10-10-2014 01:11 AM - edited 03-17-2019 04:33 PM
I have cucm 10.5 and expressway 8.2
I don't use TLS connection. just tried to join expressway and cucm .
I can register jabber for iphone on IM & P at inside.
cucm and IM&P statues is good .
and than I changed my network to outside network on my phone wife.
jabber for iphone is registered on cucm . but IM & P is not..
so I restart a Jabber app. and try again. it doesn't work everything.
outside DNS
srv record : _collab-edge._tls.domain.com
_sip._tcp.domain.com
_sips._tcp.domain.com
_sips._tls.domain.com
inside DNS
srv record: _cuplogin._tcp.domain.com
_cisco-uds._tcp.domain.com
vcs-c
1.CSR / upload certificate signed CA / and x.509 of root CA
2.traversal zone ( type=unified communications traversal)
vcs-e
1.CSR / upload certificate signed CA / and x.509 of root CA
2.traversal zone ( type=unified communications traversal)
status - unified communications
everything is good !!!
this is logs of vcs-e
2014-10-10T17:06:51+09:00 | sshdpfwd[32043]: Received disconnect from 203.228.204.1: 11: disconnected by user |
2014-10-10T17:06:50+09:00 | sshdpfwd[32030]: Event="sshd" Module="openssh" Level="INFO" Detail="User child is on pid 32043" UTCTime="2014-10-10 08:06:50" |
2014-10-10T17:06:50+09:00 | sshdpfwd[32030]: Event="sshd" Module="openssh" Level="INFO" Detail="Accepted publickey for pfwd from xxx.xxx.xxx.xxx port 12209 ssh2: RSA+cert 8e:20:23:4d:5e:07:b9:89:84:3e:6c:10:58:66:47:cb" UTCTime="2014-10-10 08:06:50" |
2014-10-10T17:06:50+09:00 | sshdpfwd[32030]: Event="sshd" Module="openssh" Level="INFO" Detail="Authorized by X509(rsa) : CN=vcsc.daeshin.com,OU=cisco,O=cisco,L=cisco,ST=cisco,C=kr" UTCTime="2014-10-10 08:06:50" |
2014-10-10T17:06:40+09:00 | sshdpfwd[32030]: Event="sshd" Module="openssh" Level="INFO" Detail="Connection from xxx.xxx.xxx.xxx port 12209 on xxx.xxx.xxx.xxx port 2222" UTCTime="2014-10-10 08:06:40" |
2014-10-10T17:06:40+09:00 | sshdpfwd: Event="sshd" Module="openssh" Level="INFO" Detail="sshdpfwd run in non-FIPS mode" UTCTime="2014-10-10 08:06:40" |
2014-10-10T17:06:40+09:00 | sshdpfwd[32030]: Event="sshd" Module="openssh" Level="INFO" Detail="Set /proc/self/oom_score_adj to 0" UTCTime="2014-10-10 08:06:40" |
vcs-c
2014-10-10T17:08:51+09:00 | ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 64953.8, received 39595.1" UTCTime="2014-10-10 08:08:51" |
2014-10-10T17:08:51+09:00 | ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4672, received 2848 bytes, in 0.1 seconds" UTCTime="2014-10-10 08:08:51" |
2014-10-10T17:08:51+09:00 | ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to vcse.daeshin.com ([xxx.xxx.xxx.xxx]:2222)." UTCTime="2014-10-10 08:08:51" |
2014-10-10T17:08:40+09:00 | ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'xxx.xxx.xxx.xxxnot in list of known hosts." UTCTime="2014-10-10 08:08:40" |
2014-10-10T17:08:40+09:00 | ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 35525 for remote forward to localhost:8443" UTCTime="2014-10-10 08:08:40" |
is this problem ? RSA+cert host key for IP address 'xxx.xxx.xxx.xxxnot in list of known hosts
Solved! Go to Solution.
10-10-2014 01:34 AM
Did you use FQDN in your expressway-e and c configuration? Was the CSR generated based on the hostname or IP address?
Did you use hostname in your traversal zone configuration or IP?
Have you tested using jabber for windows?
10-30-2014 08:37 PM
we are using jabber well now .
It was my mistake. when I installed IM&P for joining to CUCM , I configured domain name(cup.domain.com) for domain field of IM&P on CUCM. so IM&P was configured "cup.domain.com" by that configuration.
I reconfigured that to "domain.com" and then I am using well.
10-10-2014 01:34 AM
Did you use FQDN in your expressway-e and c configuration? Was the CSR generated based on the hostname or IP address?
Did you use hostname in your traversal zone configuration or IP?
Have you tested using jabber for windows?
10-10-2014 01:45 AM
I am using hostname.
I already have test. jabber for android and jabber for windows
10-10-2014 01:46 AM
Can you send your jabber for windows logs?
10-10-2014 02:54 AM
10-10-2014 05:17 AM
I have looked at your logs and the problem looks to be in your service profile configuration..
Here is Jabber trying to login to presence server
Signing into Presence Server. Server: cup.daeshin.com, login mode: ON_PREM, result: 0
- [XmppSDK.dll]: #0, CXmppClient::onStreamEvent ,CXmppClient::onStreamEvent, SessionState_Authentication
--
--
[IMPStackCap::Login::OnLoginStateChanