Jabber video for TelePresence, VCS-E connection issue

Answered Question
Feb 12th, 2013

Hi,

I have recently configured VCS-Control, VCS-Expressway and TMS. Both VCS servers are on X7.2 software and TMS is on 14.1.1, provisioning is configured between the VCS-Control and TMS, everything internally works OK and users can log into their Jabber video for TelePresence client.

When attempting to connect via the VCS-Expressway i am recieving the following issue: "Connection rejected by server. Try logging in again later"

Zone authentication is configured like this:

VCS-Expressway

Default Subzone: Do not check credentials

Sefault Zone: Do not check credentials

Traversal Zone: Do not check credentials

VCS-Control

Default Subzone: Treat as Authenticated

Default Zone: Check Credentials

Subzone: Check Credentials {zone which movi users register to based on regex}

Traversal Zone: Do not check credentials

Search rules between the two VCS's match {username}.{device.model}@domain OK.

The only port restrictions in place here are between the VCS-Control and VCS-Expressway, outbound ports opened towards expressway for ASSENT.

It appears to me that this is a connection issue, as opposed to an authentication issue. also, do i need to configure a local SIP domain on the VCS-Expressway even though i am attempting to proxy the registrations to the VCS-Control.

Would be appreciated if someone can check my zone authentication also...

Thanks,

I have this problem too.
0 votes
Correct Answer by awinter2 about 2 years 3 months ago

Simon,

for this to work, you would normally configure the traversal zone on VCS-C as 'Check credentials'.

If you are looking to proxy registrations from VCS-E to VCS-C, you should not add the SIP domain to the VCS-E.

'Connection rejected by server' sounds strange in this case however, would you mind sharing what SIP domain you are using for this deployment, so that we can verify that your DNS SRV records are looking good?

- Andreas

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (1 ratings)
Correct Answer
awinter2 Tue, 02/12/2013 - 03:04

Simon,

for this to work, you would normally configure the traversal zone on VCS-C as 'Check credentials'.

If you are looking to proxy registrations from VCS-E to VCS-C, you should not add the SIP domain to the VCS-E.

'Connection rejected by server' sounds strange in this case however, would you mind sharing what SIP domain you are using for this deployment, so that we can verify that your DNS SRV records are looking good?

- Andreas

Simon Battye Tue, 02/12/2013 - 03:15

Andreas,

Please see records below:

SRV_h323cs._tcp.domain.com.21599INSRV1 0 1720 vcs-expressway IP.
SRV_sips._tcp.domain.com.21599INSRV1 0 5061 vcs-expressway IP.
SRV_sip._tcp.domain.com.21599INSRV1 0 5060 vcs-expressway IP.
SRV_sip._udp.domain.com.21599INSRV1 0 5060 vcs-expressway IP.


I've blanked the actual domain and hostname/IP address but i can confirm they are resolving to the correct location.

It looks like im missing:

_h323ls.

_h323rs.

_sips._tls.

_sip.tls.

Thanks,

awinter2 Tue, 02/12/2013 - 03:57

You strictly only need _sips._tcp and _sip._tcp for SIP, _sips._tls and _sip._tls is not used by anything which will potentially communicate with the VCS Expressway.

The next step for troubleshooting this now that you have verified that your SRV records are in place (Plus that your Traversal Client zone on VCS-C is set for 'Check credentials') would be to capture a diagnostics log on both VCS-E and VCS-C (With Network log level set to DEBUG) while attempting to sign in with Jabber Video.

In the diagnostics log from VCS-E, you should see the Jabber Video client connecting to port 5061 of the VCS-E and send a SIP SUBSCRIBE request, which the VCS-E should proxy to VCS-C, which in turn shall respond to this SUBSCRIBE with '407 Proxy authentication required'. Depending on whether or not you use NTLM authentication for this client, Jabber Video should then send one or two new SUBSCRIBE request(s) followed by another 407 response, upon the SUBSCRIBE should ultimately get a 200 OK response followed by a SIP NOTIFY request being sent from the VCS-C to VCS-E and finally to your Jabber Video client. This NOTIFY should then contain the provisioning configuration for this JV client.

- Andreas

Simon Battye Wed, 02/13/2013 - 01:52

Andreas,

Thanks for your assistance - took the logs and couldn't see any of the SIP messages hitting the VCS-Expressway, turns out the ISP was ports for some reason.

All resolved now.

Thanks, Simon

Actions

Login or Register to take actions

This Discussion

Posted February 12, 2013 at 3:00 AM
Stats:
Replies:4 Overall Rating:
Views:1481 Votes:0
Shares:0

Related Content