Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Goal

Create a trusted relationship between two SIP domains based on Mutual TLS authentication between two SIP proxies, for Microsoft Live Communication Server. Microsoft refers to this as 'federation'.

Applicability

Inter-domain SIP routing over TLS. We enable end-users of domain A to communicate with end-users in domain B over their home proxy to the proxy of domain B. All connections use TLS:

      User Agent A   ->   accessproxy domainA   ->   proxy domainA   ->   proxy domainB   ->   accessproxy domainB   ->   User Agent B

Prerequisites:

  • MS Windows 2003 server SP1
  • MS Live Communications Server 2005 SP1 is installed
  • Both LCS servers should have an accompanying LCS server in 'Access Proxy' mode installed. The relationship between SIP domains is established between these Access Proxies. TLS is used on port 5061 so all firewalls should allow this TCP traffic, as well as UDP>1023. Public TLS certificates are preferred on both Access Proxies.

Configuration

On both Access Proxies, perform the following actions:

...

In some cases, messages might not get through. See also: http://support.microsoft.com/kb/924604/en-us

OS specific help

So far, no other UAs than MS Windows Messenger or Office Communicator are know to be able to register at MS LCS.

Validation, confirmation tests

Register a UA in both domains as follows:

In MS Windows Messenger 5.1 (or similar in Office Communicator) choose:

  • Tools ->
  • Options ->
  • Accounts tab ->
  • enable 'my contacts include users of a SIP communications service' and fill in under 'sign-in name:' <username>@<domain>

register each UA with the LCS server.

Call from domainA to domainB and vice versa. Watch presence status change and check whether instant messages can be exchanged.

If it succeeds, your configuration is valid.