Best practices for using the Instant Messaging redirect server as well as troubleshooting information are described in the following sections:
In a deployment that uses certificates for secure authentication, clients may be prompted to accept two certificates every time they connect; one for the redirect server and one for the host to which the client is redirected. To avoid this, use a trusted certificate or the same certificate on both servers.
Redirect will not work for clients that do not support RFC 3920 and the see-other-hosts stream error (XMPP redirect) in particular. You can use Instant Messenger 2006Q1 or later with the redirect server. If you use a third party client, ensure that the client that supports XMPP redirection.
If you are using LDAP to store user properties, that is the iim.userprops.store=ldap, you need to ensure that the values for iim_ldap.usergroupbinddn and iim_ldap.usergroupbindcred have Directory Manager level access to the directory.
The partition size should be as large as possible to avoid having to split user networks wherever possible. However, partitions should also not be larger than that which the smallest system can support.
It is possible for a redirect server to also host one or more partitions. You do this by listing the redirect server instance in the redirect.partitions file or as a value for the iim_server.redirect.to parameter. However, you should not make more than one redirect server a partition host because unsynchronized redirect.partitions files may cause redirection loops.