cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6348
Views
5
Helpful
13
Replies

Jabber MRA login failed

gpsriramdc
Level 4
Level 4

Hi ,

This is new deployment. Jabber couldn't login from Internet using MRA.  During the login process it's able to get the certificate from EDGE.

Problem occurred during the authentication process. Client shown the error as" Can't communicate with Server". Expressway sending the the 503 Service unavailable to Client.

Expressway Version: 8.7

Event Log:

 Event="Sending HTTP error response" Status="503" Reason="Service Unavailable" Dst-ip="94.76.48.253" Dst-port="31932" UTCTime="2016-07-14 06:37:05,469"
Event="oauthcb" Detail="SSO access denied" Reason="SSO Disabled" Src-ip="94.76.48.253" Src-port="31932" UTCTime="2016-07-14 06:37:05,468"

Expressway logs for Error

 ThreadID="139917890758400" Module="cm-1.XXXXXXXXX" Level="INFO " CodeLocation="SASLManager.cpp:198" Detail="Failed to query auth component for SASL mechanisms"

I have already tried with restarting the XCP Router service in IM&P Server but no luck 

Thanks in Advance !!!

13 Replies 13

Suresh Hudda
VIP Alumni
VIP Alumni

Is jabber working properly from internal network ?

For above error in expressway try below:

From Expressway-C, go to Configuration > Unified Communications > IM&P Servers. Select the check box next to each IM&P server and click Refresh servers.

Note: If this does not fix the issue, the XCP Router on the IM&P server also must be restarted.

http://www.cisco.com/c/en/us/support/docs/unified-communications/expressway/118798-technote-cucm-00.html

Suresh

Hi Suresh,

I have tried this already but no luck.

Thanks

Okay, are all required ports opened at firewall?

Are all zone showing registered in Exp c&e ?

Is NAT reflection is configured on firewall ?

If all okay then can you attach diagnostic logs (take tcpdump while logging) from Exp c&e ?

Suresh

Hi Suresh,

All the require ports are opened in firewall. 

UC SSH Tunnel and Traversal Zones are active. This is Dual NIC deployment ( NAT Enabled in Expressway-E). Please find the attached log.

Thanks in Advance

Just I have checked attached logs but they are not fully captured, as per logs I can see couple of issues here.

1.  TraversalClient Peer 1 Address is not set properly on Exp-C, it should point to public IP address of Exp-E. Can you attach snap shot traversal client zone of Exp-C (specially where peer address is mentioned, at bottom of the page)

2. I'm not able to discover _collab-edge._tls.JUFEXWYE01.cio.gov.bh SRV from public network, have you set SRV & A records correctly at public DNS ?

3. As I have asked earlier, have you configured NAT reflection at firewall ?

Suresh

Hi Suresh,

Thanks for your efforts.

1) In this deployment , we have dual NIC in Expressway -E. 1 NIC will communicate with Expressway - C another NIC will communicate with internet.

I hope in this scenario, no need to point the Public IP in traversal Zone and NAT Reflection

2) _collab-edge srv record configured properly. Jabber client able to detect the MRA service from outside.

Do you suspects any other points ?

Thanks in advance....

Yes, you are right. 

Can you attach diagnostic logs but pls make sure "tcpdump" is checked while collecting logs, so we can see pcap capture once.

Suresh

Hi Suresh,

Sure. I will get back to you shortly.

Hello,

Did you fix the issue? I have exactly the same issue in the same scenario...

Thanks.

Hi Eduardo,

Unfortunately didn't get the opportunity to work on the specific setup to continue the troubleshooting...

Thanks

Hi,

We fixed the issue. The problem was in the DNS side, we need add this SRV entry to Internal DNS couse we have multidomain:

_cisco-uds._tcp.publicdomain.com

priority = 10

weight = 10

port = 8443

SRV hostname = CUCM.internaldomain.com

Try to go through the troubleshooting process in this article by William Bell, see where it fails:

http://www.netcraftsmen.com/cisco-mobile-remote-access-troubleshooting-basic-connectivity/

V.Naveen Kumar
Level 1
Level 1

Hi Sri

Is it Single or Multiple Domain Deployment 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: