Академический Документы
Профессиональный Документы
Культура Документы
PART 01
The Ultimate Cisco Jabber Specialist 2 Lab
Table of Contents
Section 1: About The Lab.................................................................................................................... 3
What is Cisco Jabber ................................................................................................................................. 4
Related Links ............................................................................................................................................. 7
Lab Overview ....................................................................................................................................... 8
Jabber Specialist I 2013 Edition Video Walk Through............................................................................. 13
Task 1: Accessing the Lab Equipment ......................................................................................... 14
Task 2: Connecting to Remote Workstations & Servers ....................................................... 16
Section 2: System Preparation ....................................................................................................... 20
Sys Prep: CUCM Server Name to FQDN .................................................................................. 21
Section 3: Jabber Specialist Features .......................................................................................... 22
JST Features Task 1: Service Discovery Configuration ..................................................... 23
JST Features Task 2: Jabber Client Win Install WS01 ....................................................... 27
JST Features Task 3: Certificate Management ..................................................................... 33
JST Features Task 4: Jabber Client Win Install WS02 ....................................................... 64
JST Features Task 5: MRA with Cisco ExpressWay ............................................................. 68
Short Video on Cisco ExpressWay Virtual Machine Deployment ........................................................... 68
JST Features Task 6: Adding User Photos to Web Server.............................................. 141
Section 4: Appendix......................................................................................................................... 150
Appendix A: ExpressWay Options Keys for JSTII Lab ..................................................... 151
Appendix B: CUCM Server Name change to FQDN ........................................................... 152
Appendix C: Bootstrap Jabber for Windows Install........................................................... 154
End Of Lab ............................................................................................................................................ 166
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 2 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Welcome To The
Jabber Specialist II Lab
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 3 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Todays global, distributed work environment has resulted in significant challenges for
workers, making it harder to connect with the right people and significantly increasing the
quantity and modes of communications. Organizations of all sizes are striving to improve
communications in order to retain customers, compete for new business, control costs, and
grow their business globally.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 4 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Features and Benefits
Reduce communication delays with presence and contact information: The Cisco Jabber
application enables you to see the availability of co-workers and colleagues within and
outside your organization. You can immediately see who is offline, available, busy, on the
phone, in a meeting, presenting, or in a do-not-disturb state. You can create customized
availability states such as Gone to lunch. Back at 1 p.m. to provide added context. These
capabilities help reduce communication delays and result in faster decision making and
enhanced productivity.
Quickly communicate with borderless enterprise-class instant messaging: Instant
messaging is an important communication option that lets you efficiently interact in todays
multitasking business environment. The Cisco Jabber application delivers enterprise-class
instant messaging capabilities that are based on the Extensible Messaging and Presence
Protocol (XMPP). The solution provides personal and group chat so you can quickly connect
with your business colleagues. Chat history and server-based logging capabilities allow you
to view the content of prior chats and to store messages for convenience, compliance, and
regulatory purposes. Instant messaging is integrated with other communication capabilities
so you can simply move between chats, audio conversations, and web conferences. You can
even share presence and send instant messages to people outside your organization who
may not be using Cisco Jabber. The enterprise-class instant messaging capabilities of this
application provide more efficient, highly secure, flexible, and borderless collaboration.
Bring business-class IP telephony and video to the desktop: Cisco Jabber delivers
business-quality voice and video to your desktop. Powered by the market-leading Cisco
Unified Communications Manager call-control solution, Cisco Jabber is a soft phone with
wideband and high-fidelity audio, standards-based high-definition video (720p), and desk
phone control features. These features mean that high-quality and high-availability voice
and video telephony is available at all locations and to your desk phones, soft clients, and
mobile devices. Cisco Jabber for Windows makes voice communications simple, clear, and
reliable (Figure2).
Figure 2. High-Definition Video with Integrated Audio Controls
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 5 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Accelerate team performance with multiparty conferencing and collaboration: The Cisco
Jabber application provides for smooth escalation to desktop sharing or Ciscos market-
leading collaboration solution, Cisco WebEx conferencing. You can instantly share
documents and expand chats and conversations to multiparty voice, video, and web
conferencing.
Collaborate from common business applications: You can access the capabilities of the
Cisco Jabber application from common desktop applications such as Microsoft Outlook,
including lighting up presence and click-to-communicate (instant message and audio and
video calling) capabilities. For Microsoft Outlook 2010, you can use the Microsoft contact
card click-to-communicate icons directly from within the application to save time and
streamline workflows because you can view user availability and initiate communications
such as personal and group voice, video, and chat sessions without having to switch
between applications.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 6 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Related Links
Expressway
Expressway Basic Configuration (Expressway-C with Expressway-E) Deployment
Guide
Jabber Clients
Cisco Jabber for Windows
Cisco Jabber for iPad
Certificate Management
Security configuration on IM and Presence
Persistent Chat
External Database Setup for IM and Presence Service
Jabber Guest
Cisco Jabber Guest
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 7 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Overview
This document is intended to assist solution architects, sales engineers, field engineers, and
consultants in learning many of the features of Cisco Unified Communications 10.x System,
and Cisco Jabber. This document assumes the reader has an architectural and
administrative understanding of the CUCM and has reviewed the latest CUCM SRND.
Basic knowledge of how to install and administer CUCM and IM&P is recommended however
not necessary.
This is a complex lab with many servers and devices interacting with each
other. It is strongly recommended that a dedicated and undisturbed six
hour window be committed to when completing this lab.
This lab was upgraded from a previous UC 9.x Jabber lab and many of the old host names
have not been changed to save on development time. All CUCM/IM&P/CUC servers have
been upgraded to 10.x but many of the host names have remained the same, so the
student will see for example SiteA-CUCM911 host name but the server is really running
10.0.1 code.
Disclaimer
This lab is primarily intended to be a learning tool. In order to convey specific information,
the lab may not necessarily follow best practice recommendation at all times. This exercise
is intended to demonstrate one way to configure the network, servers and applications to
meet specified requirements for the lab environment. There are various ways that this can
be accomplished, depending on the situation and the customers goals/requirements. Please
ensure that you consult all current official Cisco documentation before proceeding with a
production/lab design or installation. By enrolling in this class or having access to this
document you acknowledge you are aware of this disclaimer and its implications.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 8 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Key
The following is a description of the conventions, colors, and notation used through this
document:
Sections with this background color and this icon touch on the business benefits of the
step or task with items and talking points highlighting a value proposition of a Solution.
Sections with this background color and this icon cover the technical description of the
step or task, with items and talking points of interest to technical audiences.
Sections with this background color and this icon provide a lab tip for the step or task.
Sections with this background color and this icon are for scenario description: Provides
background information for performing a step or task.
Sections with this background color and this icon represent a warning: read this section for
special instructions and considerations.
Pods
There are 20 pods in this lab environment; each pod contains the following server
configurations:
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 9 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Topology
In this lab topology each device is a virtual machine (VM). This lab is operating on Unified
Computer System (UCS) B-Series or C-Series systems. VMware ESXi 5.1 is the operating
system and hypervisor running on each lab host computer.
The lab UCS host computers are oversubscribed and are not following
Ciscos best practices for UC on UCS. Please follow the best practices
outlined on the uc-virtualized web site, this web site can be found here.
http://cisco.com/go/uc-virtualized
This topology shows one pod of equipment (Not all parts in this TOPO will be used in this
class since there are two parts to this class)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 10 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Addressing Tables Internal and External Addresses
SiteB
SiteB-CUCM911 172.19.X.110 10.1.2.110 Administrator Cisc0123
SiteB-CUCM02 10.1.2.111 Administrator Cisc0123
OS Admin & CLI Administrator C1sc0123
SiteB-IMP911 172.19.X.112 10.1.2.112 Administrator Cisc0123
SiteB-IMP02 10.1.2.113 Administrator Cisc0123
OS Admin & CLI Administrator C1sc0123
SiteB-CUC911 172.19.X.115 10.1.2.115 Administrator Cisc0123
SiteB-AD 172.19.X.120 10.1.2.120 Administrator Cisc0123
SiteB-WS01 172.19.X.201 10.1.2.201 SiteB\aace Cisc0123
StieB-WS02 172.19.X.202 10.1.2.202 SiteB\bbad Cisc0123
SiteB-ExpC01 172.19.X.142 10.1.2.142 admin Cisc0123
SiteB-ExpC02 172.19.X.143 10.1.2.143 admin Cisc0123
Mock Internet
Mock-Inet-DNS 172.19.X.220 10.1.3.20 Administrator Cisc0123
SiteB-ExpE01 172.19.X.242 10.1.3.142 admin Cisc0123
SiteB-ExpE02 172.19.X.243 10.1.3.143 admin Cisc0123
SiteB-WS01 172.19.X.240 10.1.3.101 SiteB\aace Cisc0123
StieB-WS02 172.19.X.241 10.1.3.102 SiteB\bbad Cisc0123
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 11 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
System Version Table
Description Version
Cisco Unified Communication Manager 10.5.1.10000-7
Cisco Unified CM IM & Presence 10.5.1.10000-9
Cisco Unity Connection 10.5.1.10000-7
Student Remote Work Stations Windows 7
MS Active Directory Server Windows 2008 R2 64
Jabber for Windows 10.5.0 Build 33957
ExpressWay Collab Edge 8.1.1
Lab Pre-configuration
There are many parts of the lab that are prebuilt and preconfigured before the start of class.
