Friday, August 29, 2008

Sametime Gateway configured for Yahoo and AOL communities

Sametime Gateway configured for Yahoo and AOL communities.

Steps to counter issues:
1. Opening the correct ports on the firewall
2. Registering IBM Lotus Sametime Gateway
3. Certificate
4. Reverse Lookup


----Here are some notes and links that helped us, when setting up the Sametime Gateway with external communities.

1. Opening the correct ports in the firewalls

a. Port 1516 on the internal firewall to each Sametime community server in the local Sametime community, allowing both inbound and outbound traffic between Sametime Gateway and each community server.
b. Port 389 on the internal firewall to the LDAP directory, or port 636 if LDAP access is over SSL.
c. Port 50000 on the internal firewall to a DB2 server.
Open the following ports on the external firewall as needed:
d. Port 5269 on the external firewall to Google Talk and Jabber.
e. Port 5061 on the external firewall to external Lotus Sametime, AOL, or Yahoo! Messenger™ communities using a secure TLS/SSL connection.
f. Port 5060 on the external firewall to an external Lotus Sametime community (only if using a non-TLS/SSL connection).
g. Port 53 on the enternal firewall to external DNS servers to resolve the fully qualified domain name of external community servers.

Other helpful links:
1.
Connecting the local Sametime server to Sametime Gateway
2. Connecting to instant messaging communities


2.)Registering your Sametime Gateway with AOL and Yahoo!
Need to register your IBM Lotus Sametime Gateway. What is the Passport advantage site number? Two choices here:

1.) If you used IBM Passport AdvantageIf you acquired licenses for IBM Lotus Sametime Standard or Lotus Sametime Advanced using the IBM Passport Advantage Web site, then register your IBM Lotus Sametime Gateway directly using the Lotus Sametime Provisioning Application.
2.) If you did not use IBM Passport AdvantageIf you did not acquire licenses for IBM Lotus Sametime Standard or Lotus Sametime Advanced through IBM Passport Advantage, then register your IBM Lotus Sametime Gateway by e-mailing the required information to the provided address. For example, if you are an IBM Business Partner or have purchased IBM Lotus Sametime Standard for Cisco Unified Communications from Cisco or an authorized Cisco reseller, you must use this procedure.

----We did not use IBM Passport Advantage, we used Partner
world:

We needed to fill out the information for
registration. Here is the info we were asked:

Registration Code:
· Registration code
This is available on the Lotus Sametime for Cisco Unified Communications software DVD. If you are an IBM Business Partner, you can get this code from your Business Partner representative.
Technical information:
· Gateway host name (the fully qualified domain name of your gateway; for example: stgateway.company.com)
· The port on which you want to accept incoming TLS/SIP requests (port 5061 is used by default)
· Gateway certificate common name
· Gateway certificate issuer
· SIP realm to be used (for example: company.com)
· Do you wish to be provisioned for AOL AIM?
· Do you wish to participate in the AOL Clearing House?
· Do you wish to be provisioned for Yahoo Messenger?
Contact information:
· Company Name
· ID or Order # (If IBM Business Partner, use Partnerworld ID #; otherwise, use Order #)
· Contact first/last name
· Contact e-mail address
· Contact telephone number
Contact instant messaging address (optional)_________________________________________________________




5.) Certificate




----Filled out all of the info but we were missing a
certificate name

So we needed to:
Generate a CSR:

· Generate the CSR using the Integrated Solutions Console on the Gateway

· Thawte Server CA which is accepted for AOL and Yahoo: SSL 123 certificate.

· STGatewaySSLRequest.arm is copied and pasted on the website.

---Thawte’s website provides a way to test the certificate for errors in the information you provide.

We were able to generate a successful request and purchased the SSL
123 certificate on their website.

We finished filling out
the registration form with the certificate information we had just generated and
completed the form to be sent.

A couple of days later we received
confirmation that the Gateway was registered with IBM and they passed the
information over to Yahoo and AOL.

7.) Reverse Lookup


---Still not showing a connection in the Integrated Solutions
Console for the Gateway even after registration.
















----Reverse Lookup not resolving correctly according to this
tech note:

http://www-1.ibm.com/support/docview.wss?rs=477&context=SSKTXQ&dc=D600&uid=swg21303292&loc=en_US&cs=UTF-8&lang=en#Enabling%20Reverse%20DNS%20Lookup



Check reverse lookup on this website: http://dns.kify.com/


---Still not resolving to gateway, shown in the following screen shot:



















--Checked our DNS provider for reverse lookup. We
did not have a class-C type of network so we contacted our ISP, Comcast, and
asked them to create a reverse lookup for our gateway














----It took about a day to see the results, and we had to
contact our ISP a couple of times but it finally resolved correctly:













8.) Import certificates on the Gateway.

---Finally, we see green arrows. Success at
last

Sametime Connect Client and Yahoo or AOL












---We have been able to add contacts to our with full
awareness






































No comments: