Cisco Telepresence Movi - Unable to connect to server

Answered Question
Mar 6th, 2012

I have the Cisco TelePresence VCS Starter Pack version 7.0.1.  This is a single NIC option and is configured on a public IP with no firewall and no NAT.  It is accessible through the public IP.  I believe that I have just about everything setup correctly as I am able to register my h.323 devices to the unit and make outgoing calls.  I have not attempted to receive a call, but that step is later in my process.

My current issue is attempting to register a MOVI or JABBER client.  I have setup users in the VCS with Movi device accessibility.  I have also configured the user in my allow list with the same username and password.  I have installed Movi and Jabber (2 separate computers) and configured them to point to the FQDN of my VCS in both the Internal and External VCS settings, and I have my SIP domain listed as well.  When I click sign in, I get the message Login failed, Unable to connect to server.  I know that I am communicating with the VCS, because if I put in the incorrect username or password, I get a incorrect username/password message instead.  I say this because there is no record ov my communication attempt on the VCS in any of the logs, even with the logging set to 4.  During the login attempt, I do see that the correct IP address is being attempted, so this is not a DNS issue.  TCP, TLS and the proper ports are listed as on in the SIP conifguration.

My only guess now is that there is some dialing rule or zone rule or something that is not found in the hundreds of pages of documentation that I have read over the past 2 days that I am missing.  Please help.

Thanks,

I have this problem too.
0 votes
Correct Answer by odallokk about 2 years 1 month ago

Hi Donald

I have had a quick look at your config, and you have a transform that will prevent provisioning requests. This transform will strip off the SIP domain of request to the provisioning server, and thus this will fail.

I can see that some of your search rules may re-append the domain, but before I look closer into that, I would recommend you to disable this transform and give it another try.

*c xConfiguration Transform 1 Description: ""

*c xConfiguration Transform 1 State: Enabled

*c xConfiguration Transform 1 Priority: 1

*c xConfiguration Transform 1 Pattern String: "(.+)@sipdomain.*"

*c xConfiguration Transform 1 Pattern Type: Regex

*c xConfiguration Transform 1 Pattern Behavior: Replace

*c xConfiguration Transform 1 Pattern Replace: "/1

Regards

Ola Dallokken

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
odallokk Tue, 03/06/2012 - 13:36

Hi Donald

Could you verify that your 'Default Zone' has the authentication setting 'Check Credentials', and that user credentials are created in the local database for the user accounts?

The provisioning request from the Movi/Jabber client needs to be authenticated in order to be provisioned.

Regards,

Ola E. Dallokken

budveltman1 Tue, 03/06/2012 - 13:43

Default Zone has the authentication setting as "Check Credentials".  User credentials are created and I can confirm this because if I put the incorrect username or password in the Movi client, I get a different error message stating that my username or password or SIP domain are incorrect.  When the user credentials are correct in the Movi client, I simply get the error Login failed, Unable to connect to server.

odallokk Tue, 03/06/2012 - 13:59

OK,

I would recommend you to open a TAC case for this issue since this may include some more extensive troubleshooting, but I can have a quick look at your configuration if you could send me the xconf and xstat from the VCS in a private message?

To obtain the logs, please do the following:

1. SSH to the VCS, log in as admin.

2. Execute the following (make sure to log the session output to a file, by using Putty for instance)

xconf

xstat

regards

Ola E. Dallokken

aljaiswa Tue, 03/06/2012 - 23:42

Hi Donald,

Can you force the MOVI or Jabber client to use the TCP and check the login.

Its very important to check if you have  a firewall with SIP packet inspection ON?

Thanks

Alok

zekimmel Tue, 07/16/2013 - 15:51

THANK YOU and THANK YOU Olla

I wish I would have found you sooner - the check credentials for my default zone as per your answer and all my problems were solved. Two days of banging my head against the wall.

THANK YOU

Zeecil

awinter2 Wed, 03/07/2012 - 01:19

Donald,

have you made sure to configure a cluster name on the VCS, and verified that your Movi client PC is able to resolve this cluster name FQDN to the IP address of the VCS, for example via nslookup?

Regards

Andreas

budveltman1 Wed, 03/07/2012 - 05:34

Andreas,

When I click sign in and the Internal and External servers are populated with the FQDN of the cluster, the correct IP address appears briefly on the client as it shows the status of the connection attempt.  Therefore, I believe that the A record is setup and correct.  I am abe to log into the unit using the cluster FQDN as this unit is completely outside of our firewall and I have to log in with the public IP address.

I also have the following SRV records.  Maybe I am missing something here?

_h323cs._tcp.sipdomain, pri low, weight 0, port 1720, target=cluster A record

_h323ls._udp.sipdomain, pri low, wegith 0, port 1719, target=cluster A record

_sip._tcp.sipdomain, pri low, weight 0, port 5060, target=cluster A record

_sip._udp.sipdomain, pri low, weight 0, port 5060, target=cluster A record

_sips._tcp.sipdomain, pri low, weight 0, port 5061, target=cluster A record

Please also note that I am able to dial between hardware devices in our office.  This is only an issue with the Movi client or possibly with the SIP protocol as the hardware devices are configured to use h.323.

Correct Answer
odallokk Wed, 03/07/2012 - 06:16

Hi Donald

I have had a quick look at your config, and you have a transform that will prevent provisioning requests. This transform will strip off the SIP domain of request to the provisioning server, and thus this will fail.

I can see that some of your search rules may re-append the domain, but before I look closer into that, I would recommend you to disable this transform and give it another try.

*c xConfiguration Transform 1 Description: ""

*c xConfiguration Transform 1 State: Enabled

*c xConfiguration Transform 1 Priority: 1

*c xConfiguration Transform 1 Pattern String: "(.+)@sipdomain.*"

*c xConfiguration Transform 1 Pattern Type: Regex

*c xConfiguration Transform 1 Pattern Behavior: Replace

*c xConfiguration Transform 1 Pattern Replace: "/1

Regards

Ola Dallokken

budveltman1 Wed, 03/07/2012 - 06:49

Finally some progress.  I have disabled the rule mentioned above and I am now getting the error message Login failed due to registration failure.  I can also see the connection attempts in the Event log for the first time.  My user is setup as follows:

Username bud.veltman

Display Name Bud Veltman

FindMe ID bud.veltman@sipdomain

Movi Device On URI bud.veltman.movi@sipdomain

Ex90 Device on URI bud.veltman.ex90@sipdomain

Registration allow list - bud.veltman

Local Authentication Database - bud.veltman with same password

Default Zone - Check Credentials

Default Subzone - Allow - Do not check Credentials - Have tried Treat as authenticated and Check Credentials

What am I missing?

budveltman1 Wed, 03/07/2012 - 07:22

I got it.  I am connected.  My Registration Allow was set to exact and I changed the setting to Prefix.  Thanks for everyone's help.

Actions

Login or Register to take actions

This Discussion

Posted March 6, 2012 at 8:53 AM
Stats:
Replies:10 Avg. Rating:5
Views:5867 Votes:0
Shares:0
Categories: Jabber for Windows
+

Related Content

Discussions Leaderboard