Namely:
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 12 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
This lab is a follow along to last years wildly successful Jabber Specialist 2013 Edition. In
the 2013 edition lab the student performed a full Cisco CUCM/Presence/CUC/Jabber
deployment based on UC version 9.1.1 and Jabber Windows 9.2. This video is a walkthrough
of the 2013 edition of the Jabber Specialist Lab.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 13 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Activity Objective
In this activity, you will learn the methods to access the lab equipment remotely.
Required Resources
Student PC connected to the internet.
Step 1 Launch the Cisco AnyConnect VPN client Step 1 Open a web browser and connect to
http://tinyurl.com/CiscoAC31
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 14 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 4 Enter the lab Username & Password
(username = stu5xy (xy=pod#), for
example stu501 for pod01, and stu522 for
pod22).
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 15 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Task 2: Connecting to Remote Workstations & Servers
Each pod will connect to 4 RDP connections in this section of the lab
Step 13 Click OK
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 16 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 14 Select the General tab and fill in the next two steps in the chart
1nd RDP Session 2nd RDP Session 3rd RDP 4th RDP
Session Session
The 172.19 addresses in the chart below are for students to access their pods various Web
Admin pages from their own computers browser, while a VPN connection is established to
the lab.
Pod # SiteB-InetDns SiteB-AD SiteB-WS01 SiteB-WS02
Users siteb\Administrator siteb\Administrator siteb\aace siteb\bbad
Pod 01 172.19.1.220 172.19.1.120 172.19.1.201 172.19.1.202
Pod 02 172.19.2.220 172.19.2.120 172.19.2.201 172.19.2.202
Pod 03 172.19.3.220 172.19.3.120 172.19.3.201 172.19.3.202
Pod 04 172.19.4.220 172.19.4.120 172.19.4.201 172.19.4.202
Pod 05 172.19.5.220 172.19.5.120 172.19.5.201 172.19.5.202
Pod 06 172.19.6.220 172.19.6.120 172.19.6.201 172.19.6.202
Pod 07 172.19.7.220 172.19.7.120 172.19.7.201 172.19.7.202
Pod 08 172.19.8.220 172.19.8.120 172.19.8.201 172.19.8.202
Pod 09 172.19.9.220 172.19.9.120 172.19.9.201 172.19.9.202
Pod 10 172.19.10.220 172.19.10.120 172.19.10.201 172.19.10.202
Pod 11 172.19.11.220 172.19.11.120 172.19.11.201 172.19.11.202
Pod 12 172.19.12.220 172.19.12.120 172.19.12.201 172.19.12.202
Pod 13 172.19.13.220 172.19.13.120 172.19.13.201 172.19.13.202
Pod 14 172.19.14.220 172.19.14.120 172.19.14.201 172.19.14.202
Pod 15 172.19.15.220 172.19.15.120 172.19.15.201 172.19.15.202
Pod 16 172.19.16.220 172.19.19.120 172.19.19.201 172.19.19.202
Pod 17 172.19.17.220 172.19.17.120 172.19.17.201 172.19.17.202
Pod 18 172.19.18.220 172.19.18.120 172.19.18.201 172.19.18.202
Pod 19 172.19.19.220 172.19.19.120 172.19.19.201 172.19.19.202
Pod 20 172.19.20.220 172.19.20.120 172.19.20.201 172.19.20.202
Pod 21 172.19.21.220 172.19.21.120 172.19.21.201 172.19.21.202
Pod 22 172.19.22.220 172.19.22.120 172.19.22.201 172.19.22.202
Pod 23 172.19.23.220 172.19.23.120 172.19.23.201 172.19.23.202
Pod 24 172.19.24.220 172.19.24.120 172.19.24.201 172.19.24.202
Pod 25 172.19.25.220 172.19.25.120 172.19.25.201 172.19.25.202
Pod 26 172.19.26.220 172.19.26.120 172.19.26.201 172.19.26.202
Pod 27 172.19.27.220 172.19.27.120 172.19.27.201 172.19.27.202
Pod 28 172.19.28.220 172.19.28.120 172.19.28.201 172.19.28.202
Pod 29 172.19.29.220 172.19.29.120 172.19.29.201 172.19.29.202
Pod 30 172.19.30.220 172.19.30.120 172.19.30.201 172.19.30.202
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 17 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 17 Enter IP Address for your pod in the computer field
Step 18 Enter Domain\User Name, in the User Name field (see chart above)
Step 21 Click OK
Step 22 Click Yes for the remote verification warning
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 18 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 23 Your Remote Desktop should look something
like this
Wait for 2 minutes and RDP back into the rebooted workstation.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 19 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 20 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Sys Prep: CUCM Server Name to FQDN
In this section the student will explore changes that are necessary on Cisco Unified
Communications Manager (CUCM). During the installation of Cisco Unified Communications
Manager the server name is configured with host-name. The hostname format needs to be
changed to the Fully Qualified Domain Name (FQDN) format.
The reason for changing the CUCM server names from hostname or IP address
to FQDN, is so they can be resolved by the different services on the UC network.
Also during the certificate validation process for Jabber Windows the FQDN is
usually called out in the CA signed certs.
The use of alternate names could be used in creating the certificates but is not
supported by Cisco.
Activity Objective
Required Resources
None
The lab network has already been changed for the student due to certificate issues that
would arise later in the lab. The steps to change the CUCM server name have been posted
to the appendix of this lab guide. Please CLICK HERE to review the steps.
Observe below in the first screen shot on the left that the server names are only host
names, and on the screen shot on the right they have been changed to the FQDN.
All UC Servers in this lab are upgraded from 9.1.1 to version 10.5. Due to time
constraints the server hostnames and DNS entries have been left as 9.11
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 21 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 22 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
JST Features Task 1: Service Discovery Configuration
Service discovery enables clients to automatically detect and locate services on your
enterprise network. Clients query domain name servers (DNS) to retrieve service (SRV)
records that provide the location of servers.
Activity Objective
In this activity, you will learn the methods to:
Use NSLookUp to confirm the accuracy and operation of configured SRV records
Required Resources
To complete this section of the lab the student will need a computer that is connected to the
lab via VPN and an RDP connection to your pods SiteB-AD (172.19.X.120).
Creating DNS SRV records for Presence server discovery allows the
Administrator to streamline the user experience when first logging into
Jabber. If the Jabber client is configured for On Premise operation the
client will automatically connect to the Presence server infrastructure
within an organization without prompting the user for server
information. This can even be configured to work in a multi-cluster
environment where servers will redirect Jabber clients to their correct
home cluster.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 23 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 25 Switch to SiteB-AD (172.19.X.120) RDP session
opened earlier
Step 26 Click Start Administrative Tools DNS to open
the DNS Manager tool
Step 27 Click the + (plus sign) next to SITEB-AD
Forward Lookup Zone siteb.com
e. Weight 0 (default)
f. Port Number 8443
Step 34 Click OK
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 24 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 35 Click Create Record (again)
l. Weight 0 (default)
m. Port Number 8443
Step 37 Click OK
Step 40 Observe that both _cisco-uds and _cuplogin are both present in the _tcp
section of siteb.com DNS records. The _cuplogin was left over from a
previous install of Jabber version 9.2, _cisco-uds takes priority
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 25 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
FYI The reason the sitea-cucm911.sitea.com FQDN has 911 in it is because this
lab was upgraded from a CUCM 9.11 to CUCM 10.5 but the host names have not
been changed. Sorry for the confusion, this will be changed in the future with time
permitting.
If an error such as the one pictured below is returned check the command entered in above
or confirm your _cisco-uds service record has been configured properly on SiteBs AD.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 26 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
JST Features Task 2: Jabber Client Win Install WS01
In this section the students will do install Jabber client for Windows.
Activity Objective
In this activity the student will install the Cisco Jabber Client for Windows.
Required Resources
A personal computer VPNed into the lab environment and a RDP session into the labs
workstations.
Later in this lab guide the student will work with certificate management to conceal the
invalid certificate messages from the end users. This section is to start becoming familiar
with certificate interaction. Observe that before the Windows Jabber Client is installed there
are no Jabber related certificates in the certificate manager on windows.
Step 56 Observe that there are no trusted certificates in the right panel of Certificate
manager
Step 57 Do not close Certificate Manager
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 27 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Installing Jabber on Remote SiteB-WS01
In this section Jabber will be installed on the SiteB-WS01.
Jabber for Windows ships as a MSI installer files. Cisco provides a single
MSI file for both on premise and cloud configurations.
Step 58 Switch to Siteb-WS01 (172.19.x.201 Alex Ace) RDP Session (if not already
there)
Step 64 Click CiscoJabberSetup.msi in the Downloads window or folder (wait for it,
kind of slow to start install)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 28 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 66 Click Accept and Install
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 29 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 70 Click Accept to verify the non-valid CUCM certificate (The certificates might
come up in a different order depending on the SRV Record round robin state)
Step 71 Click Accept to verify the non-valid CUCM certificate again for the 2nd server
In Jabber 10.5 the Windows client is collecting the Username of the person logged into the
workstation from Windows and the domain name and automatically adding those to the login
so the user only has to put in the user password at initial login.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 30 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 75 Click Accept to verify the non-valid IMP certificate (one of the certificates but
just show up as SiteB instead of a host name that is OK)
Step 76 Click Accept to verify the non-valid IMP certificate again for the 2nd server
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 31 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
If the Cisco Jabber client fails to discover the network
service, this is most likely an issue with the SRV record
created in the first section of this lab guide. Use
NSLOOKUP in the command prompt from this
workstation to troubleshoot this issue. CLICK HERE to
return to the DNS configuration section.
Checking Certificates
After signing into Cisco Jabber Client for Windows observe the certificate that was added to
the certificate manager. During the certificate management section of this lab, the student
will learn how to avoid invalid certificate warning messages to be presented to the end user
the first time they login to Cisco Jabber Client for Windows.
Step 84 Observe that there are no trusted certificates in the right panel of Certificate
manager (Sometimes F5 needs to be pressed to get screen to update)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 32 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
JST Features Task 3: Certificate Management
In this section of the lab the self-signed certificates that are on the UC servers at the time
of install will be replaced by Certificate Authority (CA) signed certificates.
Cisco Jabber uses certificate validation to establish secure connections with servers.
When attempting to establish secure connections, servers present Cisco Jabber with
certificates. Cisco Jabber validates those certificates against certificates in the
Microsoft Windows certificate store. If the client cannot validate a certificate, it
prompts the user to confirm if they want to accept the certificate.
Activity Objective
In this activity, you will learn the methods to:
Required Resources
To complete this section of the lab the student will need a computer that is connected to
the lab via VPN, and an RDP connection to your pods SiteB-AD (172.19.X.120).
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 33 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Installing Certificate Authority Role on Windows 2008 R2 Server
Although installing MS Certificate Authority (CA) Role is not part of the Cisco Unified
Communication solution, it is necessary to have access to a 3rd party CA server to create
signed certificates. For simplicity, the MS CA Role was chosen for this lab since an MS
Windows 2008 R2 (Win2K8R2) server running as the Active Directory and Exchange server
already exists. This quick video will show the steps completed to prepare the Win2K8R2
server to be a CA.
In this section the Certificate Authority (CA) Root Certificate will be downloaded from the CA
server, and uploaded to SiteB-CUCM911 tomcat-trust.
Step 88 Launch Firefox by clicking the icon on the task bar at the bottom of the
desktop
Base64 is a group of similar binary-to-text encoding schemes that represent binary data in
an ASCII string format by translating it into a radix-64 representation. Why 64? Because you
can generally rely on the same 64 characters being present in many character sets, and you
can be reasonably confident that your data's going to end up on the other side of the wire
uncorrupted.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 35 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 96 Click the File Folder next to certnew.cer
During the course of this lab the student will create many certificates, it is much
easier to track which certificates are which by but renaming each one as you create
them.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 36 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Upload CA Root Certificate to CUCM
In this section the CA root certificate will be uploaded to SiteB-CUCM911 (publisher) and it
will be replicated to the other three servers in the clusters (SiteB-CUCM02, SiteB-IMP911,
and SiteB-IMP02).
Step 101 Return to the Firefox browser on SiteB-AD (172.19.X.120 x=pod#) RDP
Session
Step 105 Click I Understand the Risks on the untrusted connection warning (If
presented)
Step 106 Click Add Exception on the untrusted connection warning (If presented)
Step 107 Click Confirm Security Exception on the add security exception pop-up
(If presented)
Step 108 Select Cisco Unified OS Administration from the top left Navigation drop-
down menu
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 37 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 110 Log in using the following credentials:
a. Username Administrator (Case Sensitive)
c. Click Login
Step 111 Click Security Certificate Management
The CA Root Certificate was uploaded to the Tomcat-trust of the publisher during
lab development, and has been replicated to the subscribers in the cluster.
In this section the student will upload the CA Root to SiteB-CUCM911 (publisher)
so the student understands what was done to the publisher, although this step
could be skipped due to the fact that it was done prior to the start of the lab.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 38 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 118 Click and Select CARootCert.cer from the list of files and folders
Step 122 Click Close, to close the file upload pop-up window
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 39 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 124 Observe that the SiteB-AD CA Root Certificate is now listed (notice no real
change due to the CA Root Cert being replicated form the publisher, also in
some cases the description will not change that is a version issue and has
not effect on the operation)
In this section the student will generate a Certificate Signing Request which in turn will be
used on the MS CA to generate a self-signed certificate for each service on each server.
In CUCM 10.0 and lower a certificate would have been generated by the CA root for
each node in the cluster, and uploaded to each of the servers in the cluster. This
would have been repeated in the IMP clusters and the CUC clusters. In 10.5 CUCM
and IMP are in the same cluster so only one CA root certificate and one CA signed
certificate needs to be created and uploaded to the CUCM publisher and both the
root and the CA signed certificate will be replicated to all servers in the CUCM and
IMP cluster.
Step 125 Click Generate CSR form the OS Administrator web page
Step 126 Fill in the following information in the Generate Certificate Signing Request
pop-up windows:
After the Generate button is clicked a few moments later a pop-up screen will
appear and ask for the Admin Username and Password for both of the subscribers
since they both have different passwords than the publishers.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 40 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 41 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 132 Select Save File
Step 133 Click OK to save the CSR
Step 134 Click Close on the Download Certificate Signing Request pop-up window
Step 135 Click the Download Arrow in the upper right corner of Firefox
It is good practice to rename each certificate file as you download them to your
local computer, so the certificates do not get mixed up.
Step 139 Rename the file to SiteB-CUCM911_tomcat.csr (2nd time use SiteB-
IMP02_tomcate.csr)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 42 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 141 Pick Select a program from a list of installed
programs
Step 145 Select Format Word Wrap, from the Notepad menus
Step 147 Press CTRL-C, to copy highlighted data into the computer buffer
Be careful to not change anything in this test file, this is also a difficult
troubleshoot.
Step 151 Switch back to the MS AD Certificate Services Web Page tab
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 43 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 152 Click Certificate Services favorite link to return to the CA Services home
page
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 44 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 161 Select Save File (default)
Step 163 Click the Download Arrow in the upper right corner of Firefox
Step 169 Click the 2nd Firefox tab to switch to SiteB-CUCM911 Cisco Unified
Operating System Administration web page
Step 170 Login with the following information if the previous session logged out
a: Username Administrator
b: Password Cisc0123
c: Click Login
Step 171 Click Security Certificate Management (if not all ready there)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 45 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Notice that unlike previous version of UC products where you had to generate a CSR for each
node in the cluster, create a CA signed certificate for each node in the cluster, and upload a
CA signed certificate for each node in the cluster, in UC 10.5 software you only have only to
generate one CSR per cluster (CUCM/IMP considered in same cluster now), create one CA
signed certificate per cluster and upload one CA signed certificate per cluster.
Assuming three servers in each of the three clusters listed above, the following
would be true
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 46 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
In UC 10.5 software the following is the new method of configuring certificates
Upload root certificate to the publisher of the CUCM/IMP Cluster
Upload root certificate to the publisher of the CUC Cluster
Generate one CSRs for the whole CUCM/IMP cluster
Generate one CSRs for the whole CUC cluster
Create one CA signed certificates for the whole CUCM/IMP Cluster
Create one CA signed certificates for the whole CUC Cluster
Upload one CA signed certificates for the whole CUCM/IMP Cluster
Upload one CA signed certificates for the whole CUC Cluster
Assuming three servers in each of the three clusters listed above, the following
would be true
And as you can see with the 10.5 upgrades to certificates there is much less work!
Step 175 Click Close, to close the certificate upload pop-up window
Step 177 Observe the updated tomcat and tomcat-trust certificates. Tomcat-trust has a
siteb-SITEB-AD-CA.pem file, and tomcat has a siteb-SITEB-AD-CA in the
description field
Step 178 Click the PuTTy icon on the task bar at the bottom of the SiteB-AD
RDP session
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 47 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Right click the PuTTy icon on the bottom task bar of SiteB-AD
Select SSH, Telnet and Rlogin client
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 48 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Adding CA Signed XMPP Certificate to SiteB-IMP02
In this section the student will upload the CA signed XMPP certificate to SiteB-IMP02 server.
The CA Root Certificate was uploaded to the CUCM911 publisher server during the
previous section of the lab. Here the CA Root certificate will be uploaded for the
cup-xmpp-trust. A cup-xmpp CSR will be generated and certificate created from
this CSR.
Step 33 Switch to SiteB-AD (172.19.X.120) RDP Session (if not already there)
Step 36 Select SiteB-IMP911 from the SiteB-UC favorites drop down menu
c. Click Login
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 49 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 44 Click Security Certificate Management
Step 51 Observe that the SiteB-AD CA Root Certificate is now listed for cup-xmpp-
trust
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 50 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Generate and Download Certificate Signing Request (CSR)
In this section the student will generate and download the CSR for the xmpp service on
SiteB-IMP02.
Step 52 Click Generate CSR
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 51 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 55 Verify Success of CSR generation
Step 62 Click Close on the Download Certificate Signing Request pop-up window
Step 63 Click the Download Arrow in the upper right corner of Firefox
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 52 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
It is good practice to rename the certificates as you download them to your local
computer so they do not get mixed up or overwritten with the same name form a
different server.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 53 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Submit and Download Signed CA Certificate
Step 79 Switch back to the first Firefox Tab, with MS AD Certificate Services Web Page
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 54 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 87 Select Base 64 encoded
Step 91 Click the Download Arrow in the upper right corner of Firefox
Step 97 Click 3rd Firefox Tab, to switch to SiteB-IMP911 Operating System Console
web page
Step 98 Login with the following information if the previous session logged out
a. Username Administrator
b. Password C1sc0123
c. Click Login
Step 99 Click Security Certificate Management (if not all ready there)
Step 103 Click Close, to close the certificate upload pop-up window
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 56 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 106 Click PuTTy icon on the task bar at the bottom of the SiteB-AD
RDP session
Step 111 Enter utils service restart Cisco XCP Router, (Case Sensitive)
Step 112 Observe and wait for the XCP RouterAd service to fully stop and restart (takes
about 2 to 5 minutes You can leave PuTTy open and continue on to next
step, to restart XCP router on
SiteB-IMP02)
Step 119 Enter utils service restart Cisco XCP Router, (Case Sensitive)
Step 120 Observe and wait for the XCP RouterAd service to fully stop and restart (takes
about 2 to 5 minutes
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 57 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Accept new certificates for Pidgin
In this section the new CUP-XMPP certificates will be accepted for Pidgin to light up the
mock users presence indicators.
In this lab a third party IM client called Pidgin is used to light up all the mock users
presence indicators when looking at the Jabber clients on the virtual workstations.
This is purely cosmetic and is only to help make the lab more fun.
When the CUP-XMPP certificate was upgraded in the previous section the
certificates that Pidgin was using became invalid and need to be updated to
continue to light up the presence indicators for our mock users in Jabber.
Step 123 Switch to SiteB-AD (172.19.X.120 RDP Session) if not all ready there
Step 125 Observe there are multiple SSL Certificate Verification messages
Step 126 Click Accept on all the Pidgin SSL Certificate Verification messages
Step 128 Accept any and all In-Valid certificates for Jabber (if presented)
Step 129 Click Gear File Exit to close the Jabber client on SiteB-WS01
Step 130 Double click the Jabber Client icon on the desktop to open jabber on SiteB-
WS01
Step 132 Enter Cisc0123 in the password field of the Jabber client
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 58 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 135 Observe Alex Aces Jabber client becomes active again
When you are done with this section you will have done certificate management on
2 of the 5 UC servers in the SiteB pod. SiteB-CUCM01, SiteB-IMP911, witch in turn
the Root certificate and CA signed certificates where automatically propagated to
the rest of the servers in the clusters. The SiteB-CUC911 server certificates were
configured by the lab developer.
In the next section the CA Root Certificate will be installed on the workstation
before the install of the Jabber client and the end user will not have to accept any
certificates.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 59 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Adding the CA Root Certificate to SiteB-WS02
In this section the CA Root Certificate will be manually installed to the SiteB-WS02.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 60 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 149 Click Download CA Certificate
Step 160 Click Next, on the certificate import wizard welcome screen
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 61 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 162 Click Browse
Step 163 Select Trusted Root Certification Authorities, from the select certificate
store
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 62 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 174 Observe there is now a siteb-SITEB-AD-CA certificate in the trusted root certs
(sometimes CertMgr needs to be closed and reopened to see the CA Cert)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 63 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
JST Features Task 4: Jabber Client Win Install WS02
In this section the students will install the Jabber client for Windows on SiteA-WS02, after
certificate management has been performed on the UC servers. This will eliminate the in-
valid certificate errors the end user saw during the initial login of Cisco Jabber Client for
Windows, in section 2 of the lab.
Activity Objective
In this activity the student will install the Cisco Jabber Client for Windows.
standard installs
Required Resources
A personal computer VPNed into the lab environment and a RDP session into the labs
workstations.
Later in this lab guide the student will work with certificate management to conceal the
invalid certificate messages from the end users. This section is to start becoming familiar
with certificate interaction. Observe that before the Windows Jabber Client is installed there
are no Jabber related certificates in the certificate manager on windows.
Jabber for Windows ships as a MSI installer files. Cisco provides a single
MSI file for both on premise and cloud configurations.
Step 176 Switch to Siteb-WS02 (172.19.x.202 Black Bad) RDP Session (if not
already there)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 64 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 177 Launch the Firefox browser, on SiteB-WS02 (if not all ready open)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 65 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 187 Click Finish
Observe that NO invalid certificate warning messages popped up before the log in
screen. This is because the CA signed certificates were uploaded to the UC servers
and the CA root certificate was deployed to the workstation.
The root certificate can be distributed to the workstations using group policies.
Step 188 Observe the username bbad is already filled in. Jabber 10.5
gathers the username from the domain login of the workstation
Step 189 Enter Cisc0123 for the users password
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 66 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 192 Observe the jabber client for Blake Bad logins in with
no user intervention for invalid certificates
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 67 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
JST Features Task 5: MRA with Cisco ExpressWay
In this section the students will configure a Cisco Expressway E and C cluster as well as test
access from a remote workstation traversing the Expressway pair using the Mobile Remote
Access feature (MRA) of expressway.
This lab consists of two Expressway Es and two Expressway Cs that have
already been deployed for the student to save time. Also with each deployment
of an Expressway server the serial number is different, which would pose
issues with applying option keys in the lab.
The following video will demonstrate how the Expressways were deployed on
the ESXi hosts in the lab.
Activity Objective
In this activity, you will learn the methods to:
Performing the initial configuration of the Expressway E and C Initial Config as well
as configure Traversal zones, Domains, and Certificate Management
Required Resources
To complete this section of the lab the student will need a computer that is connected to the
lab via VPN, a compatible browser on the students computer, and RDP sessions to the five
devices in the lab.
The Expressway runs on VMware on a range of Cisco UCS servers. See Expressway on
Virtual Machine Installation
Expressway-C
Expressway-C delivers any-to-any enterprise wide conference and session management and
interworking capabilities. It extends the reach of Telepresence conferences by enabling
interworking between Session Initiation Protocol (SIP)- and H.323-compliant endpoints,
interworking with third-party endpoints; it integrates with Unified CM and supports third-
party IP private branch exchange (IP PBX) solutions. Expressway-C implements the tools
required for creative session management, including definition of aspects such as routing,
dial plans, and bandwidth usage, while allowing organizations to define call-management
applications, customized to their requirements.
Expressway-E
The Expressway-E deployed with the Expressway-C enables smooth video communications
easily and securely outside the enterprise. It enables business-to-business video
collaboration, improves the productivity of remote and home-based workers, and
enables service providers to provide video communications to customers. The
application performs securely through standards-based and secure firewall
traversal for all SIP and H.323 devices. As a result, organizations benefit from
increased employee productivity and enhanced communication with partners and
customers.
It uses an intelligent framework that allows endpoints behind firewalls to discover
paths through which they can pass media, verify peer-to-peer connectivity through each of
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 69 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
these paths, and then select the optimum media connection path, eliminating the need to
reconfigure enterprise firewalls.
The Expressway-E is built for high reliability and scalability, supporting multivendor firewalls,
and it can traverse any number of firewalls regardless of SIP or H.323 protocol.
Standard features
The primary purpose of the Expressway is to provide secure firewall traversal and session-
based access to Cisco Unified Communications Manager for remote workers, without the
need for a separate VPN client.
SIP Proxy
SIP / H.323 interworking
IPv4 and IPv6 support, including IPv4 / IPv6 interworking
QoS tagging
Bandwidth management on both a per-call and a total usage basis
Automatic downspeeding option for calls that exceed the available bandwidth
URI and ENUM dialing via DNS, enabling global connectivity
Up to 100 rich media sessions on Small/Medium VM server deployments and 500 rich
media sessions on Large VM server deployments
1000 external zones with up to 2000 matches
Flexible zone configuration with prefix, suffix and regex support
Can be neighbored with other systems such as a Cisco VCS or other gatekeepers and
SIP proxies
n+1 redundancy, can be part of a cluster of up to 6 Expressways for increased
capacity and redundancy
Intelligent Route Director for single number dialing and network failover facilities
Call Policy (also known as Administrator Policy) including support for CPL
Support for external policy servers
AD authentication for administrators of the Expressway
Embedded setup wizard using a serial port for initial configuration
System administration using a web interface or RS-232, SSH, and HTTPS
Intrusion protection
Unified CM provides call control for both mobile and on-premises endpoints.
Signaling traverses the Expressway solution between the mobile endpoint and Unified
CM.
Media traverses the Expressway solution and is relayed between endpoints directly;
all media is encrypted between the Expressway-C and the mobile endpoint.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 71 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 72 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Public & Local DNS Requirements for Expressway
The local internal DNS has been configured for SRV records in previous sections of this lab,
in the next section the student will enter needed SRV records into the public DNS, as well as
needed A type DNS records in both the public and local DNS.
Public DNS
The public (external) DNS must be configured with _collab-edge._tls.<domain> SRV records
so that endpoints can discover the Expressway-Es to use for mobile and remote access. SIP
service records are also required. That Is for general deployment and not specifically for mobile
and remote access. For example, for a cluster of 2 Expressway-E systems:
Local DNS
The local (internal) DNS requires _cisco-uds._tcp.<domain>,
cuplogin._tcp.<domain>, _cisco-phone-http.<domain> and standard SIP service SRV
records. For example:
Ensure that the cisco-uds, _cuplogin and cisco-phone-http SRV records are NOT resolvable outside
of the internal network, otherwise the Jabber client will not start mobile and remote access negotiation via the
Expressway-E.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 73 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Entering Local DNS A Records For Expressway
a. Name siteb-expc01
b. IP Address 10.1.2.142
Step 200 Repeat step 352 seven more times. In total eight entries should be created.
siteb-expe-cluster01 10.1.3.143
Step 201 Click Done on the New Host pop-up windows after entering the last New Host
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 74 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 202 Review the DNS entries to make sure all eight new entries are correct
In this section working in the Mock Internet DNS server, the student will add the necessary
A records and SRV records to allow clients to find the Expressway E device from the
Internet (or in this lab case the Mock Internet).
Step 205 Login in with the following credentials if not already logged in:
a. Username Administrator
b. Password Cisc0123
Step 206 Click the DNS Manager icon on the bottom task bar
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 75 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 207 Click the Arrow next to SITEB-INETDNS Forward Lookup Zone
siteb.com
Step 210 Select New Host (A or AAAA) from the pop-up menu
Step 211 Enter the following in the New Host pop-up window
a. Name siteb-expc01
b. IP Address 10.1.2.142
Step 212 Repeat step 396 to add the following entries. In total there should be eight
entries created
Name IP Address Name IP Address
(Expressway-C) (Expressway-E)
siteb-expc02 10.1.2.143 siteb-expe01 10.1.3.142
siteb-expe-cluster01 10.1.3.143
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 76 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 213 Click Done on the new host pop-up windows
Step 217 Scroll down and select Service Location (SRV) from the Resource Record
Type pop up window
d. Priority 0 (default)
e. Weight 0 (default)
h. siteb-expe01.siteb.com
Step 220 Click OK
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 77 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 221 Click Create Record (again)
d. Priority 0 (default)
e. Weight 0 (default)
h. siteb-expe02.siteb.com
Step 226 Observe that both _collab-edge are in the _tls folder and have the correct
addresses
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 78 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Initial Expressway Configuration for Expressway C and E
These Expressways have been deployed and locked down for this lab. No initial
administration was done on these devices. The student will make all configuration changes
to the Expressways.
There are 4 Expressways in this lab for Collab Edge, two Cs and two Es. The
student will configure the first C and the first E of a two clustered pairs. SiteB-
ExpC02 and SiteB-ExpE02 have already had this configure done before class
started.
This section will be done twice, once for Siteb-ExpC01 and once for SiteB-ExpE01
Follow from here down and when you get to a table take the left side the first time
through for SiteB-ExpC01, and take the right side when doing the second pass for
SiteB-ExpE01
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 79 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
SiteB-Expressway C 01 SiteB-Expressway E 01
Use Left Column First Pass of Section Do this step when repeating
Step 231 Click Expressway SiteB- Open a new tab in Firefox and browse to
ExpC01 from the Firefox Expressway SiteB-ExpE01 from the Firefox
favorite bar favorite bar
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 80 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 238 Review the five system alarms listed
Step 239 Click the time link on the first alarm under the Action heading. Alternatively,
Click System Time
Step 240 Observe that the first three NTP servers have place holders in the address
field
Step 241 Delete and clear all the default entries in the address fields
Step 242 Enter 128.107.212.175 in the first NTP Server Address space
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 81 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 245 Click Save
Step 246 Observe the bottom of the time page for a minute or so. Eventually the status
will go from Starting, to Rejected, to Synchronized. (There is no need to
manually refresh as it will do so automatically).
Step 247 Click the Red Alarms box again in the upper right corner.
Notice the number of alarms has changed from five to
three. If not enough time has passed clicking on the red
box again should update it to reflect the new number of
alarms.
Step 248 Click Change the admin password link under Action on the alarm page.
Alternatively click Users Administrator Accounts
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 82 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 253 Click the Red Alarms box again in the upper right corner. Notice it has
dropped from 5 alarms to 2 alarms.
Step 254 Click View Instruction on changing the root password under the Action
column heading
Step 255 Review the Using the Root Account Help page pop-up
Step 257 Click the PuTTy icon on the bottom tool bar
SiteB-Expressway C 01 SiteB-Expressway E 01
Use Left Column First Pass of Section Do this section when repeating
Step 258 Click SiteB-ExpC01 from the Click SiteB-ExpE01 from the saved session
saved sessions list in PuTTy list in PuTTy
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 83 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 271 Click the Red Alarms box again in the upper right corner. Notice it has
dropped from three alarms to one alarm.
Option keys are used to add additional features to the Expressway. Option keys
can either be valid for a fixed time period or have an unlimited duration. Your
Expressway may have been shipped with one or more optional features pre-
installed. To purchase further options, contact your Cisco representative.
The Option keys page (Maintenance Option keys) lists all the existing
options currently installed on the Expressway, and allows you to add new
options.
The System information section summarizes the existing features installed on the
Expressway and displays the Validity period of each installed key. The options that you
may see here include:
Step 272 Click Add a Release Key under the Action heading
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 84 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 273 Observe the Option Keys admin page and take note of the active options
Notice the Serial Number (S/N) in the lower right hand corner of the admin page.
This is the serial number that is used to generate licenses and options keys
The Release Keys and Options keys have already been installed
into SiteB-ExpC02 and SiteB-ExpE02 (the cluster pair of
expressway servers)
Use Left Column First Pass of Section Do this section when repeating
Step 276 Copy and Paste this license number into Copy and Paste this license number into
the Release Key field the Release key field
4360497995181665 7176023658098439
into the Release Key field into the Release Key field
Careful to make sure you have the Release Key
field and not the Software Option key field. This
key validates the service contract on the server.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 85 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 277 Click Set Release Key
Step 278 Observe the Yellow message at the top of the screen (Do not restart as
that will be completed in a later step)
Use Left Column First Pass of Section Do this section when repeating
Step 279 Copy and Paste this license Copy and Paste this license number (Must Be
number (Must Be All Caps) All Caps)
116341E00-1-096C2A6F 116341E00-1-745E2397
into the Software Option Field into the Software Option Field
Step 281 Observe the server model name at the top has change to Expressway-C. This
will change to Expressway-E later in this section.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 86 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 282 Observe the Yellow message at the top of the screen. Do not restart as this
will be done later in this section.
Step 283 Copy and Paste this license Copy and Paste this license number (Must Be
number (Must Be All Caps) All Caps)
116341G00-1-87EACCFB 116341G00-1-A7FB3D03
into the Software Option Field into the Software Option Field
Step 285 Observe the Interworking Active Options has been added
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 87 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
SiteB-Expressway C 01 SiteB-ExpressWay E 01
No configuration required Step 286 Copy and Paste this license number (Must Be All
here for the Expressway-C Caps)
Step 288 Copy and Paste this license number (Must Be All
Caps)
116341T00-1-F768D3DC
into the Software Option Field (this option key is for the E
expressway only). This option key is the Traversal Service for E
option key
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 88 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 292 Click System DNS, in the Expressway web admin
Use Left Column First Pass of Section Do this section when repeating
Step 295 Enter siteb-expc02.siteb.com (use same address for ping on both servers)
Step 297 Observe the successful DNS Lookup. (Keep going the restart will take place
later in the lab)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 89 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Configuring the Expressway Cluster
About clusters
An Expressway can be part of a cluster of up to six Expressways. Each
Expressway in the cluster is a peer of every other Expressway in the cluster.
When creating a cluster, you define a cluster name and nominate one peer as
the master from which all relevant configurations is replicated to the other peers
in the cluster. Clusters are used to:
You should only make configuration changes on the master Expressway. Any
changes made on other peers are not reflected across the cluster, and will be
overwritten the next time the masters configuration is replicated across the peers.
You may need to wait up to one minute before changes are updated across all peers in the
cluster.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 90 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Click System Clustering on the Expressway Admin web page
SiteB-Expressway C 01 SiteB-ExpressWay E 01
Use Left Column First Pass of Section Do this section when repeating
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 91 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 301 Click OK to restart the system
Step 303 Repeat Steps 386 460 for SiteB-EXPE01 while siteb-expc01 is restarting
STOP - make sure to go back and do SiteB-ExpE01!
Step 304 Switch to the Firefox tab with SiteB-expC01 Web admin in it
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 92 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Configuring the Expressway-E Unified Communications
This section sets the SiteB-ExpE01 Mobile and Remote Access to ON. This will automatically
turn this option on for the SiteB-ExpE02 Expressway since it is clustered with SiteB-ExpE01.
Cisco Unified Communications mobile and remote access is a core part of the
Cisco Collaboration Edge Architecture. It allows endpoints such as Cisco Jabber
to have their registration, call control, provisioning, messaging and presence
services provided by Cisco Unified Communications Manager (Unified CM) when
the endpoint is not within the enterprise network. The Expressway provides
secure firewall traversal and line-side support for Unified CM registrations.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 93 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 309 Switch to the Firefox tab connected to SiteB-expE01 web admin
Step 310 Wait for the SiteB-ExpE01 to restart if not already restarted (about 1 to 3
minutes)
Step 314 Select Mobile and Remote Access from the Unified Communications mode
drop down menu
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 94 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Configuring the Expressway-C for Unified Communications
In this section the student will configure the Expressway-C to communicate with CUCM and
IM&P servers
Step 318 Switch to the Firefox Tab with SiteB-ExpC01 web admin web page
Step 319 Login with the following credentials (if Logged out):
a: Username admin (lower case)
b: Password Cisc0123 (CaSe SeNsAtIvE)
c: Click Login
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 95 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Configuring the domains to route to Unified CM
You must configure the domains for which registration, call control, provisioning,
messaging, and presence services are to be routed to Unified CM for.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 96 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Discovering IM&P and Unified CM servers
The Expressway-C must be configured with the address details of the IM&P
servers and Unified CM servers that are to provide registration call control,
provisioning, messaging and presence services.
