC01_CASigned.pem, from the
downloads directory
Step 1491 Click Open
Step 1492 Click Upload Server Certificate Data
The browser will reinitialize and ask to accept the certificate again
Step 1493 Click I Understand The Risk
Step 1494 Click Add Exception
Step 1495 Click Confirm Security Exception
Step 1496 Observe the certificate has been uploaded but the system needs a restart
Step 1497 Click Restart, from the yellow warning message at the top of the Server
Certificate page
Step 1498 Click Restart, again on the Restart Options window
Step 1499 Click OK, to confirm the restart
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 230 of 274
Add CA Signed Certificate on SiteB-JabGstE01
Step 1500 Switch to the Firefox Tab, with SiteB-JabGstE01 web admin open in it
Step 1501 Login with the following credentials (if logged out)
a. Click Home
b. UserName admin
c. Password Cisc0123
d. Click Login
Step 1502 Click Maintenance Security Certificates Trusted CA Certificate
Step 1503 Click Browse
Step 1504 Click Downloads, in the left side navigation pane (Might already be here)
Step 1505 Select CARootCert3.cer
Step 1506 Click Open
Step 1507 Click Append CA Certificate
Step 1508 Observe and confirm that CA Root Certificate has been uploaded
Step 1509 Click Maintenance Security Certificates CRL Management
Step 1510 Click Browse
Step 1511 Click Downloads, in the left
side navigation pane
Step 1512 Select CARootCRL2.crl
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 231 of 274
Step 1513 Click Open
Step 1514 Click Upload CRL File
Step 1515 Observe and confirm the CRL was uploaded successfully
Step 1516 Click Maintenance Security Certificates Server Certificate
Step 1517 Click Generate CSR
Step 1518 Enter the following information
a. Key Length (in bits) 2048
b. Country US
c. Sate or province CA
d. Locality (town name) San Jose
e. Organization (company name) Cisco
f. Organizational Unit Cisco
g. Click Generate CSR
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 232 of 274
Step 1519 Click Download, to download CSR file
Step 1520 Select Open
Step 1521 Click OK, to open the CSR in a notepad
Step 1522 Click Format Word Wrap, in notepad to see the whole file (if needed)
Step 1523 Click CTRL-A, to highlight the whole text in notepad
Step 1524 Click CTRL-C, to copy the text into your computer buffer
Step 1525 Close Notepad
Step 1526 Switch to the Firefox Tab with MS CA Server web admin open
Step 1527 Click Certificate Services, on the Firefox favorite bar
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 233 of 274
Step 1528 Click Request a Certificate
Step 1529 Click Advanced Certificate Request
Step 1530 Select and make active the Saved Request field
Step 1531 Select ClientServer, from the Certificate Template field
Step 1532 Click Submit
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 234 of 274
Step 1533 Select Base 64 Encode
Step 1534 Click Download Certificate
Step 1535 Select Save File
Step 1536 Click OK
Step 1537 Click the Firefox Download Arrow, in the upper right corner
Step 1538 Click the File Folder
Step 1539 Right Click certnew.cer
Step 1540 Select Rename, from the pop-up windows
Step 1541 Rename the file to SiteB-JabGstE01_CASigned.pem
Step 1542 Click Yes, to confirm name extension change
Step 1543 Close File Explorer window
Step 1544 Switch to the SiteB-JabGstE01, tab in the Firefox browser on SiteB-AD
RDP session
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 235 of 274
Step 1545 Click Browse, to upload a new certificate, at the bottom of the server
certificate screen
Step 1546 Find and select the SiteB-ExpE01Cert.pem, from the downloads directory
Step 1547 Click Open
Step 1548 Click Upload Server Certificate Data
The browser will reinitialize and ask to accept the certificate again
Step 1549 Click I Understand the Risks
Step 1550 Click Add Exception
Step 1551 Click Confirm Security Exception
Step 1552 Observe the certificate has been uploaded but the system needs a restart
Step 1553 Click Restart, from the yellow warning message at the top of the Server
Certificate page
Step 1554 Click Restart, again on the Restart Options window
Step 1555 Click OK, to confirm the restart
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 236 of 274
Configuring Traversal Zones
Configuring traversal server zones
An Expressway-E can act as a traversal server, providing firewall traversal on
behalf of traversal clients (an Expressway-C).
To act as a traversal server, the Expressway-E must have a special type of two-
way relationship with each traversal client. To create this connection, you create
a traversal server zone on your local Expressway-E and configure it with the
details of the corresponding zone on the traversal client. (The client must also be
configured with details of the Expressway-E.)
After you have neighbored with the traversal client you can:
provide firewall traversal services to the traversal client
query the traversal client about its endpoints
apply transforms to any queries before they are sent to the traversal client
control the bandwidth used for calls between your local Expressway and the traversal
client
Note: traversal client-server zone relationships must be two-way. For firewall traversal to
work, the traversal server and the traversal client must each be configured with the others
details. The client and server will then be able to communicate over the firewall and query
each other.
CLICK HERE to find the Expressway documentation on Cisco.com
Step 1556 Switch to SiteB-JabGstE01 web admin Firefox tab (if not all ready there)
on the SiteB-AD RDP session
Step 1557 Wait for SiteB-JabGstE01, to finish restarting
Step 1558 Login as
a. admin (lower case)
b. Password Cisc0123
c. Click Login
Step 1559 Click configuration Zones Zones
Step 1560 Click New
Step 1561 Enter the following information
a. Name TraversalZoneSiteB
b. Type Unified Communications Traversal
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 237 of 274
Step 1562 Click Add/Edit Local Authentication Database
Step 1563 Click New
Step 1564 Enter TraversalAdmin, in the Name field
Step 1565 Enter Cisc0123, in the password field
Step 1566 Click Create Credential
Step 1567 Close the Local Authentication Database, pop-up window
Step 1568 Fill in the following information (change only what is listed below leave all
other fields at default)
a. UserName TraversalAdmin
b. TLS Verify Subject Name SiteB-jabgstC01.siteb.com
c. Media Encryption Mode Forced Encrypted
d. Authentication Policy Treat As Authenticated
e. Click Create Zone
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 238 of 274
Step 1569 Switch to SiteB-JabGstC01, tab in Firefox on SiteB-AD RDP Session
Step 1570 Login as (if needed)
a. admin (lower case)
b. Password Cisc0123
c. Click Login
Step 1571 Click configuration Zones Zones
Step 1572 Click New
Step 1580 Enter the following information (change only what is listed below leave all
other fields at default)
a. Name TraversalZoneSiteB
b. Type Unified Communications Traversal
c. UserName TraversalAdmin
d. Password Cisc0123
e. Port 7001
f. Authentication Policy Treat As Authenticated
g. Peer 1 Address siteb-jabgste01.siteb.com
h. Click Create Zone
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 239 of 274
Step 1582 Observe that SiteB-JabGstC01 show active traversal zone
a. Click Configuration Zones Zones
b. Click TraversalZoneSiteB
c. Scroll to the bottom and observe that status is Active
Step 1583 Observe that SiteB-JabGstE01 show active traversal zone
a. Switch to SiteB-JabGstE01, Firefox tab admin web page
b. Click Configuration Zones Zones
c. Click TraversalZoneSiteB
d. Scroll to the bottom and observe that SIP Reachable & status is
Active
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 240 of 274
Configuration of Turns on JabGstE01
In this section Turns will be configured on the Expressways.
Step 1584 Switch to SiteB-JabGstE01, tab in Firefox on SiteB-AD RDP Session (if not
already there
Step 1585 Login as (if needed)
a. UserName admin (lower case)
b. Password Cisc0123
c. Click Login
Step 1586 Click configuration Traversal Turns
Step 1587 Click Configure TURN client credentials on local database, hyperlink
Step 1588 Click New
Step 1589 Enter TurnAdmin, in the Name field
Step 1590 Enter Cisc0123, in the password field
Step 1591 Click Create Credential
Step 1592 Close the Local Authentication Database, pop-up window
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 241 of 274
Step 1593 Select ON, for Turn Services
Step 1594 Enter TurnAdmin, in the Authentication realm field
Step 1595 Click Save
Configure Cisco Jabber Guest Server List - JabGstC01
In this section the Jabber guest server will be added to the Expressway C configuration.
Step 1596 Switch to SiteB-JabGstC01, tab in Firefox on SiteB-AD RDP Session (if not
already there
Step 1597 Login as (if needed)
a. Click Home, if on the logout screen
b. UserName admin (lower case)
c. Password Cisc0123
d. Click Login
Step 1598 Click configuration Unified Communications Configuration
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 242 of 274
Step 1599 Click Configure Jabber guest Servers, from the advanced section
Step 1600 Click New
When more than one server is added, the priority can be used to control how HTTP
traffic is load balanced between the Cisco Jabber Guest servers in a cluster. Lower
numbers have higher priority. Two servers can have the same priority.
Step 1601 Enter the following in the Jabber Guest Server window
a. Domain siteb.com
b. Server Hostname siteb-jabgstsrv01.siteb.com (must be FQDN
even though it says Hostname)
c. Priority 1
d. Click Create Entry
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 243 of 274
Configure Neighbor Zone to Jabber Guest Server on the JabGstC01
In this section a neighbor zone (sip trunk) will be created to access the Jabber Guest server
from the Expressway C server.
Step 1602 Click Configuration Zones Zones on SiteB-JabGstC01
Step 1603 Click New
Step 1604 Enter the following Information (leave unmentioned fields as default)
a. Name siteb-jabgstsrv01
b. Type Neighbor
c. H.323 Mode Off
d. ICE Support On
e. Authentication Policy Treat as authenticated
f. Location Peer 1 Address siteb-jabgstsrv01.siteb.com
g. Click Create Zone
Configure Neighbor Zone to CUCM on the JabGstC01
In this section a neighbor zone (sip trunk) will be created to access the CUCM server from
the Expressway C server.
Step 1605 Click Configuration Zones Zones
Step 1606 Click New
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 244 of 274
Step 1607 Enter the following Information (leave unmentioned fields as default)
a. Name siteb-cucm911
b. Type Neighbor
c. H.323 Mode Off
d. Port 5060
e. SIP Transport TCP
f. Authentication Policy Treat as authenticated
g. Location Peer 1 Address siteb-cucm911.siteb.com
h. Location Peer 2 Address siteb-cucm02.siteb.com
i. Advance Zone Profile Custom
j. Call signaling Routed Mode Always
k. Click Create Zone
Configure Search rules on the JabGstC01
In this section a search rule (kind of like a dial peer) will be created to match on so the call
can be routed.
The Search rules page (Configuration > Dial plan > Search rules) is used to
configure how the Expressway routes incoming search requests to the appropriate
target zones (including the Local Zone) or policy services.
Step 1608 Click configuration Dial Plan Search Rules
Step 1609 Click New
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 245 of 274
Step 1610 Enter the following Information (leave unmentioned fields as default)
a. Rule Name Call Manager Route
b. Description Call Search Pattern to CUCM 911
c. Mode Alias Pattern Match
d. Pattern Type Regex (regular expression)
e. Pattern String (.*)@siteb.com(.*) - (copy paste this)
f. Replace String \1@siteb.com\2 - (copy paste this)
g. On successful Match Stop
h. Target Siteb-cucm911
i. State Enabled
j. Click Create Search Rule
Configure B2BUA Turn Servers on the JabGstC01
In this section the B2BUA turns server will be configured.
Step 1611 Click Applications B2BUA B2BUA Turn Servers
Step 1612 Click New
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 246 of 274
Step 1613 Enter the following Information (leave unmentioned fields as default)
a. Turn server Address 10.1.3.42
b. Turn Server Port 3478 (default)
c. Description SiteB-JabGstE01
d. Turn Services Username TurnAdmin
e. Turn Services Password Cisc0123
f. Click Add Address
Configure SIP Trunk on CUCM to SiteB-JabGstC01 (Expressway C)
In this section a SIP trunk will be created on the CUCM pointing to the Expressway C server.
Step 1614 Switch to SiteB-AD (172.19.X.120) RDP Session
Step 1615 Open Firefox, or open new Tab in Firefox if already open
Step 1616 Click SiteB-UC, Firefox favorite
Step 1617 Click SiteB-CUCM911
Step 1618 Click Cisco Unified Communications Manager
Step 1619 Login with the following credentials
a. Username Administrator
b. Password Cisc0123
c. Click Login
Step 1620 Click Device Trunk
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 247 of 274
Step 1621 Click Add New
Step 1622 Select SIP Trunk, from the Trunk Type field
Step 1623 Click Next
Step 1624 Enter the following information (any fields not mentioned are left at default)
a. Device Name SiteB-JabGstC01
b. Description SIP trunk to EXP C01 Jabber Guest
c. Device Pool Default
d. Call Classification OnNet
e. Click and Check SRTP Allowed
f. Click and Check Run On All Active Unified CM Nodes
g. Inbound Calls Calling Search Space Unlimited-CSS
h. Click and Check Redirecting Diversion Header Delivery
Inbound
i. Destination Address 10.1.2.42
j. Destination Port 5060
k. SIP Trunk Security Profile Non secure SIP Trunk Profile
l. SIP Profile Standard SIP profile for Cisco VCS
m. DTMF Signaling Method RFC 2833
n. Normalization Script vcs-interop
o. Click Save
p. Click OK, on the reset warning
q. Click Reset
r. Click Reset, again on pop-up window
s. Click Close, to close the reset pop-up window
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 248 of 274
Configure Jabber Guest Server
In this section the Jabber Guest server will be configured.
Step 1625 Switch to SiteB-AD (172.19.X.120) RDP Session
Step 1626 Open Firefox, or a new tab in Firefox if already open
Step 1627 Navigate to https://10.1.2.43/admin
Or click Jabber Guest SiteB-JabGstSrv01, from the Firefox favorite bar
Step 1628 Click I Understand The Risk, for the Firefox invalid certificate (if
presented)
Step 1629 Click Add Exception
Step 1630 Click Confirm Security Exception
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 249 of 274
Step 1631 Enter the following credentials to login to the Jabber Guest Server
a. Alias admin
b. Password jabbercserver
c. Click Sign In
Step 1632 Enter Cisc0123, new password
Step 1633 Enter Cisc0123, confirm New Password
Step 1634 Click Sign In
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 250 of 274
Configure Jabber Guest Server Settings - Links
Step 1635 Click Settings Links
Step 1636 Domain Used For Links siteb-jabgste01.siteb.com
Step 1637 Click and Check Allow Adhoc Links
Step 1638 Click Update
Configure Jabber Guest Server Settings Secure SIP Trust Cert
Step 1639 Click Secure SIP Trust Certificate, from the left side navigation menu
Step 1640 Click Choose File
Step 1641 Click Downloads, from the file upload pop-up window left side navigation
menu
Step 1642 Select CARootCert3.cer, from the list of files. This is the CA Root
Certificate that was downloaded earlier in this section of the lab
Step 1643 Click Open
Step 1644 Click Upload, to upload the CA Root Cert to the Jabber Guest Server
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 251 of 274
Step 1645 Observe the Tomcat restart message, and the CA Root Cert presented at
the lower section of the page
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 252 of 274
Configure Jabber Guest Server Restart TomCat Service
Step 1646 Click the PuTTy icon on the task bar on the bottom of the SiteB-AD desktop
Step 1647 Double Click SiteB-JabGstSrv01, form the list of sessions
Step 1648 Click Yes, on any PuTTy Security Warnings
Step 1649 Enter the following credentials to login to the console of Jabber Guest
Server
a. Enter root for the login as name (lower case)
b. Enter jabbercserver for the Password (lower case)
c. Enter jabbercserver for the current password
d. Enter C1sc0123, for new password
e. Enter C1sc0123, for the repeat new password
Step 1650 Enter service tomcat-as-standalone.sh restart
Step 1651 Wait for the tomcat service to restart
Step 1652 Close the PuTTy window
Step 1653 Click OK, to confirm the exit of PuTTy
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 253 of 274
Configure Jabber Guest Server Local SSL Certificate
Step 1654 Click Local SSL Certificate, from the left side navigation menu
Step 1655 Click Create a new certificate signing request
Step 1656 Click Download a certificate signing request
Step 1657 Select Open with
Step 1658 Click Browse
Step 1659 Select Notepad
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 254 of 274
Step 1660 Click OK
Step 1661 Click OK, to open in notepad
Step 1662 Click CTRL-A, to highlight the whole certificate in notepad
Step 1663 Click CTRL-C, to put the content into the paste buffer
Step 1664 Close Notepad
Step 1665 Switch Tabs, in Firefox to the MS Certificate Services tab, or open a new
tab
Step 1666 Click the Certificate Services on the favorite bar in Firefox
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 255 of 274
Step 1667 Click Request a certificate
Step 1668 Click Advanced Certificate Request
Step 1669 Click and make focus Saved Request Field
Step 1670 Press CTRL-V, to paste the saved certificate into the field
Step 1671 Select ClientServer, in the certificate Template
Step 1672 Click Submit
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 256 of 274
Step 1673 Select Base 64 encoded
Step 1674 Click Download Certificate
Step 1675 Select Save File (default)
Step 1676 Click OK
Step 1677 Click the Firefox Download Arrow
Step 1678 Click the File Folder, to open in containing folder
Step 1679 Rename to SiteB-JabGstSrv01_CASigned
Step 1680 Close the File Explorer window
Step 1681 Switch back to Firefox
Step 1682 Switch to the Tab with Cisco Jabber Guest Admin in it
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 257 of 274
Step 1683 Click Choose File
Step 1684 Click Downloads, on the left side of the File Upload pop-up window
Step 1685 Select SiteB-JabGstSrv01_CASigned, file from the File Upload pop-up
window
Step 1686 Click Open
Step 1687 Click Install a certificate authority signed certificate
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 258 of 274
Step 1688 Observe the message that the server has a certificate authority signed
certificate
Configure Jabber Guest Server Call Control and Media
Step 1689 Click Call Control and Media
Step 1690 Enter the following in the SIP section
a. Route Calls Using Cisco Expressway Selected
b. Enable SIP over TLS Checked
c. Enable SRTP Checked
d. SIP Port 5061
e. SIP Domain Siteb.com
f. SIP Server siteb-jabgstC01.siteb.com
g. Send SIP Traffic To Expressway-C server that proxied the
HTTP request from Jabber Guest client
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 259 of 274
Step 1691 Scroll down and Enter the following in the Cisco Expressway C and E
Sections
a. Expressway-C (IP Address or DNS Name) siteb-
jabgstC01.siteb.com
b. Select Expressway-C server specified above
c. HTTP Port 443
d. Domain siteb.com
e. Username admin
f. Password Cisc0123
g. Expressway-E Turn Server (IP Address or DNS Name) siteb-
jabgstE01.siteb.com
h. Turn Port 3478
i. Click Update
Step 1692 Observe a successful update at the top of the screen
Step 1693 Click Call control and Media (Local), from the left side navigation pane
Step 1694 Enter SiteB-JabGstSrv01.siteb.com
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 260 of 274
Step 1695 Click Update
Configure Jabber Guest Server Making a Call
In this section the student will make a call from a workstation via the Jabber Guest server
Step 1696 Switch to SiteB-WS02 (172.19.X.202) RDP Session
Step 1697 Open Firefox
Step 1698 Navigate to the following in Firefox
https://siteb-jabgste01.siteb.com:9443/call/aace@siteb.com
Or
Click Jabber Guest Call JG Call AAce on the Firefox favorite bar
Step 1699 Click Install, to install the Jabber Guest Plug-In
Step 1700 Click Save File
Step 1701 Click The Green Download Arrow, in the upper right corner of Firefox
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 261 of 274
Step 1702 Double click the jabberGuest-Browswer_Plug.., in the download
windows
Step 1703 Click Run (Wait for it)
Step 1704 Click Always Allow, on the plug-in pop-up windows
Step 1705 Click Call (the green call button)
Step 1706 Switch to SiteB-WS01 (172.19.X.201) RDP Session
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 262 of 274
Step 1707 Click Answer, on the incoming call pop-up in the lower left corner of the
SiteB-WS01s desktop
Step 1708 Observe there is now a call between the Jabber Guest and Jabber Windows
on Aaces desktop
Step 1709 Click the Red Handset to disconnect the call
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 263 of 274
Call History on SiteB-JabGstC01
On Expressway-C go to - Status Search History
The call history gives you a long of the call flow, it is good to get familiar with a few good
calls to learn how to read the output.
Step 1710 Experiment with more Jabber Guest calls and move on to the next section
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 264 of 274
Configure Jabber Guest Server Non ADHock Call
In this section the ADHock calls will be turned off and specific links will be created so only
certain numbers can be called via Jabber Guest.
Call links
A Cisco Jabber Guest call link allows anyone to click-to-call an endpoint in the enterprise
without creating an account, setting a password or otherwise authenticating.
The Cisco Jabber Guest web client launches when a link is clicked. This process greatly
simplifies how a user places a call; they simply click on the provided link. This allows the
user to easily place a video call to the destination associated with the link.
