I have been requested to configure Cisco Jabber to work through our VPN to our organizations IPhones. We currently have Cisco Jabber and Cisco AnyConnect configured throughout the organization and I have configured CUCM as shown in this video and configured the firewall as shown in this video. Finally I tried to configure the IPhone as shown in this video, but Cisco Jabber is giving me the error "Failed to discover network services. Tap advanced settings to set up manually." I get the same error regardless of auto or manual settings. I am connecting through the VPN natively as shown in the above video and am able to access internal resources. I am also able to connect to Jabber on the WiFi with no issues.
I am aware that there is an option to configure Cisco Jabber with no VPN, but from what I read, it will require additional resources and significant time to configure, whereas I have a Cisco ASA, Cisco Jabber, and Cisco AnyConnect all configured and I was hoping it would be a simple configuration to chain them together.
I figured out the networking issue, I only had given access in not back out, so I now can access the internal network, but am now receiving a new error. "Cannot communicate with the server." I attached the error log from Jabber. I believe this may be the error message we are looking for.
INFO [0x000000016ef6f000] [ils/src/cert/ios/iOSCertVerifier.cpp(46)] [csf.cert.ios] [verifyCertificate] - Checking SSL Policy 2017-06-22 11:28:42,882 ERROR [0x000000016ef6f000] [ls/src/cert/ios/iOSCertVerifier.cpp(186)] [csf.cert.ios] [verifyCertificatePolicy] - Policy verification failed, result=5 2017-06-22 11:28:42,882 DEBUG [0x000000016ef6f000] [rc/cert/common/BaseCertVerifier.cpp(171)] [csf.cert.] [doVerifyCertificate] - Result of platform cert verification: [UNKNOWN] 2017-06-22 11:28:42,883 DEBUG [0x000000016ef6f000] [rc/cert/common/BaseCertVerifier.cpp(271)] [csf.cert.] [checkIdentity] - About to check for an Identity Match. 2017-06-22 11:28:42,883 DEBUG [0x000000016ef6f000] [ls/src/cert/common/CertVerifier.cpp(154)] [csf.cert] [checkIdentifier] - Verifying identity '10.16.125.40' 2017-06-22 11:28:42,884 ERROR [0x000000016ef6f000] [rc/cert/utils/AltNameParserImpl.cpp(414)] [csf.cert.utils] [verify] - No Match Found for '10.16.125.40' 2017-06-22 11:28:42,884 ERROR [0x000000016ef6f000] [rc/cert/common/BaseCertVerifier.cpp(324)] [csf.cert.] [checkIdentifiers] - Verification of identity: '10.16.125.40' failed.
I configured the firewall to permit me access to any in both directions, I am also able to access CUCM and the Jabber server through the IP Address on the IPhone with Google Chrome, so I know that the firewall is permitting me access. I am wondering if there is some setting in CUCM I am missing.
All of our computers prompt for multiple certificates when signing in and I was anticipating the same on the IPhone, but unfortunately nothing appears except the error. If I navigate to the 10.16.125.40 via Chrome, the Certificate warning appears and I am able to click continue, but no pop ups with the App.
As I mentioned all of our devices that use Cisco Jabber have to accept the certificates and it works perfectly, in fact when I first configured Cisco Jabber to work over WiFi I accepted the certificates, so wouldn't they still be saved on the IPhone? If so, where can I delete them to see if that is the issue. In addition, we do not have a CA, but I believe that CUCM is capable of creating its own certificates, if so is there a guide on how to create and install certificates on an IPhone?
The reason I ask where are they saved on the phone is because everywhere I have read it states within the Settings, General, and Profiles, but I do not have a Profiles section and cannot find any other information other than if you do not have a profiles tab then you don't have any certificates, which makes no sense since I can log into Jabber on WiFi without having to accept anything, so they must have saved somewhere.
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
CUCM Database Replication is an area in which Cisco customers and
partners have asked for more in-depth training in being able to properly
assess a replication problem and potentially resolve an issue without
involving TAC. This document discusses the bas...