Monday, October 22, 2007

Accessing Exchange 2007 Unified Messaging: Part 4 – Configure the sipX Server (sipX 3.8/Centos 5)

--------------------------------------
Update: 22/10/2007 - Replaced the old post with instructions for a new Centos 5 VM and sipX 3.8
--------------------------------------

Initial Configuration

Download the Centos 5 Minimal Installation VMware Appliance from the VMWare Appliance Marketplace.

Start your sipX VMWare virtual machine. Log in as root, with the password password and change the password by typing passwd at the command line. Type netconfig, and select Configure and assign a fixed manual IP address to this PC.

Now we need to set the hostname for this server. Use the nano editor to edit the network configuration file, and change HOSTNAME to sipX.lithnet.local. When done, press Ctrl-X, then Y, then enter to save the file.

nano /etc/sysconfig/network

In order for sipX to install, we need to disable SELinux. Edit the SELinux config file by typing nano /etc/selinux/config and change SELINUX=ENABLED to SELINUX=DISABLED.

Run the following commands in this order, and to all the Windows kids like me, remember that Linux is case sensitive, so take note of the uppercase X in the URL below (yes I stuffed it up myself and it took me about 20 minutes to work out why it was failing – silly muppet).

wget -P /etc/yum.repos.d/ http://sipxecs.sipfoundry.org/pub/sipXecs/sipxecs-stable-centos.repo
yum -y install sipxpbx sipxconfig sipxproxy sipxregistry

(If you want to use sipx as the main PBX (without using Asterisk - not recommended), then install additional modules as required as specified on the sipfoundry web site)

Now we need to fix the SSL certificates. If you have a CA on your network, you can have it generate a certificate for these purposes. Otherwise, we can just generate a self signed certificate using the following commands.

/usr/bin/ssl-cert/gen-ssl-keys.sh

This will prompt you for several pieces of information. Enter the appropriate information, and the following values when prompted.

CA Common Name: SelfSigned
SIP domain name: lithnet.local - The domain name of your installation
Full DNS name for the server: sipx.lithnet.local - Enter fully qualified hostname of your sipX server
Type the following to install the certificate.

/usr/bin/ssl-cert/install-cert.sh sipx.lithnet.local

Now we need to configure the Exchange gateway and rules. Normally, this XML is generated automatically by the web interface as we modify the gateway and dial plan options. We have to do this manually, because the web interface doesn't provide us a way to force sipX to use TCP for a particular gateway. If we configure our dial plans through the web interface, sipX tries to contact Exchange first using UDP, which more often than not results in a timed-out call. The sipX team is working to more natively support Exchange configuration through the web interface in the future. I will keep you posted.

At the sipx command prompt, type

wget -P /etc/sipxpbx/ http://lithiumblue.com/config/external_mappingrules.xml

to download the preconfigured mappingrules file needed to force TCP communication with Exchange. Type nano /etc/sipxpbx/external_mappingrules.xml to modify the file and replace the hostname values as shown below with your own. If for some reason you cannot download the file with wget, you can type it out manually as it appears below.

<?xml version="1.0" encoding="UTF-8"?>
<mappings xmlns="
http://www.sipfoundry.org/sipX/schema/xml/urlmap-00-00">
<hostMatch>
<hostPattern>${SIPXCHANGE_DOMAIN_NAME}</hostPattern>
<hostPattern>${MY_FULL_HOSTNAME}</hostPattern>
<hostPattern>${MY_HOSTNAME}</hostPattern>
<hostPattern>${MY_IP_ADDR}</hostPattern>
<userMatch>
<!--ExchangeDialRule-->
<userPattern>2xx</userPattern>
<permissionMatch>
<transform>
<host>dc1.lithnet.local</host>
<urlparams>transport=tcp</urlparams>
<fieldparams>q=0.9</fieldparams>
</transform>
</permissionMatch>
</userMatch>
<userMatch>
<!--ExchangeVoicemailRule-->
<!--Note this is only to handle diversions for local sipX 3xx extentions-->
<userPattern>3xx</userPattern>
<permissionMatch>
<permission>Voicemail</permission>
<transform>
<user>222</user>
<host>dc1.lithnet.local</host>
<urlparams>transport=tcp</urlparams>
<headerparams>Diversion=&lt;tel:{digits}&gt;;reason=no-answer;screen=no;privacy=off</headerparams>
<fieldparams>q=0.9</fieldparams>
</transform>
</permissionMatch>
</userMatch>
</hostMatch>
</mappings>

The above rule ensures that calls for 2xx are sent to the Exchange server, and that sipX only communicates with it using SIP/TCP. It also enables diversion to Voicemail for calls to the sipX extensions (3xx). This is independent of the procedure to setup Trixbox/Asterisk to divert to voicemail. The sipX and Asterisk diversion configurations are completely independent of each other.

Now we need to tell sipX that it is responsible for routing calls to 2xx. Without this the calls would be rejected. At the sipx command prompt, type

wget -P /etc/sipxpbx/ http://lithiumblue.com/config/external_authrules.xml

to download the preconfigured authrules file. Type nano /etc/sipxpbx/external_authrules.xml to modify the hostname in this file.

<?xml version="1.0" encoding="UTF-8"?>
<mappings xmlns="http://www.sipfoundry.org/sipX/schema/xml/urlauth-00-00">
<hostMatch>
<!--ExchangeDialRule-->
<hostPattern>dc1.lithnet.local</hostPattern>
<userMatch>
<userPattern>2xx</userPattern>
<permissionMatch/>
</userMatch>
</hostMatch>
</mappings>

In order for sipX to use these files we created, we need to add some lines into the config file. Type nano /etc/sipxpbx/sipxconfig.properties.in, scroll through the file, and locate the following lines or add them to the end of the file.
mappingRules.externalRulesFileName=/etc/sipxpbx/external_mappingrules.xml authRules.externalRulesFileName=/etc/sipxpbx/external_authrules.xml
Restart the server using the following command

reboot

After the server reboots, open your browser and navigate to the sipX server i.e. http://sipx.lithnet.local.

NOTE: There is approximately a 2 minute delay between the sipX services starting and being available. If you get an error message when loading the page, wait 2 minutes and try again.

If all goes well, you should be presented with an SSL certificate warning (if you used a self signed certificate). Accept this warning, and when prompted, enter a new PIN for the superadmin account. You will use this to log into sipXconfig on the next screen.

Gateway Configuration

Now we need to add a gateway to allow sipX to communicate with the Exchange Server. Click Devices on the top menu, Gateways, and select SIP Trunk from the Add New Gateway drop down list. Type the following information and press OK.

Name: ExchangeUMServer
Address: dc1.lithnet.local


Now we need to add another SIP trunk for the Asterisk server. Type the following information and press OK.

Name: AsteriskServer
Address: asterisk.lithnet.local

Dial Plans

Now we need to configure the dial plan. Dial rules are used to route incoming calls to the appropriate gateway. Click System on the top menu, followed by Dial Plans. In the Add New Rule drop down box, select Custom as our dialing rule type. Enter the following information and press OK.
Tick the Enabled box
Name: AsteriskDialRule
Description: Forward calls for 4xx-5xx to the Asterisk Server
Dialed Number, prefix: 4, and select 2 digits from the drop down list. Click Add to add new lines.
Dialed Number, prefix: 5, and select 2 digits from the drop down list. Add as many extension ranges as you require for your setup.

Resulting Call, Prefix: Leave the prefix blank, and select Entire Dialed Number from the drop down list
In the More Actions drop down box, select AsteriskServer under Existing Gateways.

Press OK to save and return to the dial plans list. Move the new dial plan to the top of the list, by ticking the box next to the new plan, and pressing Move up repeatedly. Order does matter, so it is at the top. If you don't plan on using the sipX server for any other SIP traffic, you can delete the other dial plans.

Activate the new plans by clicking the Activate button, and pressing OK when prompted for confirmation. Remember that whenever you make any changes to your dial plan, or modify your mapping and auth rule XML files, you must reactivate your dial plan for the change to take effect.

Add an Extension

We will now add an extension for testing purposes. This will help in your troubleshooting efforts should something not work. Click on Users on the top menu, click the Users menu item, and click Add User. Click Show Advanced Settings at the top of the page. Change the user ID to 300, assign a first name, last name, PIN, and SIP password to the account. Take note of the SIP password or change it to something you are going to remember. Press OK when you are done.

Configure the Fully Qualified Domain Name

Click the System menu and the Domain menu item, and enter the fully qualified domain name that the sipX server will use. When prompted, ensure you activate the new dial plans for our configuration changes to take effect.

Please note that the FQDN must be the same as the value you configured as the UM IP Gateway address on the Exchange UM Server.

We have now completed the configuration of the sipX server.

Next: Part 5 - Configuring the SIP Client
Previous: Part 3 - Configuring the Exchange Server

34 comments:

Dalcyon said...

>> wget -P /etc/yum.repos.d/ http://sipxecs.sipfoundry.org/pub/sipXecs/sipxecs-stable-centos.repo
yum -y install sipxpbx sipxconfig sipproxy sipregistry

Hi, isn't it sipxproxy sipxregistry ?

I'm trying to use it with OCS

Ryan said...

Hi,

Yes you are 100% correct. I have fixed the post... sorry!

Ryan

Matthias said...

Hi Ryan,

Thanks for your work with this step by step information.

Can you help me with my problem, i installed the sipx server on centos5 and the latest sipx. on reboot no errors, but when i enter in the browser sipx.domain.local i get the ssl warning but the i get the 404 error.

/sipxconfig not found

Do you know what i could have done wrong?

thanks
matthias

Ryan Newington said...

Hi matthias,

What does

service sipxpbx status
and
service sipxconfig status reveal?

Ryan

Matthias said...

Hi Ryan,

service sipxpbx status
--------------------------
Checking watchdog: OK
Checking keepalive: OK
Checking sipauthproxy: OK
Checking sipproxy: OK
Checking sipregistrar: OK
Checking sipxconfig: OK
Checking sipxpark: OK
Checking sipxpresence: OK
Checking sipxrls: OK
--------------------------


service sipxconfig status
--------------------------------
sipxconfig: unrecognized service
--------------------------------

thanks
matthias

Ryan Newington said...

Sorry,

i meant

service sipxpbx configtest

ryan

Matthias said...

Hi,

service sipxpbx configtest
------------------------------------------
Checking TLS/SSL configuration: OK
Checking rpm configuration file updates:OK
Checking selinux: OK
Checking apache: OK
Checking hostname: OK
Checking /etc/hosts file: OK
Checking /tmp directory: OK
Checking watchdog: OK
Checking keepalive: OK
Checking sipauthproxy: OK
Checking sipregistrar: OK
Checking sipxconfig: OK
Checking sipxpark: OK
Checking sipxpresence: OK
Checking sipxrls: OK
------------------------------------------

Matthias

Sean said...

Hi Matthias,

I had the same exact problem you had, and determined the issue to be that I had a typo in my sipxconfig.properties.in file (from where I added the mappingRules.externalRulesFileName). Once I correct that typo and reboot, all was well

Matthias said...

Hi,

I was able to log into sipx with the browser and to configure the sipx server, I used the sipx 3.8 and centos5 ISO and installed it on a pc not VMware and it worked.

But know i am having the problem with the sip software phone, it can not register y always get error code 503 registration error.

can you help me with this?

and thanks agian

matthias

Matthias said...

Hi Ryan,

Got it to work, thanks

Matthias

Robert Muller said...

Ryan,

I have been reading through your step by step articles. Great work! Thanks! Out of curiousity... for a standalone SipX server used for SIP-UDP to SIP-TCP conversion between asterisk and Microsoft Unified Messaging, what am I looking at as far as hardware as requirements? I was looking at making a standardized reliable box for Unified Messaging / Asterisk deployments.

Thx.
Robert

Ryan Newington said...

Hi Robert,

Very little as far as hardware requirements go. I have it running in a VM with 256MB RAM running along side 4 other VMs that do a lot more work, and it runs perfectly. As it is only used as a SIP translation service, it is basically forwarding packets. There is very little processing work done as it does not get involved with the audio stream at all.

Ryan

Kanishka said...

Hey
This is nice. Thank you for the time spent in doing this doc. Gr8 work.
Does anyone have a VMware image with SIPx installed. I tried this many times, but it does not install properly and lot of services failed in start.
I can give remote access to any one if they can install it on my vm mechine, then we can host a copy for everyone to download.

kani

JJ said...

I'd like to help out with the VM installation as well. Im about to test this on my exchange server at home. I will let you know if it goes well, then perhaps we could distribute a working VM.

Kanishka said...

hey i manage to install it, would u like a working VM image ?

JJ said...

Absolutely! Can we distribute it via torrent or how should we do it?

Abhijeet said...

Hi Ryan,

How can we configure TLS, i mean to say that where all in the sipx server we need to do configuration to enable TLS. Actually i wanted to make a call between two TLS enabled phones, but it's not working.

Ryan Newington said...

Hi Abhijeet,

You will have to refer that question to a sipx forum. Check the SipFoundry web site for details and online help.

http://www.sipfoundry.org/

regards

Ryan

CYBER KANI said...

hi
i have configured it and it works fine when i make a call from the user i created in sipx, but does not work , when i send a cal lfrom asterk, just stays connected and no voice. i use the codec G711

Ryan Newington said...

Hi kani,

see my post on troubleshooting (http://blog.lithiumblue.com/2007/04/accessing-exchange-2007-unified_8286.html). I recommend taking a packet capture and see what is going on. If codec negotiation was failing, the call would not connect, so that should not be the problem in this case.

Ryan

Matt said...

Is there an issue on line 39 of external_mappingrules.xml?

Should the greater than sign be after local?

dc1.lithnet.local>

-Matt

Ryan Newington said...

Hey Matt,

Thanks for picking that up. I've removed it from the file. Strange that sipx-validatexml didn't pick it up...

Ryan

Eric said...

Isn't it possible to leave the Asterisk out completely, and use sipXpbx/sipXecs as the PBX instead? Has anyone done this? As far as I understand, sipX will do about everything Asterisk will on the PBX functionality front. I'm looking for resources on how to accomplish this.

Anonymous said...

Hi Ryan,
I have very wierd problem, I am following your steps but I dont have the "sipxconfig.properties.in" file in my environment. Did I missed something? Plus what will happend if we dont install the SSL.

Zee

Ryan Newington said...

Hi Zee,

There may be a problem with the current build with one of the packages not being signed. It could be the reason that file is missing. Edit the repo and change gpgcheck=0 and then reinstall sipx.

I believe you must have the SSL component, but this may have failed to install because of the same problem above.

Ryan

Tom P said...

Hello Ryan,

Same question as Eric, regarding the use of sipX without Asterisk. If I can take one more element out of the chain that will be one less thing to troubleshoot. Thanks for the great article.

Ryan Newington said...

Hi Tom/Eric,

If you followed the steps of the guide, then you have already configured sipX to use Exchange for voicemail. This is done through the external_mappingrules.xml file. Just skip over the Asterisk parts of the guide.

You can use sipX on its own, but there is a lot that Asterisk can do that sipx cannot. Remember that Asterisk is a back-to-back user agent (B2BUA), while sipx is a SIP proxy.

Regards,

Ryan

Anonymous said...

Hi

I have installed sipxpbx-3.10.0-012064 on CentOS5 (Kernal 2.6.18-53.1.13.el5)

service sipxpbx status as below.

Checking watchdog: [ OK ]
Checking sipregistrar: [ OK ]
Checking sipxconfig: [Not Running]
Checking sipxpage: [ OK ]
Checking sipxpark: [ OK ]
Checking sipxpresence: [ OK ]
Checking sipXproxy: [ OK ]
Checking sipxrls: [ OK ]

service sipxpbx stop

/usr/bin/sipxconfig.sh --database drop
/usr/bin/sipxconfig.sh --setup
Initializing configuration database...

BUILD FAILED
/etc/sipxpbx/database/database.xml:429: org.postgresql.util.PSQLException: FATAL: Ident authentication failed for user "postgres"

Postgresql Vesion as below.
postgresql-8.1.11-1.el5_1.1


Do you know how to fix this problem ?

Isao

B. said...

Hi Ryan, I think I got a very minor trouble but I don't have any other idea ! Each time my call get through my SipX server, it stuck there. When I catch packet from my network, the reponse for the SIP first packet is "100 trying" ... Indefinitely. And what is weird, is that I receive a reponse from my exchange server, after I hang up the phone ... But SipX never send a packet to my Exchange server ...

Have you an idea !

B.

Ryan Newington said...

Hi B,

You would have to send me a copy of the SIP packet capture for me to be able to assist you.

ryan

Terry said...

/usr/bin/ssl-cert/gen-ssl-keys.sh

I get a command not found. I checked and the /usr/bin/ssl-cert directory isn't there?

Ryan Newington said...

Hi Terry,

I've had this problem before when one of the components didn't install. Were there any errors when you ran

yum -y install sipxpbx sipxconfig sipxproxy sipxregistry

Double check they installed ok. It could be a problem with the repo itself. If you get an error message about a package not being signed, edit the repo and change the line gpgcheck=1 to gpgcheck=0

nano /etc/yum.repso.d/sipxecs-stable-centos.repo

Ryan

burkhame said...

Hi Ryan,

I just ran across your site, & I think it is wonderful. Exactly, what us Exchange Guys need to help us understand how UM works, on a shoe string budget.

Anyway, my question is this.....
As of this post, the ISO's that are available are v3.10.1, v3.10.0. I'm assuming these will work as well. But these are "turnkey" systems, "An Appliance" if you will. All the network config is done during install.

Can I use the ISO's (v3.10.1) and apply your instructions with out having to mess with the Command-Line?

Any input you can provide, would be greatly appreciated.

Thanks,

- Marc

Anonymous said...

Fist of all, Thanks for great information.

I managed to get Sipx console, but i had to spent a day with 'unknown hostname error.

I found out hosts file might need to be modified properly on top of this great instruction.

Thanks again,
Charlie from Canada