The Cisco Jabber Guest server checks to see if the link exists in the database when a call is
placed using it. The following operational parameters for the call are taken from the
database if the link exists:
destination endpoint
caller ID
called ID
time
The server checks the Ad Hoc link setting if the link is not listed in the database. If Ad hoc
links are enabled, the server sends the call to VCS or Cisco UCM using the string to the right
of /call/ as the route string. If the setting is disabled, the call is not routed unless the link
exists in the database. Ad hoc links are enabled from Cisco Jabber Guest Administration.
Calls can be made to any Cisco Unified Communications Manager endpoint by dialing the
directory number (DN). Calls can also be placed using a URI if URI dialing has been enabled.
Call links are constructed in the following format:
https://example-jabberc/call/DN or UserID@example.com
The following table provides some examples of how links are constructed.
Call links are classified as either in database or as ad hoc. When a Cisco Jabber Guest client
tries to place a call to a link, the Cisco Jabber Guest server first checks to see if the link
exists in the database. If so, the operational parameters (destination endpoint, caller ID,
called ID, and time the link is valid) are taken from the database. If the link is not listed in
the database, the server next checks the Ad Hoc link setting. If that is enabled, the server
sends the call to Cisco TelePresence Video Communication Server or Cisco Unified
Communications Manager using the string to the right of /call/ as the route string. If the
setting is disabled, the call will not route unless the link exists in the database. Ad hoc links
must be enabled before calls can be placed with them.
Step 1711 Switch to SiteB-AD (172.19.X.120) RDP Session
Step 1712 Open Firefox, and click Jabber Guest SiteB-JabGstSrv01 Or switch to
the tab in Firefox that has Jabber Guest Admin already open
Step 1713 Enter the following credentials to login in to Jabber Guest Admin (if needed)
Alias admin (lower case)
Password Cisc0123 (case sensitive)
Click Login In
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 265 of 274
Step 1714 Click Links, from the top menu
Step 1715 Click New
Step 1716 Enter the following Link information
Select Custom String from the Request Path Drop-down menu
Request Path TechSupport
Destination aace@siteb.com
Display Name Site B Tech Support
Caller Name Support Customer
Click Create
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 266 of 274
Step 1717 Observe a successful create and the link address
Ad hoc links are disabled by default and are enabled from Cisco Jabber Guest
Administration.
A call link is either an entry in the Cisco Jabber Guest Server database, or an ad
hoc link that is not in the database.
With AD Hoc turned on or enabled, any number on the system can be dialed.
Creating links only allows users to dial numbers on the system you wish them to
dail.
Step 1718 Click Settings Links
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 267 of 274
Step 1719 Click and Unselect Allow Adhoc Links
Step 1720 Click Update
Step 1721 Switch to SiteB-WS02 (172.19.X.202) RDP Session
Step 1722 Navigate to
https://siteb-jabgste01.siteb.com:9443/call/aace@siteb.com
Step 1723 Observe that the previous call that was successful can no longer be
completed because Ad-Hoc calls are no longer allowed on the system
Step 1724 Navigate to
https://siteb-jabgste01.siteb.com:9443/call/TechSupport in Firefox
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 268 of 274
Step 1725 Observe the ready to call = Site B Tech Support
Step 1726 Click Call
Step 1727 Switch to SiteB-WS01 (172.19.X.201) RDP Session
Step 1728 Observe the caller ID on the incoming call pop-up in the lower left of SiteB-
WS01 desktop
Step 1729 Click Answer Call
Step 1730 Observe the call is connected
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 269 of 274
Step 1731 Switch to SiteB-WS02 (172.19.X.202) RDP Session
Step 1732 Observe connected Call
Step 1733 Click End Call
Step 1734 Continue to explore Jabber Guest, and revisit any other sections of this lab
guide that you wish to explore
This Concludes the official lab Guide steps, please feel free to
continue to explore the lab
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 270 of 274
Section 4: Appendix
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 271 of 274
Appendix A: ExpressWay Options Keys for JSTII Lab
The option keys in this lab only apply to the server deployed in this lab due to the
automatically generated serial number on each Expressway at the time of deployment.
Collab Edge Lab Option Keys
SiteB-ExpC01 Serial Number - 049491D5
Valid Software contract - Release Key: 4360497995181665
H323 SIP Interworking Gateway Key: 116341G00-1-87EACCFB
Expressway Series Key: 116341E00-1-096C2A6F
SiteB-ExpC02 Serial Number 06126E24
Valid Software contract Release Key: 1194266643158189
H323 SIP Interworking Gateway Key: 116341G00-1-C3DE9277
Expressway Series Key: 116341E00-1-B57F3034
SiteB-ExpE01 Serial Number 03118224
Valid Software contract Release Key: 7176023658098439
H323 SIP Interworking Gateway Key: 116341G00-1-A7FB3D03
Expressway Series Key: 116341E00-1-745E2397
Traversal service for E VSC (T) Boarder Controller Key: 116341T00-1-F768D3DC
Turn Relay 1800 Turns Key: 116341I1800-1-8F82AD62
SiteB-ExpE02 Serial Number - 023393F5
Valid Software contract Release Key: 6917141609111101
H323 SIP Interworking Gateway Key: 116341G00-1-CF24D548
Expressway Series Key: 116341E00-1-1D400744
Traversal service for E VSC (T) Boarder Controller Key: 116341T00-1-AF35A121
Turn Relay 1800 Turns Key: 116341I1800-1-A7C4DC9D
Options keys for JSTII Jabber Guest on 8.2.0
SiteB-JabGstC01 - Serial Number - 0280C83C
Valid Software contract - Release Key:4871176275042305
Expressway Series Key:116341E00-1-8AD9AE82
Rich Media Sessions - VCS:(W) +100 Traversal Calls:116341W100-1-6D415BF0
SiteB-JabGstE01 - Serial Number - 0912E2FD
Valid Software contract - Release Key:4288141040879898 -
Expressway Series Key:116341E00-1-A14E7789
Turn Relay 1800 Turns Key:116341I1800-1-EC92C886
Traversal service for E VSC (T) Boarder Controller Key:116341T00-1-DE3F1423
Rich Media Sessions - VCS:(W) +100 Traversal Calls:116341W100-1-5B0DD1B0
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 272 of 274
Appendix B: CUCM Server Name change to FQDN
Changing the CUCM Server Name
Open a browser on your desktop and navigate to 172.19.X.110, where X = your pod
number (for example 172.19.22.110 = pod 22)
Step 1 Browse to SiteB-CUCM911 (172.19.X.110
X=pod#) from the students desktop
Step 2 Click Continue to Website
Step 3 Click Yes or accept to any security warnings, if any
Step 4 Log in using the following credentials:
Username Administrator
Password Cisc0123
Step 5 Click System Server
Step 6 Click Find
Step 7 Observe that the CUCM and IMP servers are only entered into the database as
hostnames, this is the default install configuration
All UC Servers in this lab are upgraded from 9.1.1 to version 10.0.1. Due to time
constraints the server hostnames and DNS entries have been left as 9.11
Step 8 Select SiteB-CUCM911 (2
nd
pass
SiteB-CUCM02, 3
rd
pass SiteB-
IMP911, 4
th
pass SiteB-IMP02)
Step 9 Enter SiteB-CUCM911.siteb.com, in the hostname/IP address field
Step 10 Click Save
Step 11 Click OK, on the certificate regeneration warning
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 273 of 274
Step 12 Click Go, on related links to go back to Find/List
Step 13 Click SiteB-IMP911
Step 14 Enter SiteB-IMP911.siteB.com, in the hostname/IP address field
Step 15 Click Save
Step 16 Click OK, on the certificate regeneration warning
Step 17 Click Go, on related links to go back to Find/List
Step 18 Repeat steps 32 41 for SiteB-CUCM02, SiteB-IMP911 & SiteB-IMP02
Step 19 Observe that four servers are listed as FQDN format
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 2.8 Presented by The Solutions Readiness Engineers Page 274 of 274
End Of Lab
This concludes the lab. On behalf of the Americas Partners Organization Solutions
Readiness Engineers we thank you for taking the time to complete this lab. We hope that
this lab surpassed your goals and expectation and was a very useful and positive learning
experience for increasing your knowledge of Ciscos Collaboration products.
Please dont forget to complete your survey for todays session.
The Solutions Readiness Engineers have a YouTube channel that has
step-by-step videos for each of our lab offerings. You can find our
YouTube Channel here: http://youtube.com/CiscoFieldTrainers
Thank you for taking our lab and as always thank you for using Cisco
products.