Cisco Jabber for iPhone and iPad 9.6 Installation and … · Cisco Jabber for iPhone and iPad 9.6 Installation and Configuration Guide First Published: January13,2014 Americas Headquarters

Cisco Jabber for iPhone and iPad 9.6 Installation and ConfigurationGuideFirst Published: January 13, 2014

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 527-0883

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITEDWARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITHTHE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain versionof the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDINGANYOTHERWARRANTYHEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS"WITH ALL FAULTS.CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OFMERCHANTABILITY, FITNESS FORA PARTICULAR PURPOSEANDNONINFRINGEMENTORARISING FROMACOURSEOFDEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUTLIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERSHAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, networktopology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentionaland coincidental.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnershiprelationship between Cisco and any other company. (1110R)

© 2014 Cisco Systems, Inc. All rights reserved.

http://www.cisco.com/go/trademarks

http://www.cisco.com/go/trademarks

C O N T E N T S

C H A P T E R 1 Introduction 1

Documentation 1

Community Resources 1

C H A P T E R 2 Deployment Options 3

On-Premises Deployments 3

Product Modes 3

Full UC Diagrams 4

Diagram with Cisco Unified Presence 4

Diagram with Cisco Unified Communications IM and Presence 5

Cloud-Based Deployments 7

Cloud-Based Diagram 8

Hybrid Cloud-Based Diagram 9

How the Client Connects to Services 10

Recommended Connection Methods 10

Sources of Authentication 11

Initial Launch Sequence 11

How the Client Gets an Authenticator 12

Service Discovery 13

How the Client Locates Services 14

Client Issues HTTP Query 15

Cisco UDS SRV Record 16

CUP Login SRV Record 17

Manual Connection Settings 18

Manual Connection Settings for On-Premises Deployments 18

Manual Connection Settings for Cloud-Based Deployments 19

On-Premises Service Connections 20

Full UC and IM-Only Deployments 20

Cisco Jabber for iPhone and iPad 9.6 Installation and Configuration Guide iii

Presence Server Discovery 20

DNS SRV Records 21

Connect to Available Services 21

Cloud-Based Service Connections 21

Connect to Available Services 21

Single Sign-On (SSO) Deployments 22

Cloud-Based SSO 22

Cisco AnyConnect Deployments 23

Cisco AnyConnect Deployment Considerations 23

Application Profiles 24

Automate VPN Connection 25

Set Up Connect On-Demand VPN 25

Set Up Automatic VPN Access on Cisco Unified Communications Manager 26

Set Up Certificate-Based Authentication 28

Distribute Certificates with SCEP 28

Distribute Client Certificate with Mobileconfig File 29

Session Parameters 29

Set ASA Session Parameters 29

Group Policies and Profiles 30

Trusted Network Detection 31

Tunnel Policies 31

C H A P T E R 3 Plan for Installation 33

Device Requirements 33

Software Requirements 34

On-Premises Servers 34

Cloud-Based Servers 35

Directory Servers 36

Accessibility 36

Supported Codecs 36

Network Requirements 37

Ports and Protocols 38

Device COP File for Cisco Jabber for iPhone and iPad 39

Audio and Video Performance Reference 39

Bit Rates for Audio 40

Cisco Jabber for iPhone and iPad 9.6 Installation and Configuration Guideiv

Contents

Bit Rates for Video 40

Maximum Negotiated Bit Rate 40

Performance Expectations for Bandwidth 41

Video Rate Adaption 41

Quality of Service Configuration 41

Port Ranges on Cisco Unified Communications Manager 41

Cross-Launching the Client 42

C H A P T E R 4 Upgrade 43

Upgrade Scenarios 43

Upgrade Cisco Jabber Voice for iPhone by Adding Cisco Unified Presence 45

Upgrade Cisco Jabber Voice for iPhone by Adding Cisco Unified Communications Manager

IM and Presence 47

Upgrade Cisco Jabber Voice for iPhone by Adding Cisco WebEx 49

Upgrade Cisco Jabber Video for iPad on Cisco Unified Presence 49

Upgrade Cisco Jabber Video for iPad on Cisco Unified Communications Manager IM and

Presence 50

Upgrade Cisco Jabber Video for iPad on Cisco WebEx 51

Configuration Differences when Upgrading Cisco Jabber for iPhone and iPad 52

C H A P T E R 5 Set Up Servers 55

Server Setup Guide 55

C H A P T E R 6 Configure the Client 57

Introduction to Client Configuration 57

Configure Client on Cisco Unified Communications Manager 58

Set Parameters on Service Profile 58

Parameters in service profiles 59

Add UC Services 60

Create Service Profiles 61

Apply Service Profiles 62

Set Parameters on Phone Configuration 62

Parameters in Phone Configuration 62

Create and Host Client Configuration Files 63

Client Configuration Files 63

Cisco Jabber for iPhone and iPad 9.6 Installation and Configuration Guide v

Contents

Global Configuration Files 64

Configuration File Requirements 64

Specify Your TFTP Server Address 64

Specify Your TFTP Server on Cisco Unified Presence 65

Specify Your TFTP Server on Cisco Unified Communications Manager IM and

Presence 65

Specify TFTP Servers with the Cisco WebEx Administration Tool 66

Create Global Configurations 66

Host Configuration Files 67

Restart Your TFTP Server 67

Configuration File Structure 68

Group Elements 68

XML Structure 69

Example Configuration 69

Client Parameters 69

Policies Parameters 70

Common Policies 70

Cisco WebEx Policies 72

Service Credentials Parameters 72

Voicemail Parameters 73

C H A P T E R 7 Integrate with Directory Sources 75

Set Up Directory Synchronization and Authentication 75

Synchronize with the Directory Server 76

Enable Synchronization 76

Populate User ID and Directory URI 76

Specify an LDAP Attribute for the User ID 77

Specify an LDAP Attribute for the Directory URI 77

Perform Synchronization 78

Authenticate with the Directory Server 79

Contact Sources 79

Basic Directory Integration 79

Authentication with Contact Sources 80

Specify LDAP Directory Configuration on Cisco Unified Presence 81

Cisco Jabber for iPhone and iPad 9.6 Installation and Configuration Guidevi

Contents

Specify LDAP Directory Configuration on Cisco Unified Communications

Manager 82

Set Credentials in the Client Configuration 83

Use Anonymous Binds 84

Client Configuration for Directory Integration 84

Configure Directory Integration in a Service Profile 85

Directory Profile Parameters 85

Summary of Directory Integration Configuration Parameters 87

Attribute Mapping Parameters 88

Attributes on the Directory Server 89

Directory Connection Parameters 89

Directory Query Parameters 91

Base Filter Examples 93

Contact Photo Parameters 93

Contact Photo Retrieval with BDI 94

Contact Photo Formats and Dimensions 95

Contact Photo Formats 95

Contact Photo Dimensions 95

Contact Photo Adjustments 96

Directory Server Configuration Examples 97

Simple Authentication 97

Simple Authentication with SSL 97

OpenLDAP Integration 97

Anonymous Binds 97

Authenticated Binds 98

Federation 99

Interdomain Federation 99

Intradomain Federation 100

Configure Intradomain Federation 100

Intradomain Federation Example 100

C H A P T E R 8 Troubleshooting 103

Obtain Logs from Cisco Jabber 103

Obtain Logs from Cisco AnyConnect Secure Mobility Client 104

Troubleshooting Tips 104

Cisco Jabber for iPhone and iPad 9.6 Installation and Configuration Guide vii

Contents

Setup Issues 104

Cannot sign in Cisco Jabber when using Cisco Unified Presence server 104

Cisco Jabber Registration Fails 104

Device Icon Is Missing 105

Upgrade Issues 105

Directory Search Does Not Work After Upgrade 105

Device Issues 106

Cannot sign in Cisco Jabber when using Cisco Unified Presence server 106

Cannot Receive Calls in Cisco Jabber 106

Calls Incorrectly Sent to Voicemail 106

Cannot Move Calls from Mobile Network to Cisco Jabber 107

Cannot Send VoIP Calls to Mobile Device 107

Cannot Merge Audio for Calls 107

Cannot Start Video Conferences 107

Voice Quality Issues 108

Battery Drains Faster with Cisco Jabber 108

Search Issues 108

No Directory Search 108

Incorrect or Missing Caller Identification 109

Voicemail Issues 109

Cannot Connect to Voicemail Server 109

Voicemail Prompt is Truncated 109

Cisco AnyConnect Issues 110

Certificate Authentication Failure 110

SCEP Enrollment Failure 110

Issues Launching Cisco AnyConnect Secure Mobility Client 110

Dial via Office Issues 111

Dial via Office Calls End Unexpectedly 111

Dial via Office Calls Cannot Connect 111

Dial via Office Calls Placed From Voicemail or Alternate Number 111

Problems with DVO Callback 112

Cisco Jabber for iPhone and iPad 9.6 Installation and Configuration Guideviii

Contents

C H A P T E R 1Introduction

Cisco Jabber for iPhone and iPad is a unified communications client within the Cisco Jabber suite ofcollaboration software. This document contains the information you need to install and configure the client.

Find out more about Cisco Jabber at www.cisco.com/go/jabber.

• Documentation, page 1

• Community Resources, page 1

DocumentationCisco Jabber for iPhone and iPad provides the following documentation in addition to this guide:

Release Notes

http://www.cisco.com/en/US/products/ps13391/prod_release_notes_list.html

Server Setup Guide

http://www.cisco.com/en/US/products/ps13391/prod_installation_guides_list.html

End-User Guides

http://www.cisco.com/en/US/products/ps13391/products_user_guide_list.html

Licensing Information

http://www.cisco.com/en/US/products/ps13391/products_licensing_information_listing.html

Community ResourcesCisco provides different community resources where you can engage with support representatives or joinother community members in product discussions.

Cisco Jabber for iPhone and iPad 9.6 Installation and Configuration Guide 1

http://www.cisco.com/go/jabber




http://www.cisco.com/en/US/products/ps11678/products_licensing_information_listing.html

Cisco product conversation and sharing site

Join other community members in discussing features, functions, licensing, integration, architecture,challenges, and more. Share useful product resources and best practices.

https://communities.cisco.com/community/technology/collaboration/product

Cisco support community

Visit the Cisco support community for IT installation, implementation, and administrative questions.

https://supportforums.cisco.com/community/netpro/collaboration-voice-video/jabber

Cisco support and downloads

Find a wealth of product support resources, download application software, and find bugs based onproduct and version.

http://www.cisco.com/cisco/web/support/index.html

Cisco expert corner

Engage, collaborate, create, and share with Cisco experts. The Cisco expert corner is a collection ofresources that various experts contribute to the community, including videos, blogs, documents, andwebcasts.

https://supportforums.cisco.com/community/netpro/expert-corner

Cisco Jabber for iPhone and iPad 9.6 Installation and Configuration Guide2

IntroductionCommunity Resources

https://communities.cisco.com/community/technology/collaboration/product

https://supportforums.cisco.com/community/netpro/collaboration-voice-video/jabber

http://www.cisco.com/cisco/web/support/index.html

https://supportforums.cisco.com/community/netpro/expert-corner

C H A P T E R 2Deployment Options

Learn about options for deploying Cisco Jabber for iPhone and iPad.

• On-Premises Deployments, page 3

• Cloud-Based Deployments, page 7

• How the Client Connects to Services, page 10

• On-Premises Service Connections, page 20

• Cloud-Based Service Connections, page 21

• Single Sign-On (SSO) Deployments, page 22

• Cisco AnyConnect Deployments, page 23

On-Premises DeploymentsAn on-premises deployment is one in which you set up, manage, and maintain all services on your corporatenetwork.

Product ModesThe default product mode is one in which the user's primary authentication is to a presence server.

At a minimum, Cisco Jabber for iPhone and iPad users have instant messaging and presence capabilities.Users can also have audio and video, voicemail, and conferencing.

You can deploy the client in the following modes.

Full UC

To deploy full UC mode, you enable instant messaging and presence capabilities. You then provisionusers with devices for audio and video in addition to voicemail and conferencing capabilities.

IM-Only

To deploy IM-only mode, you enable instant messaging and presence capabilities. You do not provisionusers with devices.


Full UC DiagramsReview architecture diagrams for on-premises deployments with full UC capabilities.

Both full UC and IM-only deployments require a presence server as the user's primary authenticationsource. However, IM-only deployments require only instant messaging and presence capabilities. You donot need to provision users with devices in an IM-only deployment.

Remember

Diagram with Cisco Unified Presence

This topic refers to Cisco Unified Presence Release 8.6.

The following diagram illustrates the architecture of an on-premises deployment that includes Cisco UnifiedPresence:

Figure 1: On-Premises architecture

The following are the services available in an on-premises deployment:

Presence

Users can publish their availability and subscribe to other users' availability through Cisco UnifiedPresence.


Deployment OptionsFull UC Diagrams

Instant Messaging

Users send and receive instant messages through Cisco Unified Presence.

Audio Calls

Users place audio calls through mobile devices through Cisco Unified Communications Manager.

Video

Users place video calls through Cisco Unified Communications Manager.

Voicemail

Users send and receive voice messages through Cisco Unity Connection.

Conferencing

Integrate with one of the following:

Cisco WebEx Meeting Center

Provides hosted meeting capabilities.

Cisco WebEx Meetings Server

Provides on-premises meeting capabilities.

For information about contact sources in on-premises deployments, see the Contact Sources topic.

Related Topics

Contact Sources, on page 79

Diagram with Cisco Unified Communications IM and Presence

This topic refers to Cisco Unified Communications Manager IM and Presence Release 9.0 and later.

The following diagram illustrates the architecture of an on-premises deployment that includes Cisco UnifiedCommunications Manager IM and Presence:



Figure 2: On-Premises architecture

The following are the services available in an on-premises deployment:

Presence

Users can publish their availability and subscribe to other users' availability through Cisco UnifiedCommunications Manager IM and Presence.

Instant Messaging

Users send and receive instant messages through Cisco Unified Communications Manager IM andPresence.

Audio Calls


Video


Voicemail




Conferencing

Integrate with one of the following:

Cisco WebEx Meeting Center

Provides hosted meeting capabilities


Provides on-premises meeting capabilities

For information about contact sources in on-premises deployments, see the Contact Sources topic.

Related Topics

Contact Sources, on page 79

Cloud-Based DeploymentsA cloud-based deployment is one in which Cisco WebEx hosts services. You manage and monitor yourcloud-based deployment with the Cisco WebEx Administration Tool.


Deployment OptionsCloud-Based Deployments

Cloud-Based Diagram

The following diagram illustrates the architecture of a cloud-based deployment:

Figure 3: Cloud-based architecture

The following are the services available in a cloud-based deployment:

Contact Source

The Cisco WebEx Messenger service provides contact resolution.

Presence

The Cisco WebEx Messenger service lets users publish their availability and subscribe to other users'availability.

Instant Messaging

The Cisco WebEx Messenger service lets users send and receive instant messages.

Conferencing

Cisco WebEx Meeting Center provides hosted meeting capabilities.


Deployment OptionsCloud-Based Diagram

Hybrid Cloud-Based Diagram

The following diagram illustrates the architecture of a hybrid cloud-based deployment:

Figure 4: Hybrid cloud-based architecture

The following are the services available in a hybrid cloud-based deployment:

Contact Source

The Cisco WebEx Messenger service provides contact resolution.

Presence

The Cisco WebEx Messenger service lets users publish their availability and subscribe to other users'availability.

Instant Messaging

The Cisco WebEx Messenger service lets users send and receive instant messages.

Conferencing

Cisco WebEx Meeting Center provides hosted meeting capabilities.

Audio Calls


Video


Voicemail



Deployment OptionsHybrid Cloud-Based Diagram

How the Client Connects to ServicesTo connect to services, Cisco Jabber requires the following information:

• Source of authentication that enables users to sign in to the client.

• Location of services.

You can provide that information to the client with the following methods:

Service Discovery

The client automatically locates and connects to services.

Manual Connection Settings

Users manually enter connection settings in the client user interface.

Recommended Connection MethodsThe method you should use to provide the client with the information it needs to connect to services dependson your deployment type, server versions, and product modes.

On-Premises Deployments

Discovery MethodServer VersionsProduct Mode

A DNS SRV request against_cisco-uds .<domain>

Version 9 and higher:

• Cisco UnifiedCommunications Manager

• Cisco UnifiedCommunications ManagerIM and Presence

Full UC (Default Mode)

A DNS SRV request against_cuplogin.<domain>

Version 8.x:

• Cisco UnifiedCommunications Manager

• Cisco Unified Presence

Full UC (Default Mode)

A DNS SRV request against_cisco-uds .<domain>

Version 9 and higher:

CiscoUnified CommunicationsManager IM and Presence

IM Only (Default Mode)

A DNS SRV request against_cuplogin .<domain>

Version 8.x:

Cisco Unified Presence

IM Only (Default Mode)


Deployment OptionsHow the Client Connects to Services

Cisco Unified Communications Manager version 9 and higher can still discover full UnifiedCommunications and Instant Messaging only services using the _cuplogin DNS SRV request but a_cisco-uds request will take precedence if it is present.

Note

Hybrid Cloud-Based Deployments

Connection MethodServer Versions

HTTPS request againsthttp://loginp.webexconnect.com/cas/FederatedSSO?org=<domain>Cisco WebEx Messenger

Cloud-Based Deployments

Connection MethodDeployment Type

Cisco WebEx Administration ToolEnabled for single sign-on (SSO)

Cisco WebEx Administration ToolNot enabled for SSO

Sources of AuthenticationA source of authentication, or an authenticator, enables users to sign in to the client.

Possible sources of authentication, include the following:


On-premises deployments in either full UC or IM only.

Cisco WebEx Messenger Service

Cloud-based or hybrid cloud-based deployments.

Initial Launch SequenceOn the initial launch after installation, Cisco Jabber starts in the default product mode. The client then getsan authenticator and signs the user in. After sign in, the client determines the product mode.

The following diagram illustrates the initial launch sequence:


Deployment OptionsSources of Authentication

How the Client Gets an AuthenticatorCisco Jabber looks for an authenticator as follows:

1 Client checks cache for manual settings.

Users can manually enter authenticator through the client user interface.

2 Client checks cache to discover if the user's domain is a WebEx organization.

The client chooses WebEx as the authenticator.

3 Client makes a WebEx cloud service HTTP request to discover if the user's organization domain is aWebEx organization.

The client chooses WebEx as the authenticator.

4 Client checks cache for service discovery.

The client loads settings from previous queries for service (SRV) records.

5 Client queries for SRV records.

The client queries the DNS name server for SRV records to locate services.

If the client finds the _cisco-uds SRV record, it can get the authenticator from the service profile.

if the client cannot get an authenticator, it prompts the user to manually select the source of authentication inthe client user interface.


Deployment OptionsSources of Authentication

Service DiscoveryService discovery enables clients to automatically detect and locate services on your enterprise network.Clients query domain name servers to retrieve service (SRV) records that provide the location of servers.

The primary benefits to using service discovery are:

• Speeds time to deployment.

• Allows you to centrally manage server locations.

Migrating from Cisco Unified Presence 8.x to Cisco Unified Communications IM and Presence 9.0 orlater.

You must specify the Cisco Unified Presence server FQDN in the migrated UC service on Cisco UnifiedCommunications Manager. Open Cisco Unified Communications Manager Administration interface.Select User Management > User Settings > UC Service.

For UC services with type IM and Presence, when you migrate from Cisco Unified Presence 8.x to CiscoUnified Communications IM and Presence the Host Name/IP Address field is populated with a domainname and you must change this to the Cisco Unified Presence server FQDN.

Important

However, Cisco Jabber can retrieve different SRV records that indicate to the client different servers arepresent and different services are available. In this way, the client derives specific information about yourenvironment when it retrieves each SRV record.

The following table lists the SRV records you can deploy and explains the purpose and benefits of each record:


Deployment OptionsService Discovery

Why You DeployPurposeSRV Record

• Eliminates the need tospecify installationarguments.

• Lets you centrally manageconfiguration in UC serviceprofiles.

• Enables the client to discoverthe user's home cluster.

As a result, the client canautomatically get the user'sdevice configuration andregister the devices. You donot need to provision userswith CCMCIP profiles orTFTP server addresses.

• Supports mixed productmodes.

You can easily deploy userswith full UC or IM-onlymode capabilities.

Provides the location of CiscoUnified CommunicationsManagerversion 9.0 and higher.

The client can retrieve serviceprofiles from Cisco UnifiedCommunications Manager todetermine the authenticator.

_cisco-uds

• Supports deployments withCisco UnifiedCommunications Managerand Cisco Unified Presenceversion 8.x.

• Supports deployments whereall clusters have not yet beenupgraded to Cisco UnifiedCommunicationsManager 9.

Provides the location of CiscoUnified Presence.

Sets Cisco Unified Presence as theauthenticator.

_cuplogin

How the Client Locates ServicesThe following steps describe how the client locates services with SRV records:

1 Client's host computer or device gets a network connection.

When the client's host computer gets a network connection, it also gets the address of a DNS name serverfrom the DHCP settings.

2 User starts Cisco Jabber.

3 User inputs email-like address or through URL provisioning to discover the service on the welcome screenfor the first sign-in.



URL provisioning allows users to click a link to cross launch Jabber without manually inputting email-likeaddress for service discovery. The link will be sent by the administrator through email and contains thedomain information that Jabber needs for service discovery. The link will be like:ciscojabber://provision?servicesdomain=<domain_for_service_discovery>, e.g., cisco.com.

Note

4 The client gets the address of the DNS name server from the DHCP settings.

5 The client queries the name server for the following SRV records in order of priority:

• _cisco-uds

• _cuplogin

The client caches the results of the DNS query to load on subsequent launches.

The following are examples of SRV record entries:

•_cisco-uds._tcp.DOMAIN SRV service location:priority = 0weight = 0port = 8443svr hostname=192.168.0.25

•_cuplogin._tcp.DOMAIN SRV service location:priority = 0weight = 0port = 8443svr hostname=192.168.0.26

For information about deploying SRV records on your enterprise DNS structure, see the Cisco Jabber DNSConfiguration Guide. The Cisco Jabber DNS Configuration Guide provides detailed information about howthe client retrieves and uses SRV records and explains how to deploy SRV records on internal and externalDNS name servers.

Client Issues HTTP QueryIn addition to querying the name server for SRV records to locate available services, Cisco Jabbersends anHTTP query to the CAS URL for the Cisco WebEx Messenger service. This request enables the client todetermine cloud-based deployments and authenticate users to the Cisco WebEx Messenger service.

When the client gets a domain from the user, it appends that domain to the following HTTP query:http://loginp.webexconnect.com/cas/FederatedSSO?org=

For example, if the client gets example.com as the domain from the user, it issues the following query:http://loginp.webexconnect.com/cas/FederatedSSO?org=example.com

That query returns an XML response that the client uses to determine if the domain is a valid Cisco WebExdomain.

If the client determines the domain is a valid Cisco WebEx domain, it prompts users to enter their CiscoWebEx credentials. The client then authenticates to the Cisco WebEx Messenger service.

If the client determines the domain is not a valid Cisco WebEx domain, it uses the results of the query to thename server to locate available services.



The client will use any configured system proxies when sending the HTTP request to the CASURL. Proxysupport for this request has the following limitations :

Note

• Proxy Authentication is not supported.

•Wildcards in the bypass list are not supported. Use example.com instead of *.example.com forexample. instead of for example.

Cisco UDS SRV RecordIn deployments with Cisco Unified Communications Manager version 9 and higher, Cisco Jabber canautomatically discover services and configuration with the following SRV record: _cisco-uds.

The following image illustrates how the client uses the _cisco-uds SRV record:

1 The client queries the domain name server for SRV records.

2 The name server returns the _cisco-uds SRV record.

3 The client locates the user's home cluster.

As a result of automatically locating the user's home cluster, the client can retrieve the device configurationfor the user and automatically register telephony services.



In an environment with multiple Cisco Unified Communications Manager clusters, you must configurethe Intercluster Lookup Service (ILS). ILS enables the client to find the user's home cluster.

See the appropriate version of the Cisco Unified Communications Manager Features and Services Guideto learn how to configure ILS.

Note

4 The client retrieves the user's service profile.

The user's service profile contains the addresses and settings for UC services and client configuration.

The client also determines the authenticator from the service profile.

5 The client signs the user in to the authenticator.

CUP Login SRV RecordCisco Jabber can automatically discover and connect to Cisco Unified Presence or Cisco UnifiedCommunications Manager IM and Presence with the following SRV record: _cuplogin.

The following image illustrates how the client uses the _cuplogin SRV record:

1 The client queries the domain name server for SRV records.

2 The name server returns the _cuplogin SRV record.

As a result, Cisco Jabber can locate the presence server and determine that Cisco Unified Presence is theauthenticator.

3 The client prompts the user for credentials and authenticates to the presence server.

4 The client retrieves service profiles from the presence server.



The _cuplogin SRV record also sets the default server address on theManual setup and sign in screen.Note

Manual Connection SettingsWhen you launch Cisco Jabber, you can specify the authenticator and server addresses in theManual setupand sign in screen. The client then caches the server addresses to the local application configuration that itloads on subsequent launches.

Cisco Jabber prompts users to enter settings in theManual setup and sign in screen on the initial launch asfollows:

On-Premises with Cisco Unified Communications Manager Version 9.x and Higher

If the client cannot get the authenticator and server addresses from the service profile.

Cloud-Based or On-Premises with Cisco Unified Communications Manager Version 8.x

The client prompts users to enter server addresses in theManual setup and sign in screen if you donot set server addresses with SRV records.

Settings that you enter in theManual setup and sign in screen take priority over any other sources includingSRV records.

Manual Connection Settings for On-Premises DeploymentsUsers can set Cisco Unified Presence or Cisco Unified Communications Manager IM and Presence as theauthenticator and specify the server address in theManual setup and sign in screen.

You can automatically set the default server address with the _cuplogin SRV record.Remember

The following diagram illustrates how the client uses manual connection settings in on-premises deployments:


Deployment OptionsManual Connection Settings

1 Users manually enter connection settings in theManual setup and sign in screen.

2 The client authenticates to Cisco Unified Presence or Cisco Unified Communications Manager IM andPresence.

3 The client retrieves service profiles from the presence server.

Manual Connection Settings for Cloud-Based DeploymentsUsers can set the Cisco WebEx Messenger service as the authenticator and specify the CAS URL for loginin theManual setup and sign in screen.

The following diagram illustrates how the client uses manual connection settings in cloud-based deployments:

1 Users manually enter connection settings in theManual setup and sign in screen.


Deployment OptionsManual Connection Settings

2 The client authenticates to the Cisco WebEx Messenger service.

3 The client retrieves configuration and services.

On-Premises Service ConnectionsLearn how the client can discover and connect to services in on-premises deployments.

Full UC and IM-Only DeploymentsBy default, the client connects to the presence server to authenticate users and retrieve service profiles. Theclient can automatically discover the presence server.

Presence Server DiscoveryThe client supports automatic server discovery using DNS SRV. The client can automatically discover eitherCisco Unified Presence or Cisco Unified Communications Manager IM and Presence if the user does notspecify the presence server address during sign in.

To discover the presence server, the client must first determine the domain. The client gathers this informationfrom users, who must enter their username and domain when they sign in to the client.

After the client finds the domain, it gets the presence server address from the Domain Name Server (DNS).

When the client gets the presence server address, it connects to the presence server and then caches the addressof the presence server.

If a redirect occurs to another server in the cluster, the client caches the address of the presence server to whichit connects, not the address of the server before the redirect.


Deployment OptionsOn-Premises Service Connections

DNS SRV RecordsThe client retrieves the _cuplogin._tcp SRV record from the Domain Name Server (DNS) to lookup eitherCisco Unified Presence or Cisco Unified Communications Manager IM and Presence.

Notes:

• You must add this SRV record to the DNS server on the presence server domain.

• The client uses port 8443 to connect to Cisco Unified Presence or Cisco Unified CommunicationsManager IM and Presence.

• The client supports weight and priority in SRV records.

The following is an example SRV record:_cuplogin._tcp.domain SRV 0 1 8443 cup_server.domain

Connect to Available ServicesIf you use Cisco Unified Communications Manager IM and Presence Version 9 or later or Cisco UnifiedCommunications Manager Version 9 or later, you can set up service profiles.

After the client retrieves the service profiles, it connects to available services.

• If the profile contains conferencing settings, the client connects to the conferencing service.

• If the profile contains voicemail settings, the client connects to the voicemail service.

• If the profile contains settings for Cisco Unified CommunicationsManager, the following actions occur:

◦The client retrieves the device list for the user.

◦The client retrieves the client configuration from the TFTP server.

◦The client registers with Cisco Unified Communications Manager.

Cloud-Based Service ConnectionsLearn how the client can discover and connect to services in cloud-based deployments.

Connect to Available ServicesAfter the client connects to the Cisco WebEx Messenger service, users get instant messaging and presencecapabilities and contact resolution. Users can also get conferencing capabilities if you enable hostedconferencing with Cisco WebEx Meeting Center.

In hybrid cloud-based deployments, the client gets the connection details for on-premises services. You specifythe connection details with the Cisco WebEx Administration Tool.

• If the deployment includes Cisco Unity Connection, the client connects to the voicemail service.

• If the deployment includes Cisco Unified Communications Manager, the following actions occur:


Deployment OptionsConnect to Available Services

◦The client retrieves the device list for the user.

◦The client retrieves the client configuration from the TFTP server.

◦The client registers with Cisco Unified Communications Manager.

Single Sign-On (SSO) DeploymentsYou can enable single sign-on (SSO) in certain deployment scenarios.

Learn what SSO capabilities are available and review login flows to understand how client authenticationworks in an SSO deployment.

Cloud-Based SSOIn cloud-based deployments, the client supports SSO with the Cisco WebEx Messenger service.

The following steps describe the login flow for cloud-based SSO after users start the client:

1 The client sends a login request to the Cisco WebEx Messenger service.

2 The Cisco WebEx Messenger service redirects the client to the domain where your identity providerresides.

3 The client follows the redirect and requests a login token from the identity provider.

4 The identity provider gives a login token to the client.

5 The client passes that login token to the Cisco WebEx Messenger service.

As a result, the client authenticates with the Cisco WebEx Messenger service.

The following diagram illustrates the login flow for cloud-based SSO:


Deployment OptionsSingle Sign-On (SSO) Deployments

Cisco AnyConnect DeploymentsCisco AnyConnect refers to a server-client infrastructure that enables the client to connect securely to yourcorporate network from remote locations such as Wi-Fi networks or mobile data networks.

The Cisco AnyConnect environment includes the following components:

Cisco Adaptive Security Appliance

Provides a service to secure remote access.

Cisco AnyConnect Secure Mobility Client

Establishes a secure connection to Cisco Adaptive Security Appliance from the user's device.

For information about requirements for Cisco Adaptive Security Appliance and Cisco AnyConnect SecureMobility Client, see the Software Requirements topic.

Related Topics

Software Requirements, on page 34

Cisco AnyConnect Deployment ConsiderationsCisco Adaptive Security Appliance provides a flexible architecture that can meet the needs of many differentdeployments. It is beyond the scope of this document to provide end-to-end deployment procedures. Rather,the purpose of this section is to provide information that you should consider when deploying Cisco AdaptiveSecurity Appliance and Cisco AnyConnect Secure Mobility Client for Cisco Jabber for iPhone and iPad .

You should refer to the configuration guides for Cisco Adaptive Security Appliance to obtain task-basedinformation on installing and configuring Cisco Adaptive Security Appliance.


Deployment OptionsCisco AnyConnect Deployments

Cisco supports Cisco Jabber for iPhone and iPad withCisco AnyConnect SecureMobility Client . Althoughother VPN clients are not officially supported, you may be able to use Cisco Jabber for iPhone and iPadwith other VPN clients. If you use another VPN client, set up VPN as follows:

Note

1 Install and configure the VPN client using the relevant third-party documentation.

2 Set up On-DemandVPN using the Set Up Automatic VPNAccess on the Cisco Unified CommunicationsManager topic.

Related Topics

Configuration Guides for Cisco ASA 5500 Series Adaptive Security AppliancesSet Up Automatic VPN Access on Cisco Unified Communications Manager, on page 26

Application ProfilesAfter users download the Cisco AnyConnect Secure Mobility Client to their device, the ASA must provisiona configuration profile to the application.

The configuration profile for the Cisco AnyConnect Secure Mobility Client includes VPN policy informationsuch as the company ASA VPN gateways, the connection protocol (IPSec or SSL), and on-demand policies.

You can provision application profiles for Cisco Jabber for iPhone and iPad in one of the following ways:

ASDM

Cisco recommends that you use the profile editor on the ASA Device Manager (ASDM) to define theVPN profile for the Cisco AnyConnect Secure Mobility Client.

When you use this method, the VPN profile is automatically downloaded to the Cisco AnyConnectSecure Mobility Client after the client establishes the VPN connection for the first time. You can usethis method for all devices and OS types, and you can manage the VPN profile centrally on the ASA.

Formore information, see theCreating and Editing an AnyConnect Profile topic of theCisco AnyConnectSecure Mobility Client Administrator Guide for your release.

iPCU

You can provision iOS devices using an Apple configuration profile that you create with the iPhoneConfiguration Utility (iPCU). Apple configuration profiles are XML files that contain information suchas device security policies, VPN configuration information, and Wi-Fi, mail, and calendar settings.

The high-level procedure is as follows:

1 Use iPCU to create an Apple configuration profile.

For more information, see the iPCU documentation.

2 Export the XML profile as a .mobileconfig file.

3 Email the .mobileconfig file to users.

After a user opens the file, it installs the AnyConnect VPN profile and the other profile settings tothe client application.


Deployment OptionsCisco AnyConnect Deployment Considerations

http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.html

MDM

You can provision iOS devices using an Apple configuration profile that you create with third-partyMobile DeviceManagement (MDM) software. Apple configuration profiles are XML files that containinformation such as device security policies, VPN configuration information, and Wi-Fi, mail, andcalendar settings.

The high-level procedure is as follows:

1 Use MDM to create the Apple configuration profiles.

For information on using MDM, see the Apple documentation.

2 Push the Apple configuration profiles to the registered devices.

Related Topics

Cisco AnyConnect Secure Mobility Client Administrator Guides

Automate VPN ConnectionWhen users open Cisco Jabber from outside the corporateWi-Fi network, Cisco Jabber needs a VPN connectionto access the Cisco UC application servers. You can set up the system to allow Cisco AnyConnect SecureMobility Client to automatically establish a VPN connection in the background, which helps ensure a seamlessuser experience.

Set Up Connect On-Demand VPN

The Apple iOS Connect On Demand feature enhances the user experience by automating the VPN connectionbased on the user's domain.

When the user is inside the corporate Wi-Fi network, Cisco Jabber can reach the Cisco UC infrastructuredirectly. When the user leaves the corporate Wi-Fi network, Cisco AnyConnect automatically detects if it isconnected to a domain that you specify in the AnyConnect client profile. If so, the application initiates theVPN to ensure connectivity to the UC infrastructure. All applications on the device including Cisco Jabbercan take advantage of this feature.

Connect On Demand supports only certificate-authenticated connections.Note

The following options are available with this feature:

• Connect If Needed: Apple iOS attempts to initiate a VPN connection to the domains in the list only ifit cannot resolve the address using DNS.

• Never Connect: Apple iOS never attempts to initiate a VPN connection to domains in this list.




Apple plans to remove the Always Connect option in the near future. After the Always Connect option isremoved, users can select the Connect If Needed option. In some cases, Cisco Jabber users may haveissues when using the Connect If Needed option. For example, if the hostname for the Cisco UnifiedCommunications Manager is resolvable outside the corporate network, iOS will not trigger a VPNconnection. The user can work around this issue bymanually launching Cisco AnyConnect SecureMobilityClient before making a call.

Attention

Procedure

Step 1 Use the ASDM profile editor, iPCU, or MDM software to open the AnyConnect client profile.Step 2 In the AnyConnect client profile, under the Connect if Needed section, enter your list of on-demand domains.

The domain list can include wild-card options (for example, cucm.cisco.com, cisco.com, and *.webex.com).

Set Up Automatic VPN Access on Cisco Unified Communications Manager

Before You Begin

• The mobile device must be set up for on-demand access to VPN with certificate-based authentication.For assistance with setting up VPN access, contact the providers of your VPN client and head end.

• For requirements for Cisco AnyConnect SecureMobility Client and Cisco Adaptive Security Appliance,see the Software Requirements topic.

• For information about setting up Cisco AnyConnect, see the Cisco AnyConnect VPN Client Maintainand Operate Guides.

Procedure

Step 1 Identify a URL that will cause the client to launch VPN on Demand.a) Use one of the following methods to identify a URL that will cause the client to launch VPN on Demand.

Connect if Needed

• Configure Cisco Unified Communications Manager to be accessed through a domain name(not an IP address) and ensure that this domain name is not resolvable outside the firewall.

• Include this domain in the “Connect If Needed” list in the Connect On Demand Domain Listof the Cisco AnyConnect client connection.



Always Connect

• Set the parameter in step 4 to a nonexistent domain. A nonexistent domain causes a DNS queryto fail when the user is inside or outside the firewall.

• Include this domain to the “Always Connect” list in the Connect On Demand Domain List ofthe Cisco AnyConnect client connection.

The URLmust include only the domain name. Do not include a protocol or a path (for example,use “cm8ondemand.company.com” instead of “https://cm8ondemand.company.com/vpn”.

b) Enter the URL in Cisco AnyConnect and verify that a DNS query on this domain fails.

Step 2 Open the Cisco Unified CM Administration interface.Step 3 Navigate to the TCT/TAB device page for the user.Step 4 In the Product Specific Configuration Layout section, in theOn-Demand VPN URL field, enter the URL

that you identified and used in Cisco AnyConnect in step 1.The URL must be a domain name only, without a protocol or path.

Step 5 Select Save.When Cisco Jabber opens, it initiates a DNS query to the URL (for example, ccm-sjc-111.cisco.com). If thisURL matches the On-Demand domain list entry that you defined in this procedure (for example, cisco.com),Cisco Jabber indirectly initiates the AnyConnect VPN connection.

What to Do Next

• Test this feature.

◦Enter this URL into the Internet browser on the iOS device and verify that VPN launchesautomatically. You should see a VPN icon in the status bar.

◦Verify that the iOS device can connect to the corporate network using VPN. For example, accessa web page on your corporate intranet. If the iOS device cannot connect, contact the provider ofyour VPN technology.

◦Verify with your IT department that your VPN does not restrict access to certain types of traffic(for example, if the administrator set the system to allow only email and calendaring traffic).

• Verify that you set up the client to connect directly to the corporate network.

