Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2956
Views
0
Helpful
10
Replies

Jabber over MRA Signin Problems

octaviangitu
Level 1
Level 1

‎05-15-2017 03:06 PM - edited ‎03-19-2019 12:25 PM

I've just installed and configured X8.9.2 single NIC, 1 ASA firewall, CUCM and IM Presence 11.5.1. Traversal zone create and active, no errors! Can retrieve XML using direct and 64Baseencoded links to CUCM/TFTP, but when trying to sign in with Jabber over MRA from internet, get Cannot communicate with server. It only let's me enter username and password, but doesn't sign in. Would really appreciate any help. Thank you!

1 person had this problem
Labels:
0 Helpful
10 Replies 10

Manish Gogna
Cisco Employee
Cisco Employee

‎05-15-2017 09:28 PM

Hi,

Please verify the setup as per the following

http://www.cisco.com/c/en/us/support/docs/unified-communications/expressway/118798-technote-cucm-00.html#anc5

Manish

- Do rate helpful posts -

0 Helpful

octaviangitu
Level 1
Level 1
In response to Manish Gogna

‎05-15-2017 11:22 PM

Dear Manish, check as you advised, all is perfect, but still cannot sign in. When I start Jabber for Windows it says, at the beginning "Finding Services...", then after 2-3 seconds, it asks me for Password, then "Sinning in...", after about 1 min, I get "Cannot communicate with the Server". What could be the problem?

0 Helpful

Manish Gogna
Cisco Employee
Cisco Employee
In response to octaviangitu

‎05-16-2017 12:52 AM

Next step in that case would be to collect the Jabber problem report and the Expressway diagnostic logs.

Manish

0 Helpful

octaviangitu
Level 1
Level 1
In response to Manish Gogna

‎05-16-2017 12:59 AM

Bellow is the log from Expressway-E:

2017-05-16T10:37:51.018+03:00 traffic_server[2887]: Event="Sending HTTP error response" Status="404" Reason="Not Found" Dst-ip="94.243.69.111" Dst-port="50294" UTCTime="2017-05-16 07:37:51,018"
2017-05-16T10:37:49.440+03:00 traffic_server[2887]: Event="Sending HTTP error response" Status="503" Reason="Service Unavailable" Dst-ip="94.243.69.111" Dst-port="50292" UTCTime="2017-05-16 07:37:49,440"
2017-05-16T10:37:49.440+03:00 traffic_server[2887]: Event="oauthcb" Detail="SSO access denied" Reason="SSO Disabled" Src-ip="94.243.69.111" Src-port="50292" UTCTime="2017-05-16 07:37:49,440"

Bellow is the log from Expressway-C:

2017-05-16T10:37:58.950+03:00 traffic_server[16019]: Event="Request Allowed" Detail="Access allowed" Reason="In allow list" Username="octavian" Deployment="1" Method="POST" Request="https://cup.gatu.local:8443/EPASSoap/service/v105" Rule="https://cup.gatu.local:8443/EPASSoap/service/v105" Match="exact" Type="Automatically generated rule for CUPS server" UTCTime="2017-05-16 07:37:58,949"
2017-05-16T10:37:57.504+03:00 traffic_server[16019]: Event="Request Allowed" Detail="Access allowed" Reason="In allow list" Username="octavian" Deployment="1" Method="POST" Request="https://cup.gatu.local:8443/EPASSoap/service/v80" Rule="https://cup.gatu.local:8443/EPASSoap/service/v80" Match="exact" Type="Automatically generated rule for CUPS server" UTCTime="2017-05-16 07:37:57,504"
2017-05-16T10:37:57.244+03:00 traffic_server[16019]: Event="Request Allowed" Detail="Access allowed" Reason="In allow list" Username="octavian" Deployment="1" Method="POST" Request="https://cup.gatu.local:8443/EPASSoap/service/v105" Rule="https://cup.gatu.local:8443/EPASSoap/service/v105" Match="exact" Type="Automatically generated rule for CUPS server" UTCTime="2017-05-16 07:37:57,244"
2017-05-16T10:37:52.110+03:00 traffic_server[16019]: Event="Request Allowed" Detail="Access allowed" Reason="In allow list" Username="octavian" Deployment="1" Method="GET" Request="https://cucm.gatu.local:6972/jabber-config.xml" Rule="https://cucm.gatu.local:6972/" Match="prefix" Type="Automatically generated rule for CUCM server" UTCTime="2017-05-16 07:37:52,110"
2017-05-16T10:37:51.701+03:00 traffic_server[16019]: Event="Request Allowed" Detail="Access allowed" Reason="In allow list" Username="octavian" Deployment="1" Method="GET" Request="https://cucm.gatu.local:8443/cucm-uds/version" Rule="https://cucm.gatu.local:8443/cucm-uds/version" Match="exact" Type="Automatically generated rule for CUCM server" UTCTime="2017-05-16 07:37:51,701"
2017-05-16T10:37:51.661+03:00 traffic_server[16019]: Event="Request Allowed" Detail="Access allowed" Reason="In allow list" Username="octavian" Deployment="1" Method="POST" Request="https://cup.gatu.local:8443/EPASSoap/service/v80" Rule="https://cup.gatu.local:8443/EPASSoap/service/v80" Match="exact" Type="Automatically generated rule for CUPS server" UTCTime="2017-05-16 07:37:51,661"
2017-05-16T10:37:51.190+03:00 traffic_server[16019]: Event="Request Allowed" Detail="Access allowed" Reason="In allow list" Username="octavian" Deployment="1" Method="GET" Request="https://cucm.gatu.local:6972/global-settings.xml" Rule="https://cucm.gatu.local:6972/" Match="prefix" Type="Automatically generated rule for CUCM server" UTCTime="2017-05-16 07:37:51,190"
2017-05-16T10:37:51.126+03:00 traffic_server[16019]: Event="Request Allowed" Detail="Access allowed" Reason="In allow list" Username="octavian" Deployment="1" Method="GET" Request="https://cucm.gatu.local:6972/SPDefault.cnf.xml" Rule="https://cucm.gatu.local:6972/" Match="prefix" Type="Automatically generated rule for CUCM server" UTCTime="2017-05-16 07:37:51,126"
2017-05-16T10:37:51.056+03:00 traffic_server[16019]: Event="Request Allowed" Detail="Access allowed" Reason="In allow list" Username="octavian" Deployment="1" Method="GET" Request="https://cucm.gatu.local:6972/SPDefault.cnf.xml" Rule="https://cucm.gatu.local:6972/" Match="prefix" Type="Automatically generated rule for CUCM server" UTCTime="2017-05-16 07:37:51,056"
2017-05-16T10:37:50.992+03:00 traffic_server[16019]: Event="Request Allowed" Detail="Access allowed" Reason="In allow list" Username="octavian" Deployment="1" Method="GET" Request="https://cucm.gatu.local:6972/Cisco%20Jabber%20for%20iPhone%20Device%20Profile.cnf.xml" Rule="https://cucm.gatu.local:6972/" Match="prefix" Type="Automatically generated rule for CUCM server" UTCTime="2017-05-16 07:37:50,991"
2017-05-16T10:37:50.822+03:00 traffic_server[16019]: Event="Request Allowed" Detail="Access allowed" Reason="In allow list" Username="octavian" Deployment="1" Method="GET" Request="https://cucm.gatu.local:8443/cucm-uds/user/Octavian/devices" Rule="https://cucm.gatu.local:8443/cucm-uds/user/" Match="prefix" Type="Automatically generated rule for CUCM server" UTCTime="2017-05-16 07:37:50,822"
2017-05-16T10:37:50.531+03:00 traffic_server[16019]: Event="Request Allowed" Detail="Access allowed" Reason="In allow list" Username="octavian" Deployment="1" Method="GET" Request="https://cucm.gatu.local:8443/cucm-uds/user/Octavian" Rule="https://cucm.gatu.local:8443/cucm-uds/user/" Match="prefix" Type="Automatically generated rule for CUCM server" UTCTime="2017-05-16 07:37:50,531"

I've attached, also, the log from Jabber Windows.

Preview file
1299 KB
0 Helpful

Manish Gogna
Cisco Employee
Cisco Employee
In response to octaviangitu

‎05-16-2017 01:13 AM

On the Expressway-C, Status --> Unified Communications, is anything red or down there?

Do you get a prompt to accept a certificate when you try to login?

On the Expressway-C, go to Configuration --> Unified Communications --> IM & Presence Service Nodes --> click on the checkbox for each IM&P server and click ‘refresh servers’

Can you try logging in again post that.

Manish

0 Helpful

octaviangitu
Level 1
Level 1
In response to Manish Gogna

‎05-16-2017 01:25 AM

All is green! All is Active and OK! All certificates including Expressway-E, have need signed by the same CA! When I Sign in with Jabber I don't get to accept certificate, I'm immediately prompted to enter the Password. In the logs nothing appears in RED.

I have also attached the Diagnostic logging from Expressway E and C.

Preview file
110 KB
Preview file
128 KB
0 Helpful

Manish Gogna
Cisco Employee
Cisco Employee
In response to octaviangitu

‎05-16-2017 06:48 AM

Is the login working fine internally for this user?

Manish

0 Helpful

octaviangitu
Level 1
Level 1
In response to Manish Gogna

‎05-16-2017 07:37 AM

Sure, from inside works perfectly!

0 Helpful

octaviangitu
Level 1
Level 1
In response to octaviangitu

‎05-16-2017 10:17 PM

Thank you so much! Opened a TAC and found that port 5222 (XMPP) was closed on the public IP of Exp-E. All works fine now!!

0 Helpful

Alok Jaiswal
Level 4
Level 4
In response to octaviangitu

‎05-16-2017 04:08 PM

i see something in the log file.

2017-05-16T11:17:19.725+03:00 vcs-c portforwarding: UTCTime="2017-05-16 08:17:19,724" Module="developer.portforwarding.twisted" Level="INFO" CodeLocation="_observer(131)" AMP connection lost (HOST:IPv4Address(TCP, '127.0.0.1', 35068) PEER:IPv4Address(TCP, '127.0.0.1', 8191))
2017-05-16T11:17:19.725+03:00 vcs-c portforwarding: UTCTime="2017-05-16 08:17:19,725" Module="developer.portforwarding.twisted" Level="INFO" CodeLocation="_observer(131)" AMP connection lost (HOST:IPv4Address(TCP, '127.0.0.1', 35070) PEER:IPv4Address(TCP, '127.0.0.1', 8191))

Can you tell me more about your expressway-edge configuration ? is it a dual nic or single nic ?

please make sure you able to do the reverse dns lookup for the exp-e ip-address, and the response must be the exp-e fqdn.

Regards,

Alok

0 Helpful
Customers Also Viewed These Support Documents