To have TLS verify mode set to On (the default and recommended setting) when
discovering the IM&P and Unified CM servers, the Expressway-C must be configured to trust
the tomcat certificate presented by those IM&P and Unified CM servers.
If the servers are using CA-signed certificates, the Expressway-C's trusted CA list
must include the root CA of the issuer of the tomcat certificates.
TLS verify mode set to On if the Unified CM discovery had TLS verify mode enabled.
This means that the Expressway-C will verify the CallManager certificate for
subsequent SIP communications. Note that secure profiles are downgraded to
use TCP if Unified CM is not in mixed mode.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 97 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 333 Observe the IM&P Server Discovery was successful
Step 337 Observe the successful discovery message for the CUCM servers.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 98 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Uploading CA Root Certification to Expressway
Just like all other PKI certificate security based systems the CA Root Certificate must be
downloaded from the CA and uploaded to the Expressways. In this section the student will
obtain the CA Root certificate from the CA and upload it to two of the Expressways.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 99 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 343 Select Base 64, Encoding Method
Step 346 Click the Download Arrow in the upper left corner of Firefox
Step 347 Click the Folder next to certnew.cer file to browse the folder where the new
CA Root Certificate was downloaded to
Step 350 Return to the Firefox tab for the SitebB-ExpC01 Expressway Web Admin
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 100 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 101 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Add Client Server Template to MS CA Server
In this section the student will make the necessary changes to the Microsoft Certificate
Authority server, to prepare it to create CA Signed certificates for Expressway.
This next section although not part of the Cisco UC solution and is not a function
of the Microsoft CA server. This section was included because it is mandatory to
create a new CA template in MS CA server to create server certificates for
Expressway.
This template only needs to be created once on the MS CA server and can be
reused each time you need to create CA Signed certificates for the Expressway
servers.
The new Client Server Template will be used again later in this lab for the Jabber Guest
Expressways
Step 358 Click Start All Programs Administrative Tools Certification
Authority on the SiteB-AD RDP session (Should already be on this server)
Step 359 Click the + (plus sign) next to siteb-SITEB-AD-CA to open the sub-folders
Step 360 Click and highlight Certificate Templates
Step 361 Right click certificate templates and select Manage from the pop-up menu
Step 362 Click and highlight Web Server from the Certificate Templates Console
Step 363 Right click Web Server
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 102 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 364 Click Duplicate Templates from the pop-up menu
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 103 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 525 Click the Request Handling, Tab
Step 530 Click Add on the Edit Application Policies Extension pop-up window
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 104 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 533 Click OK to confirm the addition of Client Authentication
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 105 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Configuration of Certificates to prepare for Implementing Traversal Zones
In this section the student will generate and upload the appropriate certificates on the
Expressways and create a Traversal Zone between the Es and Cs so they can communicate
with each other.
After you have neighbored with the traversal client you can:
Provide firewall traversal services to the traversal client
Query the traversal client about its endpoints
Apply transforms to any queries before they are sent to the traversal client
Control the bandwidth used for calls between your local Expressway and the traversal
client
Note: traversal client-server zone relationships must be two-way. For firewall traversal to
work, the traversal server and the traversal client must each be configured with the others
details. The client and server will then be able to communicate over the firewall and query
each other.
Step 544 Switch to the first Tab on Firefox, to return to the MS Certificate Server Web
Page
Step 546 Enter Administrator in the Field of the pop-up login window (if presented)
Step 547 Enter Cisc0123 in the Password field of the pop-up login window (if
presented)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 106 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 553 Click Save in the pop-up window at the bottom of the IE Screen
Step 554 Click the Download Arrow in the upper left corner of Firefox
Step 555 Click the Folder next to certnew.cer file to browse the folder where the new
CA Root Certificate was downloaded to
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 107 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 559 Close Windows File Explorer
Step 561 Login in to SiteB-ExpC01 with the following credentials (if needed)
a. Username admin (lower case)
b. Password Cisc0123 (case sensitive)
c. Click Login
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 108 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 571 Enter the following information
a. Common Name FQDN of Expressway
b. Subject Alternative Names FQDN of Expressway Cluster Plus
FQDNs of all peers in the cluster
c. IM and Presence chat note aliases delete entry
d. Key Length (in bits) 2048
e. Country US
f. Sate or province CA
g. Locality (town name) San Jose
h. Organization (company name) Cisco
i. Organizational Unit Cisco
j. Click Generate CSR
Step 577 Click CTRL-C to copy the text into your computer buffer
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 109 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Be careful not to change anything in this certificate while you have it open in
Notepad. It is not easy to troubleshoot if something changes in this file.
Step 579 Switch to the MS Certificate Server web admin page tab in Firefox
Step 580 Click on the Favorite link Certificate Service to bring the CA server web
admin to the home page
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 110 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 581 Click Request a Certificate
Step 584 Press CTRL-V to paste the CRS test into the
saved request field
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 111 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 589 Select Save File
Step 591 Click the Download Arrow in the upper right corner or Firefox
Step 598 Switch to the SiteB-ExpC01 tab in the Firefox browser on SiteB-AD RDP
session
Step 599 Click Browse at the bottom of the server certificate screen to upload a new
certificate
Step 601 Find and select the SiteB-ExpC01Cert.cer from the downloads directory
The browser will reinitialize and ask to accept the certificate again.
Step 608 Click Restart from the yellow warning message at the top of the Server
Certificate page
Step 612 Login with the following credentials (if logged out)
a. Click Home
b. Username admin
c. Password Cisc0123
d. Click Login
Step 626 Observe and confirm the CRL was uploaded successfully
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 114 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 629 Enter the following information
a. Common Name FQDN of Expressway
b. Subject Alternative Names FQDN of Expressway Cluster Plus
FQDNs of all peers in the cluster
c. IM and Presence chat note aliases delete entry (if any)
d. Key Length (in bits) 2048
e. Country US
f. Sate or province CA
g. Locality (town name) San Jose
h. Organization (company name) Cisco
i. Organizational Unit Cisco
j. Click Generate CSR
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 115 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 630 Click Download, to download CSR file
Step 633 Click Format Word Wrap in Notepad to see the whole file (if needed)
Step 635 Click CTRL-C to copy the text into your computer buffer
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 116 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 640 Click Advanced Certificate Request
Step 648 Click the Download Arrow in the upper right corner or Firefox
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 117 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 649 Click the File Folder
Step 655 Switch to the SiteB-ExpE01 tab in the Firefox browser on SiteB-AD RDP
session
Step 656 Click Browse at the bottom of the server certificate screen to upload a new
certificate
Step 657 Find and select the SiteB-ExpE01Cert.cer file from the Downloads directory
The browser will reinitialize and ask to accept the certificate again
Step 663 Observe the certificate has been uploaded but the system needs a restart
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 118 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 664 Click Restart from the yellow warning message at the top of the Server
Certificate page
In this section the student will configure the Traversal zones between the Es and Cs so
they can communicate across the firewalls.
Step 667 Switch to the SiteB-ExpE01 web admin Firefox tab (if not all ready there) on
the SiteB-AD RDP session
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 119 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 676 Enter Cisc0123 in the password field
Step 679 Fill in the following information (leaveing all un-mentioned fields at default):
a. Username TraversalAdmin
b. H323 Mode Off
c. Unified Communications Service Yes
d. TLS Verify Mode On
e. TLS Verify Subject Name SiteB-ExpC-Cluster01.siteb.com
f. Media Encryption Mode Forced Encrypted
g. Authentication Policy Treat As Authenticated
h. Click Create Zone
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 120 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 680 Switch to SiteB-ExpC01 tab in Firefox on SiteB-AD RDP Session
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 121 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 685 Fill in the following information:
a. Username TraversalAdmin
b. Password Cisc0123
c. H323 Mode Off
d. Port 7001
e. Unified Communications Service Yes
f. TLS Verify Mode On
g. Media Encryption Mode Forced Encrypted
h. Authentication Policy Treat As Authenticated
i. Peer 1 Address siteb-expe01.siteb.com
j. Peer 2 Address siteb-expe02.siteb.com
k. Click Create Zone
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 122 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Observe that SiteB-ExpC01 show active traversal zone
Step 686 Click Configuration Zones Zones
Step 687 Click TraversalZoneSiteB
Step 688 Scroll to the bottom and observe that the State status is Active
If there is a warning or a connection has failed, wait a min and try to go back
in again. Sometimes it takes a minute or so to update and connect.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 123 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Validate Internal and External Jabber Client Usage
In this section the Cisco Jabber client on the workstations well be logged into both the
Internal and External UC services. By connecting to the Expressway-E while on the Internet
the Cisco Jabber client is able to register with CUCM without having to create a VPN
connection first.
In this section the student will test the preconfigured system with the Jabber Clients
connected to the local internal network.
Step 695 Use the following login credentials (if login is needed)
a. Username aace
b. Password Cisc0123
c. Click Login
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 124 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 697 Observe when the CIPC (desk phone) goes off
hook the Jabber Presence changes to On a
call
Step 704 Observe that Alex Ace, in the contacts list, has a
presence indicator of amber that reads Gone To The
Beach
Step 705 Hover your mouse over Alex Ace in Blakes contact
list. The Icon of a phone handset on the right side of Alexs name appears.
Step 706 Click the Call Icon
Step 707 Click Alexs Work Number, to call Alex
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 125 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 710 Observe on Alexs Jabber Client that the status is still
Gone to the beach. This is because she manually set it.
On Blake Bads Jabber client, however, it indicates On A
Call.
Step 711 Click the Red Hand Set on the Blake Bads conversation
window to disconnect the call
Both workstations are virtual machines in our lab, and there for do not have
a video camera attached to the workstation. e2eSoft VCam virtual video
driver has been installed on both workstations.
Although video was not needed for this lab, A video driver was required for
the Jabber Guest part of this calls.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 126 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Jabber Client Internal Voice Mail Validation Test
In this section the student will validate that both workstations are connected to Unity
Connection voice mail
Step 714 Click the Voice Mail tab on Alex Aces Jabber client
Step 715 Observe that it indicates that she does not have any
VM at this time, but is connected to voicemail
Step 719 Click Help Show Connection Status, on Blakes Jabber client
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 127 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 720 Observe Blakes Jabber Connection status
Step 721 Close Connection Status, on Blakes desktop when done observing
Step 722 Click the Voice Mail tab on Blakes Jabber client
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 128 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Moving SiteB-WS02 From The Internal To The External (internet) Network
In previous sections of the lab the SiteB-WS01 & SiteB-WS02 workstations have been
connected to the internal corporate network. In this section SiteBWS02 workstations will be
moved out of the corporate office and connect Jabber to the CUCM via the Expressways
without a VPN connection.
Step 724 Switch to siteB-WS02 (172.19.X.202 Blake Bad) RDP Session (if not already
there)
Step 725 Click the DOS Prompt icon on the task bar at the bottom of the desktop
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 129 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 727 Observe that the workstation is on the .2 network (3rd Octet), the .2 network
is the internal corporate network
Step 728 Type nslookup and press Enter to enter into nslookup mode
Step 733 Observe that the _cisco-uds is able to be resolved and that _collab-edge was
not able to be resolved since we are still internal
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 130 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 740 Observe the IPv4 Address of the two CFS (disregard the Dyslexic lab
developer, CFS should be CSF). Notice that both CSF devices are registered
on the .2 network
Step 742 Click File Exit on SiteB-WS02 Jabber Client to exit the app
The External Network On bat file turns off the internal network card
and turns on the external network card.
The Internal Network On bat file does the oppsit it turns off the
external network card and turns on the internal network card.
The two bat files move the SiteB workstations between the internal
network and the mock lab internet.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 131 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 744 Click Run as Administrator from the pop-up menu
Step 745 Click Yes to allow the application to make changes to the computer
When you click YES in the previous step, the RDP session will drop. In the
following steps an RDP connection will be created to the new workstation address
Step 747 Enter 172.19.X.241, (x=pod#) in the Computer filed (workstations outside
address)
If the new RDP connection to .241 does not connect at first wait 30 seconds and
try again. It takes a little time for the network to converge.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 132 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 754 Click Accept on the SiteB-ExpE01.siteb.com invalid certificate (If jabber is
open it will reconnect and an invalid certificate will be presented.)
Step 755 Click Accept on the SiteB-ExpE02.siteb.com invalid certificate (If jabber is
open it will reconnect and an invalid certificate will be presented.)
The student should now be RDPed to SiteB-WS02 via the external address. This section will
validate that connection.
Step 756 Click the Command Prompt icon on the task bar at the bottom of the
desktop
Step 758 Observe that the workstation is on the .3 network (3rd Octet), the .3 network
in our lab is the MOCK internet which confirms the network change
Step 759 Type nslookup and press Enter to enter into nslookup mode
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 133 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 764 Observe that the _cisco-uds is NOT able to be resolved and that _collab-edge
IS able to be resolved, which is opposite form the previous section
Step 771 Observe the IPv4 Address of the two CFS (disregard the Dyslexic lab
developer, CFS should be CSF). Notice that one CSF devices is registered on
the .201 which is SiteB-WS01 and is still connected to the internal network.
But the CFSUSER02 is connected to .143 which is the address of Expressway-
C
Step 772 Switch back to SiteB-WS02 (172.19.X.241 Blake Bad) RDP Session
Step 773 Double click the Jabber Icon on the desktop to open Jabber (If not all ready
open)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 134 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 774 Accept any and all Invalid Certificates
Step 775 Click Help Show Connection Status, on the Jabber client
Step 776 Observe that softphone is connected to Expressway, also notice that the
Voicemail is not connected. If Directory is not connect try search for a user
with at least 3 charters in the search and it should connect
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 135 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Creating a White List entry for VoiceMail on Expressway-C
In this section the student will create a white list entry for the voicemail server that will
allow the Jabber clients to access voicemail services.
Jabber client endpoints may need to access additional web services inside the
enterprise. This requires an "allow list" of servers to be configured to which the
Expressway will grant access for HTTP traffic originating from outside the
enterprise.
The features and services that may be required, and would need whitelisting,
include:
Visual Voicemail
Jabber Update Server
Custom HTML tabs / icons
Directory Photo Host
The IP addresses of all discovered Unified CM nodes (that are running the CallManager or
TFTP service) and IM&P nodes are added automatically to the allow list and cannot be
deleted . Note, however, that they are not displayed on the HTTP server allow list page.
Step 781 Click Expressway SiteB-ExpC01, or switch to the tab that already has
SiteB-ExpC01 open in it
Step 787 Enter Visual VoiceMail White List, in the description field
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 136 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 788 Click Create Entry
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 137 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 796 Press the Triangle Play button on some of the VMs to test if they play. The
audio if any will be garbbled due to lab issues, but you should see the play
status bar moving across the VM if you cant hear it.
Step 798 Hover the mouse over Alex Ace, in Blakes contact list
Step 802 Click Answer, on the Incoming Call pop-up window in the lower left corner
The call that is active right now is a call between Blake Bad (SiteB-WS02) external
and connected via the Expressway, and Alex Ace (SiteB-WS01) connected on the
internal network.
Step 805 Click Expressway SiteB-ExpC01, or open Firefox tab with SiteB-ExpC01
already open in it
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 138 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 806 Enter the following credentials to login in
a. Username admin (lower case)
b. Password Cisc0123 (case sensitive)
c. Click Login
Step 807 Observe that on the main Status Overview status page there is one
current call. At this time the Expressway-C shows this as a video call
Step 810 Click the Start Time link for this call
Step 813 Observe the call history log (there might not be any calls here till you end the
first call)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 139 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 815 Click the Red Phone Handset, to disconnect the call
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 140 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
JST Features Task 6: Adding User Photos to Web Server
In this section the student will configure the jabber-config.xml file to point to our network
web server for the Jabber Clients to obtain the user photos at login. In previous sections of
the lab the Jabber Clients used EDI to obtain the photos from the Active Directory.
Activity Objective
Required Resources
To complete this section of the lab the student will need a computer that is connected to the
lab via VPN, and an RDP connection to your pods SiteB-AD (172.19.X.120).
To resolve contact photos with UDS, you specify the format of the contact photo
URL as the value of the
UdsPhotoUriWithToken parameter. You also include a %%uid%% token to
replace the contact username in
the URL, for example,
<UdsPhotoUriWithToken>http://server_name/%%uid%%.jpg</UdsPhotoUriWithToken>
UDS substitutes the %%uid%% token with the value of the userName attribute in UDS. For
example, a user
named Mary Smith exists in your directory. The value of the userName attribute for Mary
Smith is msmith.
To resolve the contact photo for Mary Smith, Cisco Jabber takes the value of the userName
attribute and
replaces the %%uid%% token to build the following URL:
http://staffphoto.example.com/msmith.jpg
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 141 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Configure jabber-config.xml
Step 817 Double click the Jabber Config folder on the desktop
Step 821 Add the following line of code in the directory section of the jabber-
config.xml. You should be able to copy and paste the line below
<UDSPhotoURIWithToken>http://10.1.3.20/userphotos/%%uid%%.jpg</UDSPhotoURIWithToken>
The whole file should look like this when the one line is added just in
the directory section:
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 142 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 823 Click File Save on notepad
Step 825 Open Firefox, on SiteB-AD (172.19.X.120) RDP session, or create a new
tab in the session of Firefox that is already open
Step 826 Click SiteB-UC SiteB-CUCM911 from the Firefox favorite bar
Step 828 Select Cisco Unified OS Administrator, from the navigation drop-down in
the upper right corner of the login page
Step 832 Select Cisco Unified OS Administration, from the navigation drop-down
menu
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 143 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 838 Select Desktop from the left side navigation pane
Step 846 Select Cisco Unified Serviceability, form the Navigation drop-down
window
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 144 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Testing jabber-config.xml
In this section the student will point a browser to the URL below and it should retrieve the
jabber-config.xml from the CUCM TFTP server. All changes should be reflected in the output.
Step 855 Open Firefox, on SiteB-AD (if not already open), or open a new tab in
Firefox
The browser should present the output that is shown below, with the edit
that was made to the Directory section
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 145 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
White List Web Server
The student will add the web server with the photos on to the allow list on expressway, so
the Jabber client is permitted to access the web server.