Related Topics

Cisco AnyConnect VPN Client Maintain and Operate GuidesSoftware Requirements, on page 34iOS: Supported protocols for VPNiPhone User GuideiPad User GuideGeneral information about iPhoneGeneral information about iPad



http://www.cisco.com/en/US/products/sw/voicesw/ps8411/prod_maintenance_guides_list.html

http://support.apple.com/kb/HT1288

http://support.apple.com/manuals/iphone

http://support.apple.com/manuals/ipad

http://www.apple.com/support/iphone/enterprise/

http://www.apple.com/support/ipad/enterprise/

Set Up Certificate-Based AuthenticationCisco recommends that you use certificate-based authentication for negotiating a secure connection to CiscoAdaptive Security Appliance from Cisco AnyConnect Secure Mobility Client.

ASA supports certificates issued by standard Certificate Authority (CA) servers such as Cisco IOS CA,Microsoft Windows 2003, Windows 2008R2, Entrust, VeriSign, and RSA Keon. This topic gives you a,high-level procedure for setting up ASA for certificate-based authentication. See the Configuring DigitalCertificates topic in the appropriate ASA configuration guide for step-by-step instructions.

Procedure

Step 1 Import a root certificate from the CA to the ASA.Step 2 Generate an identity certificate for the ASA.Step 3 Use the ASA identity certificate for SSL authentication.Step 4 Configure a Certificate Revocation List (CRL) or an Online Certificate Status Protocol (OCSP).Step 5 Configure the ASA to request client certificates for authentication.

What to Do Next

After you set up certificate-based authentication on ASA, you must distribute certificates to your users. Youcan use one of the following methods:

• Distribute Certificates with SCEP

• Distribute Client Certificate with Mobileconfig File

Related Topics

Configuring Digital Certificates: Cisco ASA 5500 Series Configuration Guide using the CLI, 8.4 and 8.6

Distribute Certificates with SCEP

You can use Simple Certificate Enrollment Protocol (SCEP) on Microsoft Windows Server to securely issueand renew certificates for client authentication.

To distribute certificates with SCEP, you must install the SCEP module on Microsoft Windows Server. Seethe following topics for more information:

• ASA 8.X: AnyConnect SCEP Enrollment Configuration Example

• Simple Certificate Enrollment Protocol (SCEP) Add-on for Certificate Services

Related Topics

ASA 8.X: AnyConnect SCEP Enrollment Configuration ExampleSimple Certificate Enrollment Protocol (SCEP) Add-on for Certificate Services



http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_certs.html

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b25dc1.shtml

http://www.microsoft.com/en-us/download/details.aspx?id=2178

Distribute Client Certificate with Mobileconfig File

Use this procedure to create a mobile configuration file that includes a certificate. You can use this file todistribute the certificate to users.

Procedure

Step 1 Use the iPCU software to create a mobileconfig file and include the certificate (.pfx) file.Step 2 Forward the mobileconfig file to the user.Step 3 Use the Cisco ISE native supplicant provisioning process to distribute user certificates.Step 4 Use the Enterprise MDM software to provision and publish certificates to registered devices.

Session ParametersYou can configure ASA session parameters to improve performance for secure connections. For the best userexperience, you should configure the following ASA session parameters:

Datagram Transport Layer Security (DTLS)

DTLS is an SSL protocol that provides a data path that prevents latency and data loss.

Auto Reconnect

Auto reconnect, or session persistence, lets Cisco AnyConnect Secure Mobility Client recover fromsession disruptions and re-establish sessions.

Session Persistence

This parameter allows the VPN session to recover from service disruptions and re-establish theconnection.

Idle Timeout

Idle timeout defines a period of time after which ASA terminates secure connections, if nocommunication activity occurs.

Dead-Peer Detection (DTD)

DTD ensures that ASA and Cisco AnyConnect Secure Mobility Client can quickly detect failedconnections.

Set ASA Session Parameters

Cisco recommends that you set up the ASA session parameters as follows to optimize the end user experiencefor Cisco AnyConnect Secure Mobility Client.



Procedure

Step 1 Set up Cisco AnyConnect to use DTLS.For more information, see the Enabling Datagram Transport Layer Security (DTLS) with AnyConnect (SSL)Connections topic in the Configuring AnyConnect Features Using ASDM chapter of the Cisco AnyConnectVPN Client Administrator Guide, Version 2.0.

Step 2 Set up session persistence (auto-reconnect).a) Use ASDM to open the VPN client profile.b) Set the Auto Reconnect Behavior parameter to Reconnect After Resume.For more information, see the Configuring Auto Reconnect topic in the Configuring AnyConnect Featureschapter (Release 2.5) or Configuring VPN Access chapter (Releases 3.0 or 3.1) of the Cisco AnyConnectSecure Mobility Client Administrator Guide for your release.

Step 3 Set the idle timeout value.a) Create a group policy that is specific to Cisco Jabber clients.b) Set the idle timeout value to 30 minutes.For more information, see the vpn-idle-timeout section of the Cisco ASA 5580 Adaptive Security ApplianceCommand Reference for your release

Step 4 Set up Dead Peer Detection (DPD).a) Disable server-side DPD.b) Enable client-side DPD.For more information, see the Enabling and Adjusting Dead Peer Detection topic of the Configuring VPNchapter of the Cisco ASA 5500 Series Configuration Guide using the CLI, 8.4 and 8.6.

Related Topics

Cisco AnyConnect VPN Client Administrator Guide, Version 2.0Cisco AnyConnect Secure Mobility Client Administrator GuideCisco ASA 5580 Adaptive Security Appliance Command ReferenceCisco ASA 5500 Series Configuration Guide using the CLI, 8.4 and 8.6

Group Policies and ProfilesYou should use the ASA Device Manager (ASDM) to create group policies, client profiles, and connectionprofiles. Create your group policies first and then apply those policies to the profiles. Using the ASDM tocreate profiles ensures that Cisco AnyConnect SecureMobility Client downloads the profiles after it establishesa connection to ASA for the first time. The ASDM also lets you manage and maintain your policies andprofiles in a central location.

See the Cisco AnyConnect Secure Mobility Client Administrator Guide for instructions on creating policiesand profiles with the ASDM.

Related Topics

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.1



http://www.cisco.com/en/US/products/ps10884/prod_maintenance_guides_list.html


http://www.cisco.com/en/US/products/ps6120/prod_command_reference_list.html


http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31.html

Configuring Tunnel Groups, Group Policies, and Users: Cisco ASA 5500 Series Configuration Guideusing the CLI, 8.4 and 8.6

Trusted Network Detection

Trusted Network Detection is a feature that automates secure connections based on user location. When usersleave the corporate network, Cisco AnyConnect SecureMobility Client automatically detects that it is outsidethe trusted network and then initiates secure access.

You configure Trusted Network Detection on ASA as part of the client profile. For more information, see theTrusted Network Detection topic in the Cisco AnyConnect Secure Mobility Client Administrator Guide foryour release.

Related Topics

Trusted Network Detection: Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.1

Tunnel Policies

Tunnel policies configure howCiscoAnyConnect SecureMobility Client directs traffic over a secure connectionand include the following:

Full Tunnel Policy

Lets you send all traffic over the secure connection to the ASA gateway.

Split Include Policy with Network ACL

Enables you to restrict secure connections based on destination IP addresses. For example, in anon-premises deployment, you can specify the IP addresses for Cisco Unified CommunicationsManager,Cisco Unified Presence, your TFTP server, and other servers to restrict the secure connection only toyour client's traffic.

Split Exclude Policy

Allows you to exclude certain traffic from the secure connection. You can allow client traffic over thesecure connection and then exclude traffic from specific destination subnets.

Related Topics

Configuring Tunnel Groups, Group Policies, and Users: Cisco ASA 5500 Series Configuration Guideusing the CLI, 8.4 and 8.6



http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_groups.html


http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac03vpn.html#wp1059922





C H A P T E R 3Plan for Installation

• Device Requirements, page 33

• Software Requirements, page 34

• Supported Codecs, page 36

• Network Requirements, page 37

• Device COP File for Cisco Jabber for iPhone and iPad, page 39

• Audio and Video Performance Reference, page 39

• Quality of Service Configuration, page 41

• Cross-Launching the Client, page 42

Device RequirementsDevice Support

Cisco Jabber for iPhone and iPad is available from the Apple App Store.

Cisco supports Cisco Jabber for iPhone and iPad on the following iOS devices:

• iPhone model 4, 4S, 5, 5C, and 5S

• iPad second, third, fourth generation, iPad mini with Retina display, and iPad Air

The device must be able to access the corporate network using Wi-Fi or VPN.

Device Operating System Support

iOS support: iOS 7

Bluetooth Headset Support

iPhone: supported (optional)

iPad: Supported (optional)


Software RequirementsFor a successful deployment, you must ensure that your environment meets the Cisco Jabber for iPhone andiPad software requirements.

On-Premises ServersCisco Jabber for iPhone and iPad supports the following on-premises servers:

Cisco Unified Communications Manager

• Cisco Unified Communications Manager Release 8.6(2)

• Cisco Unified Communications Manager Release 9.1(2)

• Cisco Unified Communications Manager Release 10.0

The DVO-R feature is only available on iPhone and it requires:Important

• Cisco Jabber for iPhone and iPad client, Release 9.6


• Cisco Unified Presence Release 8.6

Cisco Unified Communications Manager IM and Presence

Cisco Unified Communications Manager IM and Presence is formerly known as Cisco Unified Presence.Note

• Cisco Unified Communications Manager IM and Presence Release 9.1

• Cisco Unified Communications Manager IM and Presence Release 10.0

Cisco Unity Connection

• Cisco Unity Connection Release 8.5 or later


Cisco WebEx Meetings Server version 1.5 or later


Plan for InstallationSoftware Requirements

Cisco Adaptive Security Appliance (Optional)

VPN On Demand (Optional)

The Apple iOS On-Demand VPN feature requires certificate-only authentication. If you set up the a(ASA) without certificate-only authentication, the user must manually initiate the AnyConnect VPNconnection as needed.

The iOS device must be able to access the corporate network, servers, and telephony endpoints usinga VPN client, such as Cisco AnyConnect Secure Mobility Client.

Cisco AnyConnect Secure Mobility Client Integration (Optional)

• iOS devices must run Cisco AnyConnect Secure Mobility Client Version 3.0.09115, which isavailable from the Apple App Store

• Cisco ASA 5500 Series Adaptive Security Appliance (ASA) Version 8.4(1) or later

• Cisco Adaptive Security Device Manager (ASDM) Version 6.4 or later

• ASA license requirements: Use one of the following combinations:

• AnyConnect Essentials and AnyConnect Mobile licenses

• AnyConnect Premium and AnyConnect Mobile licenses

For more information about Cisco AnyConnect license requirements, seeVPNLicense and FeatureCompatibility.

• Certificate Authority (CA) if using certificate-based authentication: Cisco IOS Certificate Server,Cisco IOS Certificate Server or Microsoft Windows Server 2003 Enterprise Certificate Authority

Related Topics

Cisco Unified Communications Manager Maintain and Operate GuidesVPN License and Feature Compatibility

Cloud-Based ServersCisco Jabber for iPhone and iPad supports the following cloud-based servers:

• Cisco WebEx Messenger Release 7.5 or later

• Cisco WebEx Administration Tool Release 7.5

• Cisco WebEx Meeting Center as follows:

◦Version T26L with Service Pack 20

◦Version T27L with Service Pack 9


Plan for InstallationCloud-Based Servers

http://www.cisco.com/en/US/docs/voice_ip_comm/cusrst/admin/sccp_sip_srst/configuration/guide/SCCP_and_SIP_SRST_Admin_Guide.html

http://www.cisco.com/en/US/docs/security/asa/asa84/license/license_management/license.html#wp1487561

Directory ServersYou can use the following directory servers with Cisco Jabber for iPhone and iPad.

CiscoUnified CommunicationsManager User Data Services (UDS) is not supported for directory integrationin this release.

Note

LDAP

Use one of the following sources for Lightweight Directory Access Protocol (LDAP):

• Microsoft Active Directory 2008

• Microsoft Active Directory 2003

• OpenLDAP 2.4

Cloud-based

Cisco WebEx Messenger Contact Service

Accessibility

Screen Readers

Cisco Jabber for iPhone and iPad is compatible with the VoiceOver screen reader. Users who require screenreaders should always use the most recent version to ensure the best possible user experience.

Assistive Touch

You can navigate Cisco Jabber for iPhone and iPad using Assistive Touch.

Supported CodecsSupported Audio Codecs

• G.711

• G.729a

• G.722.1

Minimum requirement for low-bandwidth availability: G.729a.

Users can turn Low Bandwidth mode on and off in the client settings if they experience voice quality issues.

Normal mode supports G.711 and G.729a.

Low Bandwidth mode supports G.729a only.


Plan for InstallationDirectory Servers

Supported Video Codecs

H.264/AVC

Supported Voicemail Codecs

• PCM linear

• G.711 mu-law (default)

• G.711 a-law

• GSM 6.10

Cisco does not support visual voicemail with G.729. However, users can access their voice messagesusing G.729 and the Call Voicemail feature.

Note

Network RequirementsIf you deploy Phone Services, the mobile device must be able to connect to the corporate network usingvoice-ready Wi-Fi.

For optimal user experience when using Cisco Jabber over your corporate Wi-Fi network, Cisco recommendsthat you:

• Design your Wi-Fi network to eliminate gaps in coverage as much as possible, including in areas suchas elevators, stairways, and outside corridors.

• Ensure that all access points assign the same IP address to the mobile device. Calls are dropped if theIP address changes during the call.

• Ensure that all access points have the same SSID. Hand-off may be much slower if the SSIDs do notmatch.

• Ensure that all access points broadcast their SSID. If the access points do not broadcast their SSID, themobile device may prompt the user to join another Wi-Fi network, which interrupts the call.

Conduct a thorough site survey tominimize network problems that could affect voice quality. Cisco recommendsthat you:

• Verify nonoverlapping channel configurations, access point coverage, and required data and traffic rates.

• Eliminate rogue access points.

• Identify and mitigate the impact of potential interference sources.

For more information, see:

• The “VoWLAN Design Recommendations” section in the Enterprise Mobility 4.1 Design Guide.

• The Cisco Unified Wireless IP Phone 7925G Deployment Guide.

• The Capacity Coverage & Deployment Considerations for IEEE 802.11g white paper.


Plan for InstallationNetwork Requirements

• The Solutions Reference Network Design (SRND) for your Cisco Unified Communications Managerrelease.

Bluetooth use can cause voice quality and connectivity issues.

If users connect to the network remotely, the mobile device must be able to connect to the corporate networkusing a solid, high-bandwidth VPN connection. Video and audio quality is dependent on connection qualityand cannot be guaranteed.

Related Topics

Enterprise Mobility 4.1 Design GuideCisco Unified Wireless IP Phone 7925G Deployment GuideCapacity Coverage and Deployment Considerations for IEEE 802.11gSolutions Reference Network Design (SRND)

Ports and ProtocolsThe client uses the ports and protocols listed in the following table. If you plan to deploy a firewall betweenthe client and a server, you must configure the firewall to allow these ports and protocols.

There are no TCP/IP services enabled in the client.Note

DescriptionProtocolPort

Inbound

Receives Real-Time Transport Protocol (RTP)media streamsfor audio and video. You set these ports in Cisco UnifiedCommunications Manager.

UDP16384 to 32766

Outbound

Connects to the Trivial File Transfer Protocol (TFTP) server.UDP69

Connects to the TFTP server to download clientconfiguration files.

HTTP6970

Connects to services such as Cisco WebEx Meeting Centerfor meetings or Cisco Unity Connection for voicemail.

TCP(HTTP)

80

Connects to an LDAP directory service.UDP / TCP389

Connects to a Global Catalog server for contact searches.TCP3268

Connects to services such as such as Cisco WebEx MeetingCenter for meetings or Cisco Unity Connection forvoicemail.

TCP

(HTTPS)

443

Connects securely to an LDAP directory service.LDAPS636

Connects securely to the Global Catalog server.LDAPS3269

Provides Session Initiation Protocol (SIP) call signaling.TCP5060


Plan for InstallationPorts and Protocols

http://www.cisco.com/en/US/netsol/ns820/networking_solutions_design_guidances_list.html

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_white_paper09186a00801d61a3.shtml

http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_implementation_design_guides_list.html

DescriptionProtocolPort

Provides secure SIP call signaling.TCP5061

Connects to Cisco Unified Presence or Cisco UnifiedCommunications Manager IM and Presence for instantmessaging and presence.

TCP

(XMPP)

5222

XMPP federation.XMPP5269

Connects to the local port to provide Simple Object AccessProtocol (SOAP) web services.

TCP8191

8443 is the port for web access to Cisco UnifiedCommunications Manager and includes connections for thefollowing:

• Cisco Unified Communications Manager IP Phone(CCMCIP) server for assigned devices.

• User Data Service (UDS) for contact resolution.

HTTPS8443

Sends RTP media streams for audio and video.UDP16384 to 32766

Provides hostname resolution.DNS53

Issues Locally Significant Certificates (LSC) to IP phones.This is the listening port for Cisco Unified CommunicationsManager Certificate Authority Proxy Function (CAPF)enrollment.

TCP3804

Device COP File for Cisco Jabber for iPhone and iPadThe device COP file adds the TCT/TAB device type to Cisco Unified Communications Manager . To obtainthe device COP file, do the following:

1 Go to the software download site: http://www.cisco.com/go/jabber_iphone_cop..

2 Locate cmterm-iphone-install-130917.cop.sgn for TCT device andcmterm-jabberipad-130917.cop.sgn for TAB device..

3 Download the file.

Audio and Video Performance ReferenceLearn about audio and video performance for Cisco Jabber for iPhone and iPad.


Plan for InstallationDevice COP File for Cisco Jabber for iPhone and iPad

http://www.cisco.com/go/jabber_iphone_cop

The following data is based on testing in a lab environment. This data is intended to provide an idea ofwhat you can expect in terms of bandwidth usage. The content in this topic is not intended to be exhaustiveor to reflect all media scenarios that might affect bandwidth usage.

Attention

Bit Rates for AudioThe following table describes bit rates for audio:

Network Bandwidth Utilized (kbitsper second)

Codec bit rate (kbits per second)Codec

8064g.711

4832g.722.1

4024g.722.1

248g.729a

Bit Rates for VideoThe following table describes bit rates for video with G.711 audio:

Bit rate (kbits per second) withg.711 audio

PixelsResolution

290256 x 144w144p

340512 x 288w288p

415640 x 360w360p

Notes about the preceding table:

• The client captures and transmits at 20 fps.

• The values in this table do not include audio.

Maximum Negotiated Bit RateYou specify the maximum payload bit rate in Cisco Unified Communications Manager in the RegionConfiguration window. This maximum payload bit rate does not include packet overhead, so the actual bitrate used is higher than the maximum payload bit rate you specify.

Audio

The client uses the maximum audio bit rate.


Plan for InstallationBit Rates for Audio

Interactive Video

The client allocates the remaining bit rate as follows: The maximum video call bit rate minus the audiobit rate.

Performance Expectations for BandwidthThe client separates the bit rate for audio and then divides the remaining bandwidth equally between interactivevideo and presentation video. The following table provides information to help you understand whatperformance you should be able to achieve per bandwidth:

Audio + Interactive Video (MainVideo)

AudioUpload speed

Insufficient bandwidth for video.At bandwidth threshold for g.711.Insufficient bandwidth for video.

Sufficient bandwidth for g.729aand g.722.1.

125 kbps under VPN

256 x144 at 20 fpsSufficient bandwidth for any audiocodec.

290 kbps

640 x 360 at 20 fpsSufficient bandwidth for any audiocodec.

415 kbps

Note that VPN increases the size of the payload, which increases the bandwidth consumption.

Video Rate AdaptionThe client uses video rate adaptation to negotiate optimum video quality. Video rate adaptation dynamicallyincreases or decreases video bit rate throughput to handle real-time variations on available IP path bandwidth.

Users should expect video calls to begin at lower resolution and scale upwards to higher resolution over ashort period of time. The client saves history so that subsequent video calls should begin at the optimalresolution.

Quality of Service ConfigurationReview the supported methods to configure Quality of Service (QoS) for the client.

Port Ranges on Cisco Unified Communications ManagerCisco Unified Communications Manager lets you define one port range for the client. The client divides thisport range equally and uses the lower half for audio calls and the upper half for video calls. For example, youdefine a port range of 1000 to 3000 in Cisco Unified Communications Manager. The client uses a port rangeof 1000 to 2000 for audio calls and a port range of 2000 to 3000 for video calls.


Plan for InstallationPerformance Expectations for Bandwidth

To access the SIP Profile Configuration window, select Device > Device Settings > SIP Profile.

The Start Media Port field defines the lowest port available to the client. The StopMedia Port field definesthe highest port available. See the SIP Profile Configuration topic in the Cisco Unified CommunicationsManager documentation for more information.

Related Topics

8.6.x: SIP Profile Configuration9.0.x: SIP profile setup

Cross-Launching the ClientUsers can launch the client from web browsers to perform one of the following tasks:

• Call a phone number

• Start a chat session

The following table lists the cross-launch URLs that you can use in third-party applications to start CiscoJabber conversations.

PrerequisitesCross-Launch URLFunction

Cisco Unified CommunicationsManager account

ciscotel://<phone_number>Call a phone number

One of the following accounts:

• Cisco WebEx Messenger

• Cisco Unified Presence

• Cisco UnifiedCommunicationsManagerIM and Presence

• xmpp://<instant_message_id>

• im://<instant_message_id>

• ciscoim://<instant_message_id>

Start a chat session


Plan for InstallationCross-Launching the Client

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/8_6_1/ccmcfg/b06siprf.html

http://www.cisco.com/en/us/docs/voice_ip_comm/cucm/admin/9_0_1/ccmcfg/cucm_bk_cdf59afb_00_admin-guide_chapter_01001110.html

C H A P T E R 4Upgrade

• Upgrade Scenarios, page 43

• Configuration Differences when Upgrading Cisco Jabber for iPhone and iPad, page 52

Upgrade ScenariosCisco Jabber for iPhone and iPad Release 9.6 now offers a broader feature set.

For iPhone, iPod, and iTouch users, you can install Cisco Jabber for iPhone and iPad app to replace CiscoJabber IM for iPhone and Cisco Jabber for iPhone automatically.

Cisco Jabber IM for iPhone and Cisco Jabber for iPhone Release 9.5 users will receive an automaticupgrade notification from App Store to upgrade to Cisco Jabber for iPhone and iPad Release 9.6.

Note

Cisco Jabber Voice for iPhone users who would like to upgrade to Cisco Jabber for iPhone and iPad, you willneed to upgrade manually. If you already set up a previous version of Cisco Jabber Voice for iPhone and youdo not want to set up a presence server, Cisco recommends that you continue to use Cisco Jabber Voice foriPhone for voice-only configurations.

For more information about Cisco Jabber Voice for iPhone, see the Release Notes at http://www.cisco.com/en/US/products/ps11596/prod_release_notes_list.html.

For iPad users who would like to upgrade to Cisco Jabber for iPhone and iPad, you are highly recommendedto uninstall the previous version of Cisco Jabber Video for iPad first, then install Cisco Jabber for iPhone andiPad Release 9.6. If you already set up a previous version of Cisco Jabber Video for iPad and you do not wantto set up a presence server, Cisco recommends that you continue to use Cisco Jabber Video for iPad forvideo-only configurations. If you want to use Cisco TelePresence

®Video Communication Server (VCS),

Cisco Jabber VideoTM for TelePresence, or Cisco WebEx Telepresence service, Cisco recommends that youcontinue to use Cisco Jabber Video for iPad and install Cisco Jabber for iPhone and iPad Release 9.6 as youwant. Please be careful when you set up Cisco Unified Communications Manager because there may beconflicts when the two APPs exist at the same time.

For more information about Cisco Jabber Video for iPad, see the Release Notes at http://www.cisco.com/en/US/products/ps12430/prod_release_notes_list.html.

With Cisco Jabber for iPhone and iPad Release 9.6, the user's primary authentication is to a presence serverinstead of a Cisco Unified Communications Manager.






At a minimum, you must provision Cisco Jabber for iPhone and iPad Release 9.6 users with instant messagingand presence capabilities. You can also provision users with audio and video, voicemail, and conferencing.

If you currently support only Cisco Jabber Voice for iPhone with Cisco Unified CommunicationsManagerand you do not want to add a presence server, see the Cisco Jabber Voice for iPhone documentation onCisco.com.

Cisco continues to offer a voice-only version of the client that uses Cisco Unified CommunicationsManageras the primary authentication server.

Cisco renamed the voice-only version of the client to Cisco Jabber Voice for iPhone to distinguish it fromthe unified communications version of the product.

Important

The steps to upgrade your clients to Cisco Jabber for iPhone and iPad Release 9.6 vary, depending on yourcurrent deployment. Use the following table to find the applicable procedure for your deployment.

Table 1: Upgrade Procedures for Different Deployments

Upgrade ProcedurePrimary Authentication ServerCurrent Clients

You must deploy one of the following presence serversas the primary authentication server:


See Upgrade Cisco Jabber Voice for iPhone byAdding Cisco Unified Presence, on page 45.

Cisco Unified Communications Manager IM andPresence

See Upgrade Cisco Jabber Voice for iPhone byAdding Cisco Unified CommunicationsManagerIM and Presence, on page 47 .

Cisco WebEx

See Upgrade Cisco Jabber Voice for iPhone byAdding Cisco WebEx, on page 49.

Cisco Unified CommunicationsManager

Cisco Jabber Voice for iPhone


UpgradeUpgrade Scenarios

Upgrade ProcedurePrimary Authentication ServerCurrent Clients

See Upgrade Cisco Jabber Video for iPad on CiscoUnified Presence, on page 49

Cisco Unified PresenceCisco Jabber Video for iPad

See Upgrade Cisco Jabber Video for iPad on CiscoUnified Communications Manager IM and Presence,on page 50

Cisco Unified CommunicationsManager IM and Presence

See Upgrade Cisco Jabber Video for iPad on CiscoWebEx, on page 51

Cisco WebEx

Not supported.Cisco TelePresence VideoCommunication Server (VCS), CiscoJabber Video for TelePresence(Movi), or Cisco WebExTelepresence service

Upgrade Cisco Jabber Voice for iPhone by Adding Cisco Unified PresenceUpgrade from an earlier release of Cisco Jabber Voice for iPhone to Cisco Jabber for iPhone and iPad Release9.6 by integrating Cisco Unified Presence as the primary presence server.


Before You Begin

Procedure

Step 1 Install and configure a Cisco Unified Presence server.See the Cisco Unified Presence documentation.

Step 2 Integrate Cisco Unified Presence with Cisco Unified Communications Manager.a) Integrate the directory.

See the Configure Directory Integration in On-Premises Deployments chapter of the Server Setup Guide.

b) Provision instant messaging and presence.See the Provision Instant Messaging and Presence on Cisco Unified Presence chapter in the Server SetupGuide.

c) Specify your TFTP server on Cisco Unified Presence.See the Specify Your TFTP Server on Cisco Unified Presence topic in the Provision Audio and VideoCapabilities chapter for your release of Cisco Unified Communications Manager in the Server SetupGuide.

d) (Optional) Set up voicemail.See the Set Up Voicemail on Cisco Unified Presence chapter of the Server Setup Guide.

Step 3 On the Cisco Unified Communications Manager, do the following:a) Install the new device COP file.

See the Install Cisco Options Package File for Devices topic in the Server Setup Guide.


UpgradeUpgrade Cisco Jabber Voice for iPhone by Adding Cisco Unified Presence

After you upgrade to Cisco Jabber for iPhone and iPad Release 9.6, some previous device COPfile settings no longer apply, or must be configured using the global configuration file instead.For more information, see the Configuration Differences when Upgrading Cisco Jabber topic inthis guide.

Note

b) Update your SIP Profile settings with the new values.See the Create SIP Profiles topic in the Server Setup Guide.

c) Verify that you add all end users.d) Associate each TCT/TAB device with the user.

See Configure User Associations in the Server Setup Guide.

e) Grant the correct roles to each user.f) (Optional) Disable video calling.

Video calling is enabled by default. To disable video calling, select Disabled for the Video Capabilitiessetting on the TCT/TAB device page for the user.

g) Verify that you associate the end user with the correct line.Perform this step to ensure that Cisco Unified Presence can correctly display the On a Call availabilitystatus.

See theConfigure User Associations topic in the Provision Audio and Video Capabilities on Cisco UnifiedCommunications Manager chapter for your release in the Server Setup Guide.

Step 4 Add users to any profiles that you set up.DescriptionOption

See the Create a CCMCIP Profile topic in the Provision Audio and Video Capabilitieson Cisco Unified Communications Manager chapter for your release, in the ServerSetup Guide.

CCMCIP

See the Create a Voicemail Profile topic in the Set Up Voicemail on Cisco UnifiedPresence chapter of the Server Setup Guide.

Voicemail

See the Create a Mailstore topic in the Set Up Voicemail on Cisco Unified Presencechapter of the Server Setup Guide.

Mailstore

Use one of the following topics:

• Cisco WebEx Meetings Server: See the Add Cisco WebEx Meetings Server toa Profile topic in the Set Up Conferencing on Cisco Unified CommunicationsManager chapter for your release, in the Server Setup Guide.

• Cisco WebEx Meeting Center: See the Add Cisco WebEx Meeting Center to aProfile topic in the Set Up Conferencing on Cisco Unified CommunicationsManager chapter for your release, in the Server Setup Guide.

Conferencing

Step 5 Create a global configuration file (jabber-config.xml) and upload it to your TFTP server.See the Configure the Client and Integrate with Directory Sources chapters in this guide.


UpgradeUpgrade Cisco Jabber Voice for iPhone by Adding Cisco Unified Presence

Related Topics

Cisco Unified Presence Install and Upgrade GuidesServer Setup GuideConfigure the Client, on page 57Integrate with Directory Sources, on page 75

Upgrade Cisco Jabber Voice for iPhone by Adding Cisco UnifiedCommunications Manager IM and Presence

Upgrade from an earlier release of Cisco Jabber Voice for iPhone to Cisco Jabber for iPhone and iPad Release9.6 by integrating Cisco Unified Communications Manager IM and Presence as the primary presence server.


Procedure

Step 1 Install and configure a Cisco Unified Communications Manager IM and Presence server.See the Cisco Unified Communications Manager IM and Presence documentation.

Step 2 Integrate Cisco Unified Communications Manager IM and Presence with Cisco Unified CommunicationsManager.a) Integrate the directory.

See the Configure Directory Integration in On-Premises Deployments chapter of the Server Setup Guide.

b) Provision instant messaging and presence.See the Provision Instant Messaging and Presence on Cisco Unified Communications Manager IM andPresence chapter in the Server Setup Guide.

c) Specify your TFTP server on Cisco Unified Communications Manager IM and Presence.See the Specify Your TFTP Server on Cisco Unified Communications Manager IM and Presence topic inthe Provision Audio and Video Capabilities chapter for your release of Cisco Unified CommunicationsManager in the Server Setup Guide.

d) (Optional) Set up voicemail.See the Set Up Voicemail on Cisco Unified Communications Manager IM and Presence chapter of theServer Setup Guide.

Step 3 On the Cisco Unified Communications Manager, do the following:a) Install the new device COP file.


After you upgrade to Cisco Jabber for iPhone and iPad Release 9.6, some previous device COPfile settings no longer apply, or must be configured using the global configuration file instead.For more information, see the Configuration Differences when Upgrading Cisco Jabber topic.

Note





UpgradeUpgrade Cisco Jabber Voice for iPhone by Adding Cisco Unified Communications Manager IM and Presence





g) Verify that you associate the end user with the correct line.Perform this step to ensure that Cisco Unified Communications Manager IM and Presence can correctlydisplay the On a Call availability status.

See theConfigure User Associations topic in the Provision Audio and Video Capabilities on Cisco UnifiedCommunications Manager chapter for your release in the Server Setup Guide.

Step 4 Add users to any profiles that you set up.DescriptionOption

See the Create a CCMCIP Profile topic in the Provision Audio and Video Capabilitieson Cisco Unified CommunicationsManager chapter for your release in the Server SetupGuide.

CCMCIP

See the Create a Voicemail Profile topic in the Set Up Voicemail on Cisco UnifiedCommunications Manager Version 9 and Higher chapter of the Server Setup Guide.

Voicemail

See the Create a Mailstore topic in the Set Up Voicemail on Cisco UnifiedCommunications Manager Version 9 and Higher chapter of the Server Setup Guide.

Mailstore

See the Create a Service Profile topic in the Server Setup Guide.Directory

Use one of the following topics:

• Cisco WebEx Meetings Server: See the Add Cisco WebEx Meetings Server toa Profile topic in the Set Up Conferencing on Cisco Unified CommunicationsManager chapter for your release, in the Server Setup Guide.

• Cisco WebEx Meeting Center: See the Add Cisco WebEx Meeting Center to aProfile topic in the Set Up Conferencing on Cisco Unified CommunicationsManager chapter for your release, in the Server Setup Guide.

Conferencing


Related Topics

Cisco Unified Communications Manager IM and Presence Install and Upgrade GuidesServer Setup GuideConfigure the Client, on page 57Integrate with Directory Sources, on page 75


UpgradeUpgrade Cisco Jabber Voice for iPhone by Adding Cisco Unified Communications Manager IM and Presence



Upgrade Cisco Jabber Voice for iPhone by Adding Cisco WebExUpgrade from an earlier release of Cisco Jabber Voice for iPhone to Cisco Jabber for iPhone and iPad Release9.6 by integrating Cisco WebEx as the primary presence server.

Procedure

Step 1 Create unified communications clusters on Cisco WebEx.See the Creating unified communications clusters topic.

Step 2 Provision the clusters to users.See the Cisco WebEx federation with other instant messaging providers chapter in the Cisco WebEx ConnectAdministrator's Guide.

Step 3 (Optional) Enable meeting integration.See the Set Up Conferencing in Cloud-Based Deployments chapter in the Server Setup Guide.

Step 4 On the Cisco Unified Communications Manager, do the following:a) Install the device COP file.







Step 5 (Optional) To use the phone credential to automatically sign in to voicemail, create a global configuration file(jabber-config.xml) and upload it to your TFTP server.See the Service Credentials Parameters topic in this guide.

Related Topics

Server Setup GuideCreating unified communications clustersService Credentials Parameters, on page 72

Upgrade Cisco Jabber Video for iPad on Cisco Unified PresenceUpgrade the clients on your Cisco Unified Presence deployment from Cisco Jabber Video for iPad to CiscoJabber for iPhone and iPad Release 9.6. You can continue to offer the same services. Optionally, you can addsimple provisioning, audio and video, voicemail, and conferencing.


UpgradeUpgrade Cisco Jabber Voice for iPhone by Adding Cisco WebEx


http://www.webex.com/webexconnect/orgadmin/help/index.htm?toc.htm?cs_uc.htm


Procedure

Step 1 (Recommended) Set up simple provisioning to simplify the steps required when users install the client.See the Presence Server Discovery topic.

Step 2 (Optional) Provision audio and video calling.See the Provision Audio and Video Capabilities on Cisco Unified Communications Manager chapter for yourrelease in the Server Setup Guide.


Step 4 Ensure that no CCMCIP or CTI profiles are configured.If you configure CCMCIP or CTI profiles, users see a device configuration error when they try to sign in tothe client.

Step 5 (Optional) Provision users with conferencing capabilities.See the Set Up Conferencing on Cisco Unified Presence chapter in the Server Setup Guide.

Related Topics

Presence Server Discovery, on page 20Server Setup GuideConfigure the Client, on page 57Integrate with Directory Sources, on page 75

Upgrade Cisco Jabber Video for iPad on Cisco Unified CommunicationsManager IM and Presence

Upgrade the clients on your Cisco Unified Communications Manager IM and Presence deployment fromCisco Jabber Video for iPad to Cisco Jabber for iPhone and iPad Release 9.6. You can continue to offer thesame services. Optionally, you can add simple provisioning, audio and video, voicemail, and conferencing.


Procedure


Step 2 (Optional) Provision audio and video calling.See the Provision Audio and Video Capabilities on Cisco Unified Communications Manager chapter for yourrelease in the Server Setup Guide.



UpgradeUpgrade Cisco Jabber Video for iPad on Cisco Unified Communications Manager IM and Presence


Step 4 Ensure that no CCMCIP or CTI profiles are configured.If you configure CCMCIP or CTI profiles, users see a device configuration error when they try to sign in tothe client.

Step 5 (Optional) Provision users with conferencing capabilities.See the Set Up Conferencing on Cisco Unified Communications Manager IM and Presence chapter in theServer Setup Guide.

Related Topics

Presence Server Discovery, on page 20Server Setup GuideConfigure the Client, on page 57Integrate with Directory Sources, on page 75

Upgrade Cisco Jabber Video for iPad on Cisco WebExUpgrade the clients on your Cisco WebEx deployment from Cisco Jabber Video for iPad to Cisco Jabber foriPhone and iPad Release 9.6. Perform the following optional steps if you want to add simple provisioning,audio and video, voicemail, or conferencing to your current deployment.

Procedure


Step 2 (Optional) Set up audio and video calling.Audio and video calling are not required for a Cisco WebEx deployment. If you want to add audio and videocalling, you must first deploy Cisco Unified Communications Manager.

For information about setting up audio and video capabilities, see the Provision Audio and Video Capabilitiesin Hybrid Cloud-Based Deployments chapter in the Server Setup Guide.

Step 3 (Optional) Set up voicemail.Voicemail is not required for a Cisco WebEx deployment. If you want to add voicemail, you must first deployCisco Unity Connection.

For information about setting up voicemail capabilities, see the Set Up Voicemail in Hybrid Cloud-BasedDeployments chapter in the Server Setup Guide.

Step 4 (Optional) Provision users with conferencing capabilities.See the Set Up Conferencing in Cloud-Based Deployment chapter in the Server Setup Guide.

Related Topics

Presence Server Discovery, on page 20Server Setup Guide


UpgradeUpgrade Cisco Jabber Video for iPad on Cisco WebEx



Service Credentials Parameters, on page 72

Configuration Differences when Upgrading Cisco Jabber foriPhone and iPad

Speed dial label is disabled and limit of the line is changed from 26 to 1.

Apart from that, there is no configuration difference between Cisco Jabber for iPhone Release 9.5 and CiscoJabber for iPhone and iPad Release 9.6.

The following tables compare the configuration method used for Cisco Jabber Video for iPad Release 9.3(3)and Cisco Jabber for iPhone and iPad Release 9.6.

Table 2: Directory Configuration

Cisco Jabber for iPhone and iPad Release 9.6Cisco Jabber Video for iPad Release 9.3(4)

Device COP file settings are no longer applicable.

Cisco Unified Presence and Cisco UnifiedCommunications Manager IM and Presence

Configure the directory service using the globalconfiguration file.

The global configuration file does notinclude parameters to configure thefollowing options:

Note

• Country Code

• Directory Lookup Rules URL

These options are no longer supportedfor this release.

Cisco WebEx

No global configuration required.

Configure with the following device COP filesettings:

• Country Code

• Directory Lookup Rules URL

• Application Dial Rules URL

• Enable LDAP User Authentication

• LDAP Username

• LDAP Password

• LDAP Server

• Enable LDAP SSL

• LDAP Search Base

• LDAP Field Mappings

• LDAP Photo Location


UpgradeConfiguration Differences when Upgrading Cisco Jabber for iPhone and iPad

Table 3: Voicemail Configuration


Device COP file settings are no longer applicable.


Now configured on the Cisco Unified Presenceserver.

CiscoUnifiedCommunicationsManager IMandPresence

Now configured on Cisco UnifiedCommunications Manager Release 9 or later.

Cisco WebEx

Now configured using the global configurationfile.

Configure with the following device COP file settings:

• Voicemail Username

• Voicemail Server

• Voicemail Message Store Username

• Voicemail Message Store

Table 4: Audio and Video Configuration


Configured using the following Device COP filesettings.

• Default Ringtone

• Video Capabilities (new)

Configure with the following Device COP filesettings.

• Default Ringtone

Table 5: VPN Configuration


Configuration is the same. Use the following DeviceCOP file settings.

• Preset Wi-Fi Networks

• On-Demand VPN URL

Configure with the following Device COP filesettings.

• Preset Wi-Fi Networks

• On-Demand VPN URL



Other Feature Configuration

The following settings are no longer applicable in this release.

• Disallow Shake To Lock

• Normal Mode Codecs

• Low Bandwidth Codecs

• Meeting Place Numbers

•WebEx Numbers

• Contacts

• XML Options

• Secure Connect

• Secure Connect Gateway Address

• Secure Connect Authentication

• Group

• Secure Connect Certificate

• Enrollment Groupd (SCEP)

• Secure Connect Username

For information about global configuration files, see the Configure the Client and Integrate with DirectorySources chapters in this guide.

For information about configuring the device COP file, see the Provision Audio and Video Capabilities onCisco Unified Communications Manager chapter for your release in the Server Setup Guide.



C H A P T E R 5Set Up Servers

Before you install Cisco Jabber for iPhone and iPad , you must set up the servers to add users to yourenvironment, enable and configure services, and provision users with capabilities.

• Server Setup Guide, page 55

Server Setup GuideThe Cisco Jabber for iPhone and iPad Server Setup Guide describes the tasks you need to complete to set upand configure services for Cisco Jabber for iPhone and iPad.

Related Topics

Server Setup Guide




Set Up ServersServer Setup Guide

C H A P T E R 6Configure the Client

• Introduction to Client Configuration, page 57

• Configure Client on Cisco Unified Communications Manager, page 58

• Create and Host Client Configuration Files, page 63

• Configuration File Structure, page 68

• Example Configuration, page 69

• Client Parameters, page 69

• Policies Parameters, page 70

• Service Credentials Parameters, page 72

• Voicemail Parameters, page 73

Introduction to Client ConfigurationCisco Jabber can retrieve configuration settings from the following sources:

Service Profiles

You can configure some client settings in UC service profiles on Cisco Unified CommunicationsManager version 9 and higher. When users launch the client, it discovers the Cisco UnifiedCommunications Manager home cluster using a DNS SRV record and automatically retrieves theconfiguration from the UC service profile.

Applies to on-premises deployments only.

Phone Configuration

You can set some client settings in the phone configuration on Cisco Unified CommunicationsManagerversion 9 and higher. The client retrieves the settings from the phone configuration in addition to theconfiguration in the UC service profile.



Cisco Unified Presence or Cisco Unified Communications Manager IM and Presence

You can enable instant messaging and presence capabilities and configure certain settings such aspresence subscription requests.

If you do not use service discovery with Cisco Unified CommunicationsManager version 9 and higher,the client retrieves UC services fromCisco Unified Presence or Cisco Unified CommunicationsManagerIM and Presence.


Client Configuration Files

You can create XML files that contain configuration parameters. You then host the XML files on aTFTP server. When users sign in, the client retrieves the XML file from the TFTP server and appliesthe configuration.

Applies to on-premises and cloud-based deployments.

Cisco WebEx Org Admin

You can configure some client settings with the Cisco WebEx Administration Tool.

Applies to cloud-based deployments only.

Configure Client on Cisco Unified Communications ManagerYou can configure some client settings in UC service profiles on Cisco Unified Communications Managerversion 9 and higher.

Important • Cisco Jabber only retrieves configuration from service profiles on Cisco Unified CommunicationsManager if the client gets the _cisco-uds SRV record from a DNS query.

You cannot configure the client with service profiles if you do not set up your DNS environmentfor service discovery.

• In an environment withmultiple CiscoUnified CommunicationsManager clusters, youmust configurethe Intercluster Lookup Service (ILS). ILS enables the client to find the user's home cluster anddiscover services.

See the appropriate version of the Cisco Unified Communications Manager Features and ServicesGuide to learn how to configure ILS.

Set Parameters on Service ProfileThe client can retrieve UC service configuration and other settings from service profiles.


Configure the ClientConfigure Client on Cisco Unified Communications Manager

Parameters in service profilesLearn which configuration parameters you can set in service profiles. Review the corresponding parametersin the client configuration file.

IM and Presence Profile

The following table lists the configuration parameters you can set in the instant messaging and presenceprofile:

DescriptionIM and Presence Service Configuration

Provides the primary source of authentication to CiscoJabber and has the following values:

Unified CM (IM and Presence)

Cisco Unified Presence or Cisco UnifiedCommunications Manager IM and Presence isthe primary source of authentication.

WebEx (IM and Presence)

The Cisco WebEx Messenger service is theprimary source of authentication.

Product type

Specifies the address of your primary presence server.


You should specify the fully qualified domainname (FQDN) of Cisco Unified Presence orCiscoUnified CommunicationsManager IM andPresence.


The client uses the following URL as defaultwhen you selectWebEx as the value for theProduct type parameter:https://loginp.webexconnect.com/cas/auth.do

This default URL overrides any value that youset.

Primary server

Voicemail Profile

The following table lists the configuration parameters you can set in the voicemail profile:


Configure the ClientSet Parameters on Service Profile

DescriptionVoicemail Service Configuration

Specifies connection settings for the voicemail server.

Refer to the Server Setup Guide for detailed instructionson provisioning users with voicemail capabilities in aservice profile.

Voicemail server

Specifies that the client uses the credentials for theinstant messaging and presence or conferencing serviceto authenticate with the voicemail service.

Ensure that the credentials source that you set matchthe user's voicemail credentials. If you set a value forthis parameter, users cannot specify their voicemailservice credentials in the client user interface.

Credentials source for voicemail service

Conferencing Profile

The following table lists the configuration parameters you can set in the conferencing profile:DescriptionConferencing Service Configuration

Specifies connection settings for the conferencingserver.

Refer to the Server Setup Guide for detailedinstructions on provisioning users with meetingscapabilities in a service profile.

Conferencing server

Specifies that the client uses the credentials for theinstant messaging and presence or voicemail serviceto authenticate with the conferencing service.

Ensure that the credentials source that you set matchthe user's conferencing credentials.

Credentials source for web conference service

Directory Profile

See the Integrate with Directory Sources chapter for information about configuring directory integration ina service profile.

Add UC ServicesAddUC services to specify the address, ports, protocols and other settings for services such as instant messagingand presence, voicemail, conferencing, and directory.



Procedure

Step 1 Open the Cisco Unified CM Administration interface.Step 2 Select User Management > User Settings > UC Service.

The Find and List UC Services window opens.

Step 3 Select Add New.The UC Service Configuration window opens.

Step 4 Select the UC service type you want to add and then select Next.Step 5 Configure the UC service as appropriate and then select Save.

What to Do Next

Add your UC services to service profiles.

Create Service ProfilesAfter you add and configure UC services, you add them to a service profile. You can apply additionalconfiguration in the service profile.

Procedure

Step 1 Open the Cisco Unified CM Administration interface.Step 2 Select User Management > User Settings > Service Profile.

The Find and List UC Services window opens.

Step 3 Select Add New.The Service Profile Configuration window opens.

Step 4 Enter a name for the service profile in the Name field.Step 5 SelectMake this the default service profile for the system if you want the service profile to be the default

for the cluster.On Cisco Unified CommunicationsManager version 9.x only, users who have only instant messagingcapabilities (IM only) must use the default service profile. For this reason, you should set the serviceprofile as the default if you plan to apply the service profile to IM only users.

Note

Step 6 Add your UC services, apply any additional configuration, and then select Save.

What to Do Next

Apply service profiles to end user configuration.



Apply Service ProfilesAfter you add UC services and create a service profile, you apply the service profile to users. When userssign in to Cisco Jabber, the client can then retrieve the service profile for that user from Cisco UnifiedCommunications Manager.

Procedure

Step 1 Open the Cisco Unified CM Administration interface.Step 2 Select User Management > End User.

The Find and List Users window opens.

Step 3 Enter the appropriate search criteria to find existing users and then select a user from the list.The End User Configuration window opens.

Step 4 Locate the Service Settings section.Step 5 Select a service profile to apply to the user from the UC Service Profile drop-down list.

Cisco Unified Communications Manager version 9.x only: If the user has only instantmessaging and presence capabilities (IM only), you must selectUse Default. For IM only users,Cisco Unified Communications Manager version 9.x always applies the default service profileregardless of what you select from the UC Service Profile drop-down list.

Important

Step 6 Apply any other configuration as appropriate and then select Save.

Set Parameters on Phone ConfigurationThe client can retrieve configuration settings in the phone configuration from the following locations on CiscoUnified Communications Manager:

Cisco Dual Mode for iPhone (TCT) Configuration

Applies to individual TCT devices and takes priority over the group configuration.

Cisco Jabber for Tablet (TAB) Configuration

Applies to individual TAB devices and takes priority over the group configuration.

Parameters in Phone ConfigurationThe following table lists the configuration parameters you can set in the Product Specific ConfigurationLayout section of the phone configuration and maps corresponding parameters from the client configurationfile:

DescriptionMobile Client Settings Configuration

URL for initiating on-demand VPN.On-Demand VPN URL


Configure the ClientSet Parameters on Phone Configuration

DescriptionMobile Client Settings Configuration

Enter the SSIDs for Wi-Fi networks (SSIDs) approved byyour organization. Separate SSIDs with a forward slash (/).Devices do not connect to secure connect if connected to oneof the entered Wi-Fi networks.

Preset Wi-fi Networks

Sets the default ringtone to Normal or Loud.Default Ringtone

Enables or disables video capabilities.

Enabled

Users can send and receive video calls. This is thedefault value.

Disabled

Users cannot send or receive video calls.

Video Capabilities

Enables or disables Dial via Office.

Enabled

Users can dial via office.

Disabled

Users cannot dial via office. This is the default value.

Dial via OfficeIt is for TCT deviceonly.

Note

Create and Host Client Configuration FilesIn on-premises and hybrid cloud-based deployments you can create client configuration files and host themon the Cisco Unified Communications Manager TFTP service.

In cloud-based deployments, you should configure the client with the Cisco WebEx Administration Tool.However, you can optionally set up a TFTP server to configure the client with settings that are not availablein Cisco WebEx Administration Tool.

You must create a global configuration file to set up:Important

• Directory integration for on-premises deployments.

• Voicemail service credentials for hybrid-cloud deployments.

Client Configuration FilesReview details about configuration files and understand requirements such as supported encoding.


Configure the ClientCreate and Host Client Configuration Files

Global Configuration FilesGlobal configuration files apply to all users. The client downloads the global configuration file from yourTFTP server during the login sequence.

The default name for the global configuration file is jabber-config.xml.

Do not rename the jabber-config.xml file. The client does not support jabber-config.xml files with adifferent name.

Note

Configuration File Requirements• Configuration filenames are case sensitive. Use lowercase letters in the filename to prevent errors andto ensure the client can retrieve the file from the TFTP server.

• You must use utf-8 encoding for the configuration files.

• The client cannot read configuration files that do not have a valid XML structure. Ensure you check thestructure of your configuration file for closing elements and that elements are nested correctly.

• Your XML can contain only valid XML character entity references. For example, use & insteadof &. If your XML contains invalid characters, the client cannot parse the configuration file.

Open your configuration file in Microsoft Internet Explorer to see if any characters orentities are not valid.

If Internet Explorer displays the entire XML structure, your configuration file does notcontain invalid characters or entities.

If Internet Explorer displays only part of the XML structure, your configuration filemost likely contains invalid characters or entities.

Tip

Specify Your TFTP Server AddressThe client gets configuration files from a TFTP server. The first step in configuring the client is to specifyyour TFTP server address so the client can access your configuration file.

If Cisco Jabber gets the _cisco-uds SRV record from a DNS query, it can automatically locate theuser's home cluster. As a result, the client can also locate the Cisco Unified Communications ManagerTFTP service.

You do not need to specify your TFTP server address if you deploy the _cisco-uds SRV record.

Attention


Configure the ClientSpecify Your TFTP Server Address

Specify Your TFTP Server on Cisco Unified PresenceComplete the steps to specify the address of your TFTP server on Cisco Unified Presence.

Procedure

Step 1 Open the Cisco Unified Presence Administration interface.Step 2 Select Application > Cisco Jabber > Settings.

In some versions of Cisco Unified Presence, this path is as follows: Application > Cisco UnifiedPersonal Communicator > Settings.

Note

The Cisco Jabber Settings window opens.

Step 3 Locate the fields to specify TFTP servers in one of the following sections, depending on your version of CiscoUnified Presence:

• Cisco Jabber Security Settings

• CUPC Global Settings

Step 4 Specify the IP address of your primary and backup TFTP servers in the following fields:

• Primary TFTP Server

• Backup TFTP Server


Step 5 Select Save.

Specify Your TFTP Server on Cisco Unified Communications Manager IM and PresenceComplete the steps to specify the address of your TFTP server on Cisco Unified Communications ManagerIM and Presence.

Procedure

Step 1 Open the Cisco Unified CM IM and Presence Administration interface.Step 2 Select Application > Legacy Clients > Settings.

The Legacy Client Settings window opens.

Step 3 Locate the Legacy Client Security Settings section.Step 4 Specify the IP address of your primary and backup TFTP servers in the following fields:

• Primary TFTP Server




Configure the ClientSpecify Your TFTP Server Address

Step 5 Select Save.

Specify TFTP Servers with the Cisco WebEx Administration ToolIf the client connects to the Cisco WebEx Messenger service, you specify your TFTP server address with theCisco WebEx Administration Tool.

Procedure

Step 1 Open the Cisco WebEx Administration Tool.Step 2 Select the Configuration tab.Step 3 Select Unified Communications in the Additional Services section.

The Unified Communications window opens.Step 4 Select the Clusters tab.Step 5 Select the appropriate cluster from the list.

The Edit Cluster window opens.Step 6 SelectAdvanced Server Settings in theCisco Unified CommunicationsManager Server Settings section.Step 7 Specify the IP address of your primary TFTP server in the TFTP Server field.Step 8 Specify the IP address of your backup TFTP servers in the Backup Server #1 and Backup Server #2 fields.Step 9 Select Save.

The Edit Cluster window closes.Step 10 Select Save in the Unified Communications window.

Create Global ConfigurationsConfigure the client for all users in your deployment.

If your environment has multiple TFTP servers, you must ensure that the configuration file is the sameon all TFTP servers.

Remember

Procedure

Step 1 Create a file named jabber-config.xml with any text editor.

• Use lowercase letters in the filename.

• Use utf-8 encoding.

Step 2 Define the required configuration parameters in jabber-config.xml.


Configure the ClientCreate Global Configurations

If the structure of your configuration file is not valid, the client cannot read the values you set. Reviewthe XML samples in this chapter for more information.

Step 3 Host the group configuration file on your TFTP server.

Host Configuration FilesYou can host configuration files on any TFTP server. However, Cisco recommends hosting configurationfiles on the Cisco Unified Communications Manager TFTP server, which is the same as that where the deviceconfiguration file resides.

Procedure

Step 1 Open the Cisco Unified OS Administration interface on Cisco Unified Communications Manager.Step 2 Select Software Upgrades > TFTP File Management.Step 3 Select Upload File.Step 4 Select Browse in the Upload File section.Step 5 Select the configuration file on the file system.Step 6 Do not specify a value in the Directory text box in the Upload File section.

You should leave an empty value in the Directory text box so that the configuration file resides in the defaultdirectory of the TFTP server.

Step 7 Select Upload File.

Restart Your TFTP ServerYou must restart your TFTP server before the client can access the configuration files.

Procedure

Step 1 Open the Cisco Unified Serviceability interface on Cisco Unified Communications Manager.Step 2 Select Tools > Control Center - Feature Services.Step 3 Select Cisco Tftp from the CM Services section.Step 4 Select Restart.

A window displays to prompt you to confirm the restart.

Step 5 Select OK.The Cisco Tftp Service Restart Operation was Successful status displays.

Step 6 Select Refresh to ensure the Cisco Tftp service starts successfully.


Configure the ClientHost Configuration Files

What to Do Next

To verify that the configuration file is available on your TFTP server, open the configuration file in anybrowser. Typically, you can access the global configuration file at the following URL:http://tftp_server_address:6970/jabber-config.xml

Configuration File StructureYou create client configuration files in an XML format that contains the following elements:

XML Declaration

The configuration file must conform to XML standards and contain the following declaration:<?xml version="1.0" encoding="utf-8"?>

Root Element

The root element, config, contains all group elements. You must also add the version attribute to the rootelement as follows:<?xml version="1.0" encoding="utf-8"?><config version="1.0"></config>

Group Elements

Group elements contain configuration parameters and values. You must nest group elements within the rootelement.

Group ElementsThe following table describes the group elements you can specify in a client configuration file:

DescriptionElement

Contains configuration parameters for the client.Client

Contains configuration parameters for directory integration.Directory

Contains configuration parameters for policies.Policies

Contains configuration parameters for the voicemail service.Voicemail

For information about directory parameters, see the Integrate with Directory Sources chapter.Note


Configure the ClientConfiguration File Structure

XML StructureThe following snippet shows the XML structure of a client configuration file:<Client><parameter><value><parameter>

</Client><Directory><parameter><value><parameter>

</Directory><Policies><parameter>value</parameter>

</Policies><Voicemail><parameter><value><parameter>

</Voicemail>

Example ConfigurationThe following is an example configuration for an on-premises deployment:<?xml version="1.0" encoding="utf-8"?><config version="1.0"><Client><CachePasswordMobile>true</CachePasswordMobile>

</Client><Directory><DirectoryServerType>BDI</DirectoryServerType><BDIPhotoUriSubstitutionEnabled>True</BDIPhotoUriSubstitutionEnabled><BDIPhotoUriSubstitutionToken>sAMAccountName</BDIPhotoUriSubstitutionToken><BDIPhotoUriWithToken>http://staffphoto.example.com/sAMAccountName.jpg

</BDIPhotoUriWithToken><BDIPrimaryServerName>11.22.33.456</BDIPrimaryServerName><BDIPresenceDomain>cisco.com</BDIPresenceDomain><BDIServerPort1>389</BDIServerPort1><BDISearchBase1>CN=Users,DC=cisco,DC=com</BDISearchBase1>

</Directory><Policies>

<EnableSIPURIDialling>false</EnableSIPURIDialling></Policies></config>

Client ParametersThe following table describes the parameters you can specify within the Client element:


Configure the ClientXML Structure

DescriptionValueParameter

Specifies whether the password is remembered or not onthe client side.

true

The password will be prefilled and Automaticsign-in will be shown.

Users can allow the client to cache their password.This option allows users to automatically sign inwhen the client starts. This is the default value.

false

The password field will be empty and Automaticsign-in will not be shown.

Users cannot allow the client to cache theirpassword. Users must enter their password eachtime the client starts.

true

false

CachePasswordMobile

Policies ParametersPolicies parameters let you control specific client functionality.

Common PoliciesThe following table describes the parameters you can specify within the Policies element in both on-premisesdeployments and hybrid cloud-based deployments:


Enables or disables video capabilities.

true

Users can make and receive video calls. This is thedefault value.

false

Users cannot make or receive video calls.

true

false

EnableVideo


Configure the ClientPolicies Parameters


Enables meetings capabilities and user interface in theclient.

true

Enables meetings capabilities and user interface.This is the default value.

false

Disables meetings capabilities and user interface.

true

false

Meetings_Enabled

Enables audio and video capabilities and user interface inthe client.

true

Enables audio and video capabilities and userinterface. This is the default value.

false

Disables audio and video capabilities and userinterface.

true

false

Telephony_Enabled

Enables voicemail capabilities and user interface in theclient.

true

Enables voicemail capabilities and user interface.This is the default value.

false

Disables voicemail capabilities and user interface.

true

false

Voicemail_Enabled

Enables URI dialing with Cisco Jabber and allows usersto make calls with URIs.

true

Users can make calls with URIs.

false

Users cannot make calls with URIs. This is thedefault value.

true

false

EnableSIPURIDialling


Configure the ClientCommon Policies


Specifies the directory attribute that holds the SIP URI forusers.


Set one of the following as the value:

• mail

• msRTCSIP-PrimaryUserAddress


Jabber uses email by default and it cannot bemodified.

The value you specify must match thedirectory URI setting for users in CiscoUnified Communications Manager or theCisco WebEx Administration Tool.

Important

In order to support URI search in BDI, setBDIUseANR to false in jabber-config.xml.

Important

See thedescriptionon the rightcolumn

DirectoryURI

Cisco WebEx PoliciesIf you use the Cisco WebEx Messenger service for instant messaging and presence capabilities, you can setpolicies for the client through the Cisco WebEx Administration Tool. See Using policy actions available inCisco WebEx for a list of available policies and descriptions.

All settings in the service profile obtained via UDS will overwrite the configuration in Cisco WebExAdministration Tool.

Note

Related Topics

Using policy actions available in Cisco WebEx

Service Credentials ParametersYou can specify service credentials parameters so that users do not need to authenticate with certain services.

Voicemail Service Credentials

You can specify the following parameter to configure voicemail service credentials within the Voicemailelement:


Configure the ClientCisco WebEx Policies

http://www.webex.com/webexconnect/orgadmin/help/17427.htm


Specifies that the client uses the phone servicecredentials to access voicemail services.

Ensure the user's phone service credentials match theirvoicemail service credentials. If you set thisconfiguration, users cannot specify voicemail servicecredentials in the client interface.

This parameter is not set by default.

You should set this parameter in hybrid cloud-baseddeployments only.

In on-premises deployments, you should set thecredentials source for voicemail services on thepresence server.

phoneVoiceMailService_UseCredentialsFrom

The following is an example of the voicemail service credentials parameter:<?xml version="1.0" encoding="utf-8"?><config version="1.0"><Voicemail><VoicemailService_UseCredentialsFrom>phone</VoicemailService_UseCredentialsFrom>

</Voicemail></config>

Voicemail ParametersThe following table describe the voicemail service configuration parameters you can specify within theVoicemail element:

DescriptionValueKey

Specifies the address of your voicemail server. Setone of the following as the value:

• Hostname (hostname)

• IP address (123.45.254.1)

• FQDN (hostname.domain.com)

Hostname

IP address

FQDN

VVM_Mailstore_Server_0


Configure the ClientVoicemail Parameters


Configure the ClientVoicemail Parameters

C H A P T E R 7Integrate with Directory Sources

• Set Up Directory Synchronization and Authentication, page 75

• Contact Sources, page 79

• Client Configuration for Directory Integration, page 84

• Federation, page 99

Set Up Directory Synchronization and AuthenticationWhen you set up an on-premises deployment, you should configure Cisco Unified Communications Managerto do both of the following:

• Synchronize with the directory server.

• Authenticate with the directory server.

Synchronizing with the directory server replicates contact data from your directory to Cisco UnifiedCommunications Manager.

Enabling authentication with the directory server lets Cisco Unified Communications Manager proxyauthentication from the client to the directory server. In this way, users authenticate with the directory server,not with Cisco Unified Communications Manager or a presence server.


Synchronize with the Directory ServerDirectory server synchronization ensures that contact data in your directory server is replicated to CiscoUnified Communications Manager.

Enable SynchronizationThe first step to synchronize with a directory server is to enable synchronization on Cisco UnifiedCommunications Manager.

Procedure

Step 1 Open the Cisco Unified CM Administration interface.Step 2 Select System > LDAP > LDAP System.

The LDAP System Configuration window opens.

Step 3 Locate the LDAP System Information section.Step 4 Select Enable Synchronizing from LDAP Server.Step 5 Select the type of directory server from which you are synchronizing data from the LDAP Server Type

drop-down list.

What to Do Next

Specify an LDAP attribute for the user ID.

Populate User ID and Directory URIWhen you synchronize your LDAP directory server with Cisco Unified Communications Manager, you canpopulate the end user configuration tables in both the Cisco Unified Communications Manager and the CiscoUnified Communications Manager IM and Presence databases with attributes that contain values for thefollowing:

User ID

You must specify a value for the user ID on Cisco Unified Communications Manager. This value isrequired for the default IM address scheme and for users to log in. The default value issAMAccountName.

Directory URI

You should specify a value for the directory URI if you plan to:

• Enable URI dialing in Cisco Jabber.

• Use the directory URI address scheme on Cisco Unified Communications Manager IM andPresence version 9.1(1) and higher.


Integrate with Directory SourcesSynchronize with the Directory Server

When Cisco Unified Communications Manager synchronizes with the directory source, it retrieves the valuesfor the directory URI and user ID and populates them in the end user configuration table in the Cisco UnifiedCommunications Manager database.

The Cisco Unified Communications Manager database then synchronizes with the Cisco UnifiedCommunications Manager IM and Presence database. As a result, the values for the directory URI and userID are populated in the end user configuration table in the Cisco Unified Communications Manager IM andPresence database.

Specify an LDAP Attribute for the User ID

When you synchronize from your directory source to Cisco Unified Communications Manager, you canpopulate the user ID from an attribute in the directory. The default attribute that holds the user ID issAMAccountName.

Procedure

Step 1 Locate the LDAP Attribute for User ID drop-down list on the LDAP System Configuration window.Step 2 Specify an attribute for the user ID as appropriate and then select Save.

If the attribute for the user ID is other than sAMAccountName, you must specify the attributeas the value for the BDIUserAccountName parameter in your client configuration file as follows:

<BDIUserAccountName>attribute-name</BDIUserAccountName>

If you do not specify the attribute in your configuration, and the attribute is other thansAMAccountName, the client cannot resolve contacts in your directory. As a result, users donot get presence and cannot send or receive instant messages.

Important

Specify an LDAP Attribute for the Directory URI

On Cisco Unified Communications Manager version 9.0(1) and higher, you can populate the directory URIfrom an attribute in the directory. The default attribute is msRTCSIP-primaryuseraddress.



Procedure

Step 1 Select System > LDAP > LDAP Directory.To add or edit an LDAP directory, youmust first enable synchronization.Remember

Step 2 Select the appropriate LDAP directory or select Add New to add an LDAP directory.Step 3 Locate the Standard User Fields To Be Synchronized section.Step 4 Select the appropriate LDAP attribute for the Directory URI drop-down list.Step 5 Select Save.

Perform SynchronizationAfter you add a directory server and specify the required parameters, you can synchronize Cisco UnifiedCommunications Manager with the directory server.

Before You Begin

If your environment includes a presence server, you should ensure the following feature service is activatedand started before you synchronize with the directory server:

• Cisco Unified Presence: Cisco UP Sync Agent

• Cisco Unified Communications Manager IM and Presence: Cisco Sync Agent

This service keeps data synchronized between the presence server and CiscoUnified CommunicationsManager.When you perform the synchronization with your directory server, Cisco Unified Communications Managerthen synchronizes the data with the presence server. However, theCisco Sync Agent service must be activatedand started.

Procedure

Step 1 Select System > LDAP > LDAP Directory.Step 2 Select Add New.

The LDAP Directory window opens.

Step 3 Specify the required details on the LDAP Directory window.See theCisco Unified CommunicationsManager Administration Guide for more information about the valuesand formats you can specify.

Step 4 Select Save.Step 5 Select Peform Full Sync Now.

The amount of time it takes for the synchronization process to complete depends on the number ofusers that exist in your directory. If you synchronize a large directory with thousands of users, youshould expect the process to take some time.

Note



User data from your directory server is synchronized to the Cisco Unified CommunicationsManager database.Cisco Unified Communications Manager then synchronizes the user data to the presence server database.

Related Topics

Administration Guide version 8.6: LDAP Directory ConfigurationAdministration Guide version 9.0: LDAP directory setup

Authenticate with the Directory ServerYou should configure Cisco Unified Communications Manager to authenticate with the directory server.When users log in to the client, the presence server routes that authentication to Cisco Unified CommunicationsManager. Cisco Unified Communications Manager then proxies that authentication to the directory server.

Procedure

Step 1 Open the Cisco Unified CM Administration interface.Step 2 Select System > LDAP > LDAP Authentication.Step 3 Select Use LDAP Authentication for End Users.Step 4 Specify LDAP credentials and a user search base as appropriate.

See the Cisco Unified Communications Manager Administration Guide for information about the fields onthe LDAP Authentication window.

Step 5 Select Save.

Related Topics

Administration Guide version 8.6: LDAP Directory ConfigurationAdministration Guide version 9.0: LDAP directory setup

Contact SourcesIn on-premises deployments, the client requires a contact source to resolve directory look ups for userinformation. You can use the following as a contact source:

Basic Directory Integration

Basic Directory Integration (BDI) is an LDAP-based contact source.

Basic Directory IntegrationWhen using Basic Directory Integration (BDI), the client retrieves contact data from the directory service asfollows.

1 The client connects to the Cisco Unified Presence or Cisco Unified Communications Manager IM andPresence server.


Integrate with Directory SourcesAuthenticate with the Directory Server

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/8_6_1/ccmcfg/b02lddir.html

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/9_0_1/ccmcfg/CUCM_BK_CDF59AFB_00_admin-guide_chapter_01100.html

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/8_6_1/ccmcfg/b02lddir.html

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/9_0_1/ccmcfg/CUCM_BK_CDF59AFB_00_admin-guide_chapter_01100.html

2 The client gets the LDAP profile configuration section in the service profile from the Cisco UnifiedPresence or Cisco Unified Communications Manager IM and Presence server.

The service profile contains the location of Cisco Unified Communications Manager (TFTP) server.Depending on your configuration, the service profile can also contain the credentials to authenticate withthe directory.

3 The client connects to the Cisco Unified Communications Manager server.

4 The client downloads the client configuration file from the Cisco Unified CommunicationsManager server.

The client configuration file contains the location of the directory. Depending on your configuration, theclient configuration file can also contain the credentials to authenticate with the directory.

5 The client uses the directory location and the authentication credentials to connect to the directory.

Authentication with Contact SourcesBDI requires users to authenticate with the directory source to resolve contacts. You can use the followingmethods to authenticate with the contact source, in order of priority:

Specify credentials in Cisco Unified Presence or Cisco Unified Communications Manager

Specify credentials in a profile on the server. The client can then retrieve the credentials from the serverto authenticate with the directory.

This method is the most secure option for storing and transmitting credentials.


Integrate with Directory SourcesBasic Directory Integration

Set common credentials in the client configuration file

You specify a shared username and password in the client configuration file. The client can thenauthenticate with the directory server.

The client transmits and stores these credentials as plain text.

You should use only a well-known or public set of credentials. The credentialsshould also be linked to an account that has read-only permissions.

Important

Use anonymous binds

Configure the client to connect to the directory source with anonymous binds.

Related Topics

Specify LDAP Directory Configuration on Cisco Unified Presence, on page 81Specify LDAP Directory Configuration on Cisco Unified Communications Manager, on page 82Set Credentials in the Client Configuration, on page 83Use Anonymous Binds, on page 84

Specify LDAP Directory Configuration on Cisco Unified Presence

If your environment includes Cisco Unified Presence version 8.x, you can specify directory configuration inthe LDAP profile. The client can then get the directory configuration from the server to authenticate with thedirectory source.

Complete the steps to create an LDAP profile that contains authentication credentials, and then assign thatprofile to users.

Procedure

Step 1 Open the Cisco Unified Presence Administration interface.Step 2 Select Application > Cisco Unified Personal Communicator > LDAP Profile.Step 3 Select Add New.Step 4 Specify a name and optional description for the profile in the following fields:

• Name

• Description

Step 5 Specify a password that the client can use to authenticate with the LDAP server in the following fields:

• Password

• Confirm Password

Step 6 Specify the IP address of your primary and backup LDAP servers in the following fields:

• Primary LDAP Server



• Backup LDAP Server

• Backup LDAP Server

Step 7 Select Add Users to Profile and add the appropriate users to the profile.Step 8 Select Save.

Specify LDAP Directory Configuration on Cisco Unified Communications Manager

If your environment includes Cisco Unified CommunicationsManager version 9.x and higher, you can specifycredentials when you add a directory service. The client can then get the configuration from the server toauthenticate with the directory source.

Complete the steps to add a directory service, apply the directory service to the service profile, and specifythe LDAP authentication configuration for the directory service.

Procedure

Step 1 Open the Cisco Unified CM Administration interface.Step 2 Add a directory service as follows:

a) Select User Management > User Settings > UC Service.The Find and List UC Services window opens.

b) Select Add New.The UC Service Configuration window opens.

c) In the Add a UC Service section, select Directory from the UC Service Type drop-down list.d) Select Next.e) Specify details for the directory service as follows:

Product Type

Select Directory.

Name

Enter a descriptive name for the server, for example, PrimaryDirectoryServer.

Description

Enter an optional description.

Hostname/IP Address

Enter the address of the directory server in one of the following formats:

• Hostname

• IP Address

• FQDN



Port

You do not need to specify a port number. By default, the client always uses port 3268 to connectto the directory server. For this reason, any value you specify does not take effect.

Protocol Type

Select one of the following protocols from the following drop-down list:

• TCP

• UDP

• TLS

f) Select Save.

Step 3 Apply the directory service to your service profile as follows:a) Select User Management > User Settings > Service Profile.

The Find and List Service Profiles window opens.

b) Find and select your service profile.The Service Profile Configuration window opens.

c) In the Directory Profile section, select up to three services from the following drop-down lists:

• Primary

• Secondary

• Tertiary

d) Specify the credentials that the client can use to authenticate with the LDAP server in the following fields:

• Username

• Password

e) Select Save.

Set Credentials in the Client Configuration

You can set credentials in the client configuration with the following parameters:

• BDIConnectionUsername

• BDIConnectionPassword

The client transmits and stores these credentials as plain text.

You should use only a well-known or public set of credentials. The credentials should also be linked toan account that has read-only permissions.

Important



The following is an example configuration:<Directory><BDIConnectionUsername>[email protected]</BDIConnectionUsername><BDIConnectionPassword>password</BDIConnectionPassword>

</Directory>

Use Anonymous Binds

To use anonymous binds, you set the following parameters in the client configuration file:

ValueParameter

BDIDirectoryServerType

IP address

FQDN

BDIPrimaryServerName

TrueBDIEnableTLS

Searchable organizational unit (OU) in the directorytree

BDISearchBase1

Object class that your directory service uses; forexample, inetOrgPerson

BDIBaseFilter

uid or other search filterA search filter is optional.

BDIPredictiveSearchFilter

The following is an example configuration:<Directory><BDIPrimaryServerName>11.22.33.456</BDIPrimaryServerName><BDIEnableTLS>True</BDIEnableTLS><BDISearchBase1>ou=people,dc=cisco,dc=com</BDISearchBase1><BDIBaseFilter>(&(objectClass=inetOrgPerson)</BDIBaseFilter><BDIPredictiveSearchFilter>uid</BDIPredictiveSearchFilter>

</Directory>

Client Configuration for Directory IntegrationDirectory integration can be configured through Service Profiles using CiscoUnified CommunicationsManager9 or higher or with the configuration file. Use this section to learn how to configure the client for directoryintegration.

In instances where a Service Profile and the configuration file are present, settings in the Service Profiletake priority.

Note

Cisco Unified Presence 8 profiles cannot be used for directory integration.Note


Integrate with Directory SourcesClient Configuration for Directory Integration

Configure Directory Integration in a Service ProfileWith Cisco Unified Communications Manager version 9 and higher, you can provision users with serviceprofiles and deploy the _cisco-uds SRV record on your internal domain name server.

The client can then automatically discover Cisco Unified Communications Manager and retrieve the serviceprofile to get directory integration configuration.

To configure directory integration in a service profile, do the following:

Procedure

Step 1 Open the Unified CM Administration interface.Step 2 Add a directory service.

a) Select User Management > User Settings > UC Service.The Find and List UC Services window opens.

b) Select Add New.The UC Service Configuration window opens.

c) Select Directory from the UC Service Type menu and then select Next.d) Set all appropriate values for the directory service and then select Save.

Step 3 Apply the directory service to a service profile.a) Select User Management > User Settings > Service Profile.

The Find and List Service Profiles window opens.b) Select Add New.

The Service Profile Configuration window opens.c) Add the directory services to the directory profile.d) Select Save.There is no need to check Use UDS for Contact Resolution and Use Logged On User Credential boxes.

When both the directory profile and jabber-config.xml file are used at the same time, the configurationin the directory profile have the higher priority and will be used except manual sign-in and service discovery.

When manually sign in,Username and Password from the directory profile will be used to connect to LDAPserver for contact search.

For service discovery, Username, Password, Search Base, and Primary server in the directory profile willbe used to connect to LDAP server for contact search.

To make it work consistently, it is highly recommended that Username and Password in both directoryprofile and jabber-config.xml are exactly the same.

Directory Profile ParametersThe following table lists the configuration parameters you need to set in the directory profile:


Integrate with Directory SourcesConfigure Directory Integration in a Service Profile

DescriptionDirectory Service Configuration

Specifies the address of the primary directory server.

This parameter is required for manual connectionswhere the client cannot automatically discover thedirectory server.

Primary server

Lets youmanually specify a shared username that theclient can use to authenticate with the directory server.You should use this parameter only in deploymentswhere you cannot authenticate with the directoryserver using Microsoft Windows credentials.

If you must use this parameter, you should use onlya well-known or public set of credentials. Thecredentials should also be linked to an account thathas read-only permissions.

Username

Lets youmanually specify a shared password that theclient can use to authenticate with the directory server.You should use this parameter only in deploymentswhere you cannot authenticate with the directoryserver using Microsoft Windows credentials.

If you must use this parameter, you should use onlya well-known or public set of credentials. Thecredentials should also be linked to an account thathas read-only permissions.

Password

Specifies a location in the directory server fromwhichsearches begin. In other words, a search base is theroot from which the client executes a search.

By default, the client searches from the root of thedirectory tree. You can specify the value of up to threesearch bases in your OU to override the defaultbehavior.

Active Directory does not typically require a searchbase. You should specify search bases for ActiveDirectory only for specific performance requirements.

You must specify a search base for directory serversother than Active Directory to create bindings tospecific locations in the directory.

Specify an OU to restrict searches to certainuser groups.

For example, a subset of your users haveinstant messaging capabilities only. Includethose users in an OU and then specify that asa search base.

Tip

Search Base 1


Integrate with Directory SourcesConfigure Directory Integration in a Service Profile

Attribute Mappings

It is not possible to change the default attribute mappings in a service profile. If you plan to change any defaultattribute mappings, you must define the required mappings in a client configuration file.

Related Topics

Directory Server Configuration Examples, on page 97

Summary of Directory Integration Configuration ParametersThis topic lists all the parameters you can specify to configure directory integration.

The following table lists the parameters you can use for attribute mapping:Attribute Mapping Parameters

• BDITitle

• BDICompanyName

• BDIUserAccountName

• BDIDomainName

• BDILocation

• BDINickname

• BDIPostalCode

• BDICity

• BDIState

• BDIStreetAddress

• BDICommonName

• BDIDisplayName

• BDIFirstname

• BDILastname

• BDIEmailAddress

• BDISipUri

• BDIPhotoSource

• BDIBusinessPhone

• BDIMobilePhone

• BDIHomePhone

• BDIOtherPhone

The following table lists the parameters you can use to connect to a directory server:Directory Server Connection Parameters

• BDIConnectionUsername

• BDIConnectionPassword

• BDIEnableTLS

• BDILDAPServerType

• BDIPresenceDomain

• BDIPrimaryServerName

• BDIServerPort1

The following table lists the parameters you can use for contact resolution and directory queries:


Integrate with Directory SourcesSummary of Directory Integration Configuration Parameters

Contact Resolution and Directory Query Parameters

• BDIPhotoUriSubstitutionEnabled

• BDIPhotoUriSubstitutionToken

• BDIPhotoUriWithToken

• BDIUseSIPURIToResolveContacts

• BDIUriPrefix

• BDIBaseFilter

• BDIUseANR

• BDIPredictiveSearchFilter

• BDISearchBase1

Attribute Mapping ParametersThe following table describes the parameters for mapping directory attributes:

Set forAmbiguous NameResolution (ANR)by Default

Is Indexed byDefault

Exists in GlobalCatalog byDefault

Directory AttributeParameter

NoYesYescnBDICommonName

YesYesYesdisplayNameBDIDisplayName

YesYesYesgivenNameBDIFirstname

YesYesYessnBDILastname

YesYesYesmailBDIEmailAddress

YesYesYesmsRTCSIP-PrimaryUserAddressBDISipUri

NoNoNothumbnailPhotoBDIPhotoSource

NoNoYestelephoneNumberBDIBusinessPhone

NoNoYesmobileBDIMobilePhone

NoNoYeshomePhoneBDIHomePhone

NoNoYesotherTelephoneBDIOtherPhone

NoNoYestitleBDITitle

NoYesYescompanyBDICompanyName

YesYesYessAMAccountNameBDIUserAccountName

NoYesYesuserPrincipalNameBDIDomainName

NoNoYescoBDILocation

YesYesYesdisplayNameBDINickname

NoNoYespostalCodeBDIPostalCode


Integrate with Directory SourcesAttribute Mapping Parameters

Set forAmbiguous NameResolution (ANR)by Default

Is Indexed byDefault

Exists in GlobalCatalog byDefault

Directory AttributeParameter

NoYesYeslBDICity

NoYesYesstBDIState

NoNoYesstreetAddressBDIStreetAddress

Related Topics

Specify an LDAP Attribute for the User ID, on page 77

Attributes on the Directory ServerYou must index attributes on your directory server so that the client can resolve contacts.

If you use the default attribute mappings, ensure the following attributes are indexed:

• sAMAccountName

• displayName

• sn

• name

• proxyAddresses

• mail

• department

• givenName

• telephoneNumberAdditionally, ensure you index the following attributes for secondary number queries:

• otherTelephone

• mobile

• homePhone

• msRTCSIP-PrimaryUserAddressYou should index msRTCSIP-PrimaryUserAddress for intradomain federation only.

Directory Connection ParametersThe following table describes parameters for configuring your directory connection:


Integrate with Directory SourcesDirectory Connection Parameters


Specifies the type of LDAP directory server towhich the client connects.

AD

Connect to Active Directory. This is thedefault value.

OpenLDAP

Connect to OpenLDAP.

AD

OpenLDAP

BDILDAPServerType

Specifies the domain of the presence server.

The client appends this domain to the user ID tocreate an IM address. For example, a user namedAdam McKenzie has the following user ID:amckenzie. You specify example.com asthe presence server domain.

When the user logs in, the client constructs thefollowing IM address for Adam McKenzie:[email protected].

Domain of thepresence server

BDIPresenceDomain

Specifies the address of the primary directoryserver.

This parameter is required for manualconnections where the client cannotautomatically discover the directory server.

IP address

FQDN


Specifies the port for the primary directoryserver.

Port numberBDIServerPort1

Lets you manually specify a shared usernamethat the client can use to authenticate with thedirectory server.

The client transmits and stores thisusername as plain text.

Important

If you must use this parameter, you should useonly a well-known or public set of credentials.The account that you use for integration shouldhave read-only permissions to the directory.

UsernameBDIConnectionUsername


Integrate with Directory SourcesDirectory Connection Parameters


Lets you manually specify a shared passwordthat the client can use to authenticate with thedirectory server.

The client transmits and stores thispassword as plain text.

Important

If you must use this parameter, you should useonly a well-known or public set of credentials.The account that you use for integration shouldhave read-only permissions to the directory.

PasswordBDIConnectionPassword

Use TLS to secure directory connections.

true

Use TLS.

false

Do not use TLS. This is the default value.

true

false

BDIEnableTLS

Directory Query ParametersThe following table describes parameters for configuring how the client queries your directory:


Specifies a base filter for Active Directoryqueries.

Specify a directory subkey name only to retrieveobjects other than user objects when you querythe directory.

The default value is(&(objectCategory=person)).

Configuration files can contain only valid XMLcharacter entity references. Use & insteadof & if you specify a custom base filter.

Base filterBDIBaseFilter


Integrate with Directory SourcesDirectory Query Parameters


Specifies if Cisco Jabber issues a query usingAmbiguous Name Resolution (ANR) when itpeforms a predictive search.

true

Use ANR for predictive search. This isthe default value.

false

Do not use ANR for predictive search.

You should set the value to false if youintegrate with a directory source otherthan Active Directory.

Youmust configure your directoryserver to set attributes for ANR ifyou want the client to search forthose attributes.

Important

true

false

BDIUseANR

Defines filters to apply to predictive searchqueries.

You can define multiple, comma-separatedvalues to filter search queries.

This key is only used whenBDIUseANR is set to false. And ifBDIPredictiveSearchFilter is not set,the default search filter will be used.

Note

Search filterBDIPredictiveSearchFilter


Integrate with Directory SourcesDirectory Query Parameters


Specifies a location in the directory server fromwhich searches begin. In other words, a searchbase is the root from which the client executesa search.

By default, the client searches from the root ofthe directory tree. You can specify the value ofup to five search bases in your OU to overridethe default behavior.

Active Directory does not typically require asearch base. You should specify search basesfor Active Directory only for specificperformance requirements.

You must specify a search base for directoryservers other than Active Directory to createbindings to specific locations in the directory.

Specify an OU to restrict searches tocertain user groups.

For example, a subset of your users haveinstant messaging capabilities only.Include those users in an OU and thenspecify that as a search base.

Tip

Searchableorganizationalunit (OU) in thedirectory tree

BDISearchBase1

Base Filter ExamplesThe following are example base filters you can use to look up specific locations or objects.

Find only specific groups:(&(objectClass=user)(memberOf=cn=group-name,ou=Groups,dc=example,dc=com))

Find a nested group within a group:(&(objectClass=user)(memberOf:search-oid:=cn=group-name,ou=Groups,dc=example,dc=com))

Find only enabled accounts and non-administrator accounts:(&(objectCategory=person)(objectClass=user)(!(userAccountControl:search-oid:=2))(!(sAMAccountName=*_dbo))(!(sAMAccountName=*-admin)))

Contact Photo ParametersThe following table describes parameters for configuring how the client retrieves contact photos:


Integrate with Directory SourcesContact Photo Parameters


Specifies if photo URI substitution is enabled.

true

Photo URI substitution is enabled.

false

Specifies if photo URI substitution isdisabled. This is the default value.

true

false

BDIPhotoUriSubstitutionEnabled

Specifies a directory attribute to insert in thephoto URI; for example, sAMAccountName.

Directoryattribute

BDIPhotoUriSubstitutionToken

Specifies a photo URI with a directory attributeas a variable value; for example,http://staffphoto.example.com/sAMAccountName.jpg.

To configure photo URI substitution, you set thedirectory attribute as the value ofBDIPhotoUriSubstitutionToken.

The client must be able to retrievethe photos from the web serverwithout credentials.

Restriction

URIBDIPhotoUriWithToken

Contact Photo Retrieval with BDICisco Jabber retrieves and displays contact photos with the following methods:

URI substitution

Cisco Jabber dynamically builds a URL to contact photos with a directory attribute and a URL template.

To use this method, set the following values in your configuration file:

1 Specify true as the value of the BDIPhotoUriSubstitutionEnabled parameter.2 Specify a directory attribute to use as a dynamic token as the value of the BDIPhotoUriSubstitutionToken

parameter; for example,<BDIPhotoUriSubstitutionToken>sAMAccountName</BDIPhotoUriSubstitutionToken>

3 Specify the URL and the dynamic token as the value of the BDIPhotoUriWithToken parameter; forexample,<BDIPhotoUriWithToken>http://staffphoto.example.com/sAMAccountName.jpg</BDIPhotoUriWithToken>

With the example values in the preceding steps, the sAMAccountName attribute might resolve to msmithin your directory. Cisco Jabber then takes this value and replaces the token to build the following URL:http://staffphoto.example.com/msmith.jpg.



Binary objects

Cisco Jabber retrieves the binary data for the photo from your database.

To use this method to retrieve contact photos, specify the attribute that contains the binary data as the valueof the BDIPhotoSource parameter in the configuration; for example,<BDIPhotoSource>thumbnailPhoto</BDIPhotoSource>

Contact Photo Formats and DimensionsTo achieve the best result with Cisco Jabber, your contact photos should have specific formats and dimensions.Review supported formats and optimal dimensions. Learn about adjustments the client makes to contactphotos.

Contact Photo Formats

Cisco Jabber supports the following formats for contact photos in your directory:

• JPG

• PNG

• BMP

Cisco Jabber does not apply any modifications to enhance rendering for contact photos in GIF format. Asa result, contact photos in GIF format might render incorrectly or with less than optimal quality. To obtainthe best quality, you should use PNG format for your contact photos.

Important

Contact Photo Dimensions

The optimum dimensions for contact photos are 128 pixels by 128 pixels with an aspect ratio of 1:1.Tip

The following table lists the different dimensions for contact photos in Cisco Jabber:DimensionsLocation

128 pixels by 128 pixelsAudio call window

64 pixels by 64 pixelsInvitations and reminders, for example:

• Incoming call windows

• Meeting reminder windows



DimensionsLocation

32 pixels by 32 pixelsLists of contacts, for example:

• Contact lists

• Participant rosters

• Call history

• Voicemail messages

Contact Photo Adjustments

Cisco Jabber adjusts contact photos as follows:

Resizing

If contact photos in your directory are smaller or larger than 128 pixels by 128 pixels, the clientautomatically resizes the photos. For example, contact photos in your directory are 64 pixels by 64pixels.When Cisco Jabber retrieves the contact photos from your directory, it resizes the photos upwardsto 128 pixels by 128 pixels.

Resizing contact photos can result in less than optimal resolution. For thisreason, you should use contact photos that are 128 pixels by 128 pixels so thatthe client does not automatically resize them.

Tip

Cropping

Cisco Jabber automatically crops non-square contact photos to a square aspect ratio, or an aspect ratioof 1:1 where the width is the same as the height.

Portrait orientation

If contact photos in your directory have portrait orientation, the client crops 30 percent from thetop and 70 percent from the bottom.

For example, if contact photos in your directory have a width of 100 pixels and a height of 200pixels, Cisco Jabber needs to crop 100 pixels from the height to achieve an aspect ratio of 1:1.In this case, the client crops 30 pixels from the top of the photos and 70 pixels from the bottomof the photos.

Landscape orientation

If contact photos in your directory have landscape orientation, the client crops 50 percent fromeach side.

For example, if contact photos in your directory have a width of 200 pixels and a height of 100pixels, Cisco Jabber needs to crop 100 pixels from the width to achieve an aspect ratio of 1:1.In this case, the client crops 50 pixels from the right side of the photos and 50 pixels from theleft side of the photos.



Rounding

Cisco Jabber rounds the corners of contact photos after retrieving them from your directory.

Directory Server Configuration ExamplesThis section describes supported integration scenarios and provides example configurations.

Simple AuthenticationSimple authentication lets you connect to a directory server using simple binds, as in the following exampleconfiguration:<BDIEnableTLS>False</BDIEnableTLS><BDIConnectionUsername>username</BDIConnectionUsername><BDIConnectionPassword>password</BDIConnectionPassword>This configuration specifies that the client:

• Does not use SSL.

• Uses simple authentication.

• Uses custom credentials.

As a result of the simple bind, the client transmits the credentials in the payload of the bind request in plaintext.

Simple Authentication with SSLEnable SSL in directory server connections with the BDIEnableTLS parameter. You can use SSL to encryptcredentials when you use simple authentication, as in the following example configuration:<BDIEnableTLS>True</BDIEnableTLS><BDIConnectionUsername>username</BDIConnectionUsername><BDIConnectionPassword>password</BDIConnectionPassword>

This configuration specifies that the client:

• Uses SSL.

• Uses simple authentication.

• Uses custom credentials.

As a result, the client uses SSL to encrypt the credentials in the client configuration.

OpenLDAP IntegrationYou can integrate with OpenLDAP using anonymous binds or authenticated binds.

Anonymous Binds

To integrate with OpenLDAP using anonymous binds, set the following parameters:


Integrate with Directory SourcesDirectory Server Configuration Examples

ValueParameter

OpenLDAPBDILDAPServerType

IP address

Hostname


TrueBDIEnableTLS

Root of the directory service or the organizationalunit (OU)

BDISearchBase1

Unique identifier such as uid or cnBDIUserAccountName

Object class that your directory service uses; forexample, inetOrgPerson.

BDIBaseFilter

uid or other search filter(Optional) BDIPredictiveSearchFilter

The following is an example configuration:<Directory><BDILDAPServerType>OpenLDAP</BDILDAPServerType><BDIPrimaryServerName>11.22.33.456</BDIPrimaryServerName><BDIEnableTLS>True</BDIEnableTLS><BDISearchBase1>ou=people,dc=cisco,dc=com</BDISearchBase1><BDIUserAccountName>uid</BDIUserAccountName><BDIBaseFilter>(&(objectClass=inetOrgPerson)</BDIBaseFilter><BDIPredictiveSearchFilter>uid</BDIPredictiveSearchFilter>

</Directory>

Authenticated Binds

To integrate with OpenLDAP using authenticated binds, set the following parameters:ValueParameter

OpenLDAPBDILDAPServerType

IP address

Hostname


FalseBDIEnableTLS

Root of the directory service or the organizationalunit (OU)

BDISearchBase1

Unique identifier such as uid or cnBDIUserAccountName

Object class that your directory service uses; forexample, inetOrgPerson.

BDIBaseFilter

uid or other search filter(Optional) BDIPredictiveSearchFilter

UsernameBDIConnectionUsername


Integrate with Directory SourcesDirectory Server Configuration Examples

ValueParameter

PasswordBDIConnectionPassword

The following is an example configuration:<Directory><BDILDAPServerType>OpenLDAP</BDILDAPServerType><BDIPrimaryServerName>11.22.33.456</BDIPrimaryServerName><BDIEnableTLS>False</BDIEnableTLS><BDISearchBase1>ou=people,dc=cisco,dc=com</BDISearchBase1><BDIUserAccountName>uid</BDIUserAccountName><BDIBaseFilter>(&(objectClass=inetOrgPerson)</BDIBaseFilter><BDIPredictiveSearchFilter>uid</BDIPredictiveSearchFilter><BDIConnectionUsername>cn=administrator,dc=cisco,dc=com</BDIConnectionUsername><BDIConnectionPassword>password</BDIConnectionPassword>

</Directory>

FederationFederation lets Cisco Jabber users communicate with users who are provisioned on different systems and whoare using client applications other than Cisco Jabber.

Interdomain FederationInterdomain federation enables Cisco Jabber users in an enterprise domain to share availability and sendinstant messages with users in another domain.

• Cisco Jabber users must manually enter contacts from another domain.

• Cisco Jabber supports federation with the following:

◦Microsoft Office Communications Server

◦Microsoft Lync

◦IBM Sametime

◦XMPP standard-based environments such as Google Talk

◦AOL Instant Messenger

You configure interdomain federation for Cisco Jabber on Cisco Unified Presence or Cisco UnifiedCommunications Manager IM and Presence. See the appropriate server documentation for more information.

Related Topics

Integration Guide for Configuring Cisco Unified Presence Release 8.6 for Interdomain FederationInterdomain Federation for IM and Presence Service on Cisco Unified Communications


Integrate with Directory SourcesFederation

http://www.cisco.com/en/us/docs/voice_ip_comm/cups/8_6/english/integration_notes/federation/cup_8.6_interdomain_federation.html

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/9_0_1/CUP0_BK_IAAE17D8_00_integration-guide-interdomain-federation-90.html

Intradomain FederationIntradomain federation enables users within the same domain to share availability and send instant messagesbetweenCiscoUnified Presence andMicrosoft Office Communications Server,Microsoft Live CommunicationsServer, or other presence server.

Intradomain federation allows you tomigrate users to CiscoUnified Presence or CiscoUnified CommunicationsIM and Presence from a different presence server. For this reason, you configure intradomain federation forCisco Jabber on the presence server. See the following documents for more information:

• Cisco Unified Presence: Integration Guide for Configuring Partitioned Intradomain Federation forCisco Unified Presence Release 8.6 and Microsoft LCS/OCS

• Cisco Unified Communications IM and Presence: Partitioned Intradomain Federation for IM andPresence Service on Cisco Unified Communications Manager

Configure Intradomain FederationIn addition to configuring intradomain federation on the presence server, you might need to specify someconfiguration settings in the Cisco Jabber configuration files.

To resolve contacts during contact search or retrieve contact information from your directory, Cisco Jabberrequires the contact ID for each user. Cisco Unified Presence uses a specific format for resolving contactinformation that does not always match the format on other presence servers such as Microsoft OfficeCommunications Server or Microsoft Live Communications Server.

Procedure

Step 1 Set the value of the BDIUseSIPURIToResolveContacts parameter to true.Step 2 Specify an attribute that contains the contact ID that Cisco Jabber uses to retrieve contact information as the

value of the BDISipUri parameter. The default value is msRTCSIP-PrimaryUserAddress.Step 3 Specify any text that prefixes each contact ID as the value of the BDIUriPrefix parameter.

The prefix is any text that exists before the username in the contact ID.

For example, you specifymsRTCSIP-PrimaryUserAddress as the value of BDISipUri. In your directorythe value of msRTCSIP-PrimaryUserAddress for each user has the following format:sip:username@domain.

The following XML snippet provides an example of the resulting configuration:<Directory><BDIUseSIPURIToResolveContacts>true</BDIUseSIPURIToResolveContacts><BDISipUri>non-default-attribute</BDISipUri><BDIUriPrefix>sip:</BDIUriPrefix>

</Directory>

Intradomain Federation ExampleThis topic provides an example of intradomain federation contact resolution using the BDISipUri,BDIUseSIPURIToResolveContacts, and BDIUriPrefix parameters.


Integrate with Directory SourcesIntradomain Federation

In this example, your configuration has the following settings:

• The value of the BDISipUri parameter is msRTCSIP-PrimaryUserAddress.

• The value of the BDIUseSIPURIToResolveContacts parameter is true.

• The value of the BDIUriPrefix parameter is sip:.

• The directory contains sip:[email protected] as the value of themsRTCSIP-PrimaryUserAddress attribute for a user named Mary Smith.

Cisco Jabber connects to your directory to resolve contact information

1 Your presence server passes [email protected] to Cisco Jabber.

2 Cisco Jabber appends sip: to [email protected] and then queries your directory.

3 sip:[email protected] matches the value of the msRTCSIP-PrimaryUserAddressattribute.

4 Cisco Jabber retrieves contact information for Mary Smith.

Cisco Jabber users search for Mary Smith

Cisco Jabber removes the prefix of sip: from sip:[email protected] and gets the contact IDof [email protected].





C H A P T E R 8Troubleshooting

• Obtain Logs from Cisco Jabber, page 103

• Obtain Logs from Cisco AnyConnect Secure Mobility Client, page 104

• Troubleshooting Tips, page 104

Obtain Logs from Cisco JabberHave the user follow this procedure to send you logs from Cisco Jabber.

Before You Begin

• Ask the user to verify that an email application is set up on the device.

• Ensure that you send the user the email address for problem reports.

Procedure

Step 1 If you cannot sign in to Cisco Jabber, tap the Send Problem Report link in the error message.Step 2 If you can sign in to Cisco Jabber, go to the navigation drawer and tap Settings.Step 3 Under Help, tap Problem Reporting.Step 4 If you have a problem and you can reproduce it, turn on theDetailed Logging setting and reproduce the issue,

noting the time that the problem occurred.Step 5 Tap Send Problem Report.

Your Email application launches with a new message that contains a prepopulated subject line and attachedlog files.

Step 6 Enter a description of the problem in the body of the email message and send it to your system administrator.Include the approximate time when the problemoccurred.

Tip


What to Do Next

After the user sends the problem report, the Detailed Logging setting is no longer needed. Be sure that theuser turns off Detailed Logging after reproducing the issue to prevent excessive battery use.

Obtain Logs from Cisco AnyConnect Secure Mobility ClientHave the user follow this procedure to send you logs from Cisco AnyConnect Secure Mobility Client.

1 From to the Cisco AnyConnect Secure Mobility Client home screen, tap Diagnostics.

2 Turn on Debug Logs.

3 Try to reproduce the problem to capture the details in the logs.

4 Tap Email Logs.

5 Describe the problem.

6 Tap Send.

Troubleshooting Tips

Setup Issues

Cannot sign in Cisco Jabber when using Cisco Unified Presence serverProblem User cannot sign in Cisco Jabber when using Cisco Unified Presence as the presence server.

Solution Make sure you configure xmpp server Name to IP address or FQDN rather than host name underSystem >Cluster Topology >Node Configuration on Cisco Unified Presence server version 9.0 and earlier.

Cisco Jabber Registration FailsProblem Cisco Jabber registration fails or times out.

Solution The following list describes different possible causes for and solutions to registration failure or timeoutconditions:

• Have the user check the troubleshooting tips in the Cisco Jabber for iPhone and iPad User Guide foryour release.

• Verify that the mobile device can reach Cisco Unified Communications Manager. To verify, use thebrowser on the mobile device to try to connect to the Cisco Unified CM Administration interface.

• If registration is rejected with error 503, go to the TCT/TAB device page in Cisco Jabber for iPhone andiPad and select Reset, and then try again.

• Make sure your DNS server can resolve the hostname of the Cisco Unified Communications Managerserver that is used as the TFTP server address.


TroubleshootingObtain Logs from Cisco AnyConnect Secure Mobility Client

• Registration failure with the error message “failed to get device configuration” can indicate that you didnot reboot all Cisco Unified Communications Manager servers in the cluster after you installed thedevice COP file. Make sure you reboot all Cisco Unified Communications Manager servers after youinstall the device COP file.

• Make sure you have enough licenses to accommodate your deployment.

• If you use Cisco Unified Communications Manager 9.1(2) or lower, make sure you checked the EnableCisco Unified Mobile Communicator check box on the device page for the user. For more information,see the Set Up Dial Via Office for Each Device topic in the Server Setup Guide for your release.

• If you are attempting to connect over VPN:

◦Verify that the mobile device can reach internal resources independently of Cisco Jabber. Tryaccessing an intranet web page or other resource behind the firewall.

◦If your Cisco Jabber deployment includes Directory Services, try accessing the directory fromwithin Cisco Jabber.

◦If the mobile device cannot connect over VPN, contact the provider of your VPN technology forassistance.

• Make sure that you specified the organization's top level domain. InCisco Unified CMAdministrationinterface, select System > Enterprise Parameters. Under the Clusterwide Domain Configurationsection, check that you entered the organization top domain name (for example, cisco.com).

Related Topics

Cisco Jabber for iPhone and iPad End-User GuidesServer Setup Guide

Device Icon Is MissingProblem The device icon does not appear in the Cisco Unified CM Administration interface.

Solution Try the following:

1 Restart the Tomcat service.2 Reload the device page in your browser.3 Clear the browser cache if necessary.4 If the problem is not resolved, restart the Cisco Unified Communications Manager server.

Upgrade Issues

Directory Search Does Not Work After UpgradeProblem After users upgrade the client from an earlier release to this release, the directory search does notwork.

Solution If you have an on-premises deployment, check that you uploaded thejabber-config.xml fileto the Cisco Unified Communications Manager and restarted the TFTP service.


TroubleshootingUpgrade Issues



To verify that the configuration file is available on your TFTP server, open the configuration file in anybrowser. Typically, you can access the global configuration file at the following URL:http://tftp_server_address:6970/jabber-config.xml.

Related Topics

Configure the Client, on page 57

Device Issues

Cannot sign in Cisco Jabber when using Cisco Unified Presence serverProblem User cannot sign in Cisco Jabber when using Cisco Unified Presence as the presence server.

Solution Make sure you configure xmpp server Name to IP address or FQDN rather than host name underSystem >Cluster Topology >Node Configuration on Cisco Unified Presence server version 9.0 and earlier.

Cannot Receive Calls in Cisco JabberProblem An incoming call arrives briefly in Cisco Jabber while it is running, but then the call is terminatedand diverted to the native mobile phone number using Mobile Connect instead.

Solution In Cisco Unified Communications Manager, set the SIP Dual Mode Alert Timer as described in theIncrease SIP Dual Mode Alert Timer Value topic in the Server Setup Guide.

Problem After Cisco Jabber is idle for a few minutes, incoming VoIP calls are sent directly to voicemail andare displayed as missed calls.

Solution In Cisco Unified Communications Manager, ensure that the SIP Dual Mode Alert Timer is set asdescribed in the Increase SIP Dual Mode Alert Timer Value topic in the Server Setup Guide.

Problem Cisco Jabber for iPhone and iPad users who have a PIN on the device cannot answer calls beforethe calls go to voicemail.

Solution Increase the value of the NoAnswer RingDuration (seconds) setting to ensure that users have enoughtime to enter the PIN and answer the call before the call goes to voicemail.

To change the No Answer Ring Duration (seconds) setting, go to the DN of the TCT/TAB device, and locatethe setting under the Call Forward and Call Pickup Settings section.

If you increase the No Answer Ring Duration (seconds) setting, see related cautions for this setting in theonline help in Cisco Unified Communications Manager.

Note

Related Topics

Server Setup Guide

Calls Incorrectly Sent to VoicemailProblem Calls are routed directly to voicemail.


TroubleshootingDevice Issues


Solution In Cisco Unified Communications Manager, modify the call timer values on the Mobility Identitypage. For more information, see the Add Mobility Identity topic in the Server Setup Guide for your release.

Problem After Cisco Jabber is idle for a few minutes, incoming VoIP calls are sent directly to voicemail andare displayed as missed calls.

Solution In Cisco Unified Communications Manager, ensure that the SIP Dual Mode Alert Timer is set asdescribed in the Increase SIP Dual Mode Alert Timer Value topic in the Server Setup Guide for your release.

Related Topics

Server Setup Guide

Cannot Move Calls from Mobile Network to Cisco JabberProblem User is unable to transfer a call from the mobile network to Cisco Jabber.

Solution Users can transfer calls to the mobile network from Cisco Jabber, but not in the other direction.

Cannot Send VoIP Calls to Mobile DeviceProblem User cannot send an active VoIP call from Cisco Jabber to the mobile phone number.

Solution Try one of the following:

• If you used the Mobility Softkey method for transferring VoIP calls to the mobile device, check thatyou set up the Mobility Identity for the user. If so, check that the Mobility Identity number is the correctnumber and you are able to dial that number as entered from the client. See the Enable Active CallTransfer from VoIP to Mobile Network topic in the Server Setup Guide for your release.

• If you used the Handoff DN method for transferring VoIP calls to the mobile device, check that you setit up correctly. See the Set Up Handoff DN topic in the Server Setup Guide for your release.

• Check that Mobile Connect works by exiting the client and dialing the extension. If you hear a fast busysignal, make sure you entered the Mobility Identity phone number in a routable format.

Related Topics

Server Setup Guide

Cannot Merge Audio for CallsProblem User cannot merge the audio for two active VoIP calls.

Solution Ensure that the Media Resource Group List is set on the user's device page. For more information,see the Create TCT/TAB Software Phone Devices topic in the Server Setup Guide for your release.

Related Topics

Server Setup Guide

Cannot Start Video ConferencesProblem Users cannot start a video conference call from within the client.


TroubleshootingDevice Issues




Solution Verify that the Multipoint Control Unit (MCU) settings are set up properly on the Cisco UnifiedCommunicationsManager. For more information, see theConference Bridge setup chapter in theCisco UnifiedCommunications Manager Administration Guide for your release.

Related Topics

Cisco Unified Communications Manager Administration Guide

Voice Quality IssuesProblem Voice quality is poor.

Solution Voice quality cannot be guaranteed because of variable network conditions. Because network issuesoutside your enterprise are neither under the control of nor specific to the client, the Cisco Technical AssistanceCenter (TAC) does not troubleshoot these issues.

However:

• For actions the user can take, see the Troubleshoot chapter of theUser Guide for Cisco Jabber for iPhoneand iPad for your release.

• For general information about optimizing your corporate Wi-Fi network for voice transmission, see theNetwork Requirements section of the Release Notes for your release of Cisco Jabber for iPhone andiPad.

Related Topics

Cisco Jabber for iPhone and iPad End-User GuidesCisco Jabber for iPhone and iPad Release Notes

Battery Drains Faster with Cisco JabberProblem The device battery seems to drain more quickly when using the client.

Solution Ask the user to check the following:

• Detailed Logging: Enable this option only if you are collecting troubleshooting logs to resolve problemswith the client. Keep it disabled otherwise. In the client, tap Settings > Problem Reporting. Tap theDetailed Logging switch to turn it off.

•Weak Wi-Fi connection: A weak Wi-Fi connection can affect the battery life. Ask the user to move toa location with a stronger network signal.

• VPN use: Prolonged VPN use can affect the battery life.

Search Issues

No Directory SearchProblem Directory search is not available.

Solution If you have an on-premises deployment, check the following:


TroubleshootingSearch Issues

http://www.cisco.com/en/US/products/sw/voicesw/ps556/prod_maintenance_guides_list.html



• Ensure that you uploaded the jabber-config.xml file to the Cisco Unified CommunicationsManager and restarted the TFTP service. Typically, you can access the global configuration file at thefollowing URL: http://tftp_server_address:6970/jabber-config.xml. For moreinformation, see the Configure the Client chapter in this guide.

• Ensure that you did not rename the jabber-config.xml file. The client does not support jabber-config.xmlfiles with a different name.

• If you upgrade the Cisco Unified Communications Manager in an on-premises deployment, ensure thatyou re-apply the jabber-config.xml file.

• Verify that your directory configuration parameters are set up correctly in your global configuration file.For more information, see the Integrate with Directory Sources chapter.

Related Topics

Configure the Client, on page 57Integrate with Directory Sources, on page 75

Incorrect or Missing Caller IdentificationProblem Some callers are not identified correctly.

Solution Consider the following:

•When you add users or change user information in Microsoft Active Directory, correct identification ofcallers in Recents or Voicemail in the client can take up to 24 hours. This delayminimizes synchronizationactivity that can affect performance.

• If a number does not match a contact using Directory Lookup Rules, the client displays the phone numberas passed by Cisco Unified Communications Manager, unmodified by any Directory Lookup Rules.

• If you made changes to the Directory Lookup Rules, make sure you ran the designated COP file to makethose changes available to the client, and then restarted the TFTP service.

Voicemail Issues

Cannot Connect to Voicemail ServerProblem User repeatedly receives “Invalid credentials” error when attempting to access voicemail.Solution Check the voicemail server to determine if the user account is locked because the user made toomany incorrect attempts to sign in.

Voicemail Prompt is TruncatedProblem The first few seconds of voicemail prompts are truncated.

The start of the audio that prompts users to leave voice messages can be truncated in some instances. Theresult of the truncation is that users do not hear the first second or two of the voicemail prompt.


TroubleshootingVoicemail Issues

Solution To resolve this issue, set a value for the Delay After Answer field in the Cisco Unity Connectionadvanced telephony integration settings. See the Edit Advanced Settings section of the Interface ReferenceGuide for Cisco Unity Connection Administration.

Related Topics

Interface Reference Guide for Cisco Unity Connection Administration Release 8.x

Cisco AnyConnect Issues

Certificate Authentication FailureProblem Cisco AnyConnect Secure Mobility Client cannot authenticate with the Cisco Adaptive SecurityAppliance using a certificate.

Solution Verify the following:

• The certificate is still valid and the CA server has not revoked the certificate.

• You set the correct VPN connection profile for authentication.

• You set the Key Usage setting of the certificate to TLS Web Client Authentication.

Related Topics

Set Up Certificate-Based Authentication, on page 28

SCEP Enrollment FailureProblem Cisco AnyConnect Secure Mobility Client cannot enroll for a certificate using SCEP.

Solution Verify the following:

• The CA server is set up to automatically grant the certificate.

• The Clock skew between the Cisco Adaptive Security Appliance and CA server is less than 30 seconds.

• The CA server enrollment URL is reachable over the VPN tunnel.

• The Automatic SCEPHost value in the VPN client profile matches theGroup-Alias of the connectionprofile. For example, if the Group Alias is set as certenroll and the Cisco Adaptive Security Applianceaddress is asa.example.com, you need to set the SCEP Automatic Host as asa.example.com/certenroll.

• You enabled the ssl certificate-authentication interface outside port 443 command on the CiscoAdaptive Security Appliance.

Issues Launching Cisco AnyConnect Secure Mobility ClientProblem Cisco Jabber does not auto-launch the Cisco AnyConnect Secure Mobility Client on iOS devices.


• Ensure that the On-Demand VPNURL is configured inside the Cisco Unified CommunicationsManagerfor the device.


TroubleshootingCisco AnyConnect Issues

http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/gui_reference/guide/8xcucgrg120.html#wp1056978

• Ensure that the On-Demand domain list in the AnyConnect profile includes the On-Demand VPNURL.

• Check whether the user selected the Connect If Needed option. In some cases, Cisco Jabber users mayhave issues when using the Connect If Needed option. For example, if the hostname for the Cisco UnifiedCommunications Manager is resolvable outside the corporate network, iOS will not trigger a VPNconnection. The user can work around this issue by manually launching the Cisco AnyConnect SecureMobility Client before making a call.

Dial via Office Issues

Dial via Office Calls End UnexpectedlyProblem After the user places a DVO call and presses any number on the keypad, the call ends without anotification. This problem can occur if you enable DVO and user-controlled Voicemail Avoidance, and theperson that the user calls has a busy line and did not set up voicemail on the deskphone.


• Ask the user to call again later.

• Set up the end user with timer-based voicemail avoidance instead of user-controlled voicemail avoidance.For more information, see the Set Up Voicemail Avoidance chapter in the Server Setup Guide for yourrelease.

Related Topics

Server Setup Guide

Dial via Office Calls Cannot ConnectProblem The user sets the Cisco Jabber calling option to “Always use DVO” or “Auto-select”, but when theuser tries to make a DVO call, the call does not connect.

Solution Check the following:

• Check whether you enabled DVO on an unsupported release of Cisco Unified CommunicationsManager.If you enable DVO on an unsupported release of Cisco Unified Communications Manager, the end usersees the DVO calling options and can attempt to make a DVO call, but the calls cannot connect.

• Check whether the user installed the client on multiple devices. If the user installs the client on a seconddevice, and the mobility identity number is configured for the first mobile device, then the user will notsee the incoming DVO-R call on the second device.

Dial via Office Calls Placed From Voicemail or Alternate NumberProblem People receive calls from the user's voicemail system or alternate phone number.


• Checkwhether the user set up the DVOCallbackNumber with an alternate number. An alternate numberis any phone number that the user enters in the DVO Callback Number field on the client that does not


TroubleshootingDial via Office Issues


match the phone number that you set up on the user's Mobility Identity in Cisco Unified CommunicationsManager.If so, you can resolve this issue by setting up the trunk Calling Search Space (CSS) to route to destinationof the alternate phone number. For more information, see the EnableMobile Connect or Set Up EnterpriseFeature Access Number topics in the in the Server Setup Guide for your release.

• Ask users to verify if their mobile voice connection was weak when they placed the Dial via Office call.To prevent further issues, tell users to ensure that they have a strong mobile voice connection beforethey place Dial via Office calls.

Problem Users cannot place outgoing DVO-R calls when using an alternate callback number.

Solution Ensure that the partition for the alternate callback number is in the outgoing trunk CSS (CallingSearch Space). For more information, see the Enable Mobile Connect or Set Up Enterprise Feature AccessNumber topics in the in the Server Setup Guide for your release.

Related Topics

Server Setup Guide

Problems with DVO CallbackProblem After the user places a DVO-R call, the callback does not reach the mobile device, or it shows upbriefly and goes away before the user can answer it. If Mobile Connect is set up for the user, the user mayreceive a Mobile Connect call.

Solution In Cisco Unified Communications Manager, increase the SIP Dual Mode Alert Timer to 5000milliseconds. If the user still experiences this issue, you can further increase this setting in increments of 500milliseconds, to a maximum of 10 000 milliseconds. For details about how to increase the SIP Dual ModeAlert Timer Value, see the Increase SIP Dual Mode Alert Timer Value topic in the Server Setup Guide.

Related Topics

Server Setup Guide


TroubleshootingDial via Office Issues



Documents

Cisco Jabber for iPhone and iPad 9.6 Installation and … · Cisco Jabber for iPhone and iPad 9.6 Installation and Configuration Guide First Published: January13,2014 Americas Headquarters