Step 866 Switch to SiteB-WS02, (172.19.X.241 Blake Bad) this workstation should
still be connected to the external network from a previous section
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 146 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
If the system does not say Expressway do the follow to switch SiteB-WS02 to the
external network.
Step 867 Click the Contacts tab on the left side of Cisco Jabber
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 147 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 868 Observe that the Cisco Jabber contacts for Blake Bad do not have any
pictures (due to lab variations sometimes the pictures are still showing form
AD, this is OK keep going)
Step 869 Click Gear File Exit, on the Cisco Jabber client to close it on SiteB-
WS02
The bat file erases the Jabber directory and all sub directories below it in two
location on the local workstation.
C:\Users\bbad\AppData\Roaming\Cisco\Unified Communications
C:\Users\bbad\AppData\Local\Cisco\Unified Communications
Step 870 Right Click EraseJabber_WS02.bat, bat file on the SiteB-WS02 desktop
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 148 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 872 Click Yes to allow the app to change the computer
Step 873 Double click the Jabber Client icon to open Jabber
Step 874 Enter the following credentials to login to the Jabber client
a. Email Address bbad@siteb.com
b. Click Continue
c. Username bbad@siteb.com (pre-filled in)
d. password Cisc0123
e. Sign me in when Cisco Jabber start Checked
f. Click Sign In
In the next step when the Jabber client obtains the user photos
from the Mock Internet Web server, notice that the pictures look
WEIRD. They have intentionally changed with a special effect so
they look different then the pictures in the internal Active Directory
to help the student very quickly realize this is a different set of
pictures.
In most production network there will usually only be one source for the photos
unlike the experience we have just stepped through in the lab.
Step 876 Observe that the Jabber Client now has pictures that
were retrieved from the web server (notice the
pictures have been made to look weird to prove the
difference in source of the photos)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 149 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Section 4: Appendix
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 150 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Appendix A: ExpressWay Options Keys for JSTII Lab
The option keys in this lab only apply to the server deployed in this lab due to the
automatically generated serial number on each Expressway at the time of deployment.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 151 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Appendix B: CUCM Server Name change to FQDN
Open a browser on your desktop and navigate to 172.19.X.110, where X = your pod
number (for example 172.19.22.110 = pod 22)
Password Cisc0123
Step 7 Observe that the CUCM and IMP servers are only entered into the database as
hostnames, this is the default install configuration
All UC Servers in this lab are upgraded from 9.1.1 to version 10.0.1. Due to time
constraints the server hostnames and DNS entries have been left as 9.11
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 152 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 12 Click Go, on related links to go back to Find/List
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 153 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Appendix C: Bootstrap Jabber for Windows Install
The CiscoJabberProperties.mst is used to modify the CiscoJabberSetup.msi to create
custom installers. When installing the custom Jabber Install MSI file, edited by Orca, it is
now referred to as a Bootstrap install.
The CiscoJabber-Admin-ffr.9-6 will be downloaded to the SiteB-AD server for use with
this lab. There are only a few entries that are different between the 9.6 and the 9.7 Admin
file, and the additional settings are not needed for this lab. (The 9.7 admin file was not
ready for the we released of this lab)
The Microsoft Orca program from the Microsoft Windows SDK has been installed on the
SiteB-AD server for use with this lab. The Jabber admin might need to edit the Cisco
JabberSetup.msi Installer package (.msi) files directly to customize the installer for their
particular deployment needs. The Orca database editor is a table-editing tool available in
the Windows Installer SDK and can be used to edit your .msi files. This lab discusses how to
use the Orca editor to modify the lab .msi files.
Warning Editing an MSI file can cause serious problems that may leave your
system in an unstable state. Cisco Systems cannot guarantee that problems
resulting from the incorrect use of the MSI file editor can be solved. Modifications
of the MSI file of a shipping product should only be attempted under direct
instruction from the product's vendor. Always make a copy of the file(s) being
modified.
In this section we are going to edit a Jabber MSI install file which is hardcoded to
install with additional parameters to make the end user first login experience
shorter and less frustrating.
This configuration also means the Jabber client will look for a CUCM server by
default using the _cisco-uds SRV Record created earlier in the lab.
Activity Objective
In this activity the student will edit and repackage the CiscoJabberSetup.msi with the
Microsoft Orca app as well as perform a bootstrap install, configure, and operate the Cisco
Jabber Client for Windows.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 154 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Required Resources
A personal computer VPNed into the lab environment and two RDP sessions into the lab. On
to the SiteB workstations and the second to the SiteB-AD server.
If you have not logged into the student workstations please return to the logging into the
student remote workstations section to login to the student workstations
Editing and Repackaging the CiscoJabberSetup.msi install file
In this section the student is going to download TWO files from Dropbox, one MSI and one
MST file. These two files will be downloaded to Siteb-AD, and used to create a Jabber Client
Bootstrap install.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 155 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 6 Browse to the following URL http://tinyurl.com/CiscoJabberMST to
download the CiscoJabber MST Properties file
Step 10 Start Microsoft Orca by clicking the Killer Whale icon on the task bar on of
the SiteA-AD server (172.19.x.120)
Step 18 Click OK
Step 19 Click Transform Apply Transform
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 156 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 20 Browse to C:\Users\Administrator\Downloads (should already be here)
Step 26 In the Property window scroll down to the green outlined properties (right
pane)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 157 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
There are many different customizable fields in the MSI file. In this lab we
will change two: Service_Domain and Clear. By setting Clear to 1 you
enable Jabber directories to be deleted during upgrade or uninstall. To see
more about the different fields Click Here
Step 27 Enter siteb.com in the Value for the SERVICE DOMAIN property field
Step 29 Now select and highlight USE FT GATEWAY, 3rd from the top of the green
bordered list
Step 31 Select EXCLUDE SERVICES, while holding shift key it should highlight all the
fields except the two that were edited
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 158 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 32 Click Table Drop Rows from the Orca menus. Only two green outlined
rows should remain as seen below
Step 38 Click OK
Step 39 Click File Save Transformed As
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 159 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 42 Click Save
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 160 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Bootstrap Jabber Install on Remote SiteB-WS02 Using the Custom MSI File
Default Configuration
In most environments, Cisco Jabber for Windows does not require any configuration to
connect to the CUCM server and perform directory queries.
In on-premises deployments, Cisco Jabber for Windows uses the _cisco-uds SRV record to
automatically discover Cisco Unified Communications Manager. If you add a DNS SRV record
for the _cisco-uds service name in the DNS server on the CUCM server domain, Cisco
Jabber for Windows can automatically connect to that CUCM server.
For directory integration in on-premises deployments, Cisco Jabber for Windows uses
Enhanced Directory Integration by default. If you install Cisco Jabber for Windows on a
workstation that is registered to an Active Directory domain, Cisco Jabber for Windows
automatically discovers the directory service and connects to a Global Catalog in the
domain.
In cloud-based deployments, Cisco WebEx Messenger provides Cisco Jabber for Windows
with presence capabilities and contact resolution. You perform all configurations for Cisco
Jabber for Windows using the Cisco WebEx Administration Tool. However, you can configure
Cisco Jabber for Windows in hybrid cloud-based deployments with additional options.
Custom Configuration
You do not install Cisco Jabber for Windows on a workstation that is registered to an
Active Directory domain.
You plan to connect to Cisco Unified Communications Manager User Data Service or
another supported LDAP directory instead of EDI.
You need to specify custom settings so that Cisco Jabber for Windows can correctly
use your directory service. Custom directory settings include the following:
o Attribute mappings
o Connection settings
o Contact photo retrieval settings
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 161 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
You plan to deploy with custom policy configuration such as the following:
In the previous section we used Microsoft ORCA to customize the MSI file, in this
section of the lab we are going to use the newly created MSI file to install our
second student workstation with Jabber. The end result is the end user will skip
the email section of sign-in and go right to logging in.
The same result could be achieved by using the command line install that follows,
from the directory that the MSI directory exists in.
Step 49 Double Click SiteBJabberInstall to start the Jabber installation (wait for it)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 162 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 51 Click Accept and Install
Step 52 Click Yes, to allow the following program to make changes to this computer
(This window takes a min to pop up)
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 163 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 56 If the remote desktop screen is minimized (not full screen) Jabber will most
likely open to the far right on the screen. If this happens scroll to the right to
see Jabber on the screen.
Notice in the screen shot the entries that were added to the MSI
install file are in the jabber-bootstrap file
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 164 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
Step 57 DO NOT login to SiteB-WS02s Jabber client at this time
In a previous section of this lab the student installed Cisco Jabber default MSI
install file on SiteB-WS01. After the install the student logged in the Jabber client
as Alex Ace. During the login process the Jabber client presented five invalid
certificates.
The next task focuses on Certificate Management. At the end of the task
SiteB-WS02 Jabber client we be logged in as Blake Bad and the Jabber
client should NOT present any invalid certificates.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 165 of 166
The Ultimate Cisco Jabber Specialist 2 Lab
End Of Lab
This concludes the lab. On behalf of the Americas Partners Organization Solutions
Readiness Engineers we thank you for taking the time to complete this lab. We hope that
this lab surpassed your goals and expectation and was a very useful and positive learning
experience for increasing your knowledge of Ciscos Collaboration products.
Thank you for taking our lab and as always thank you for using Cisco products.
Lab Guide Version 3.5 Presented by The Solutions Readiness Engineers Page 166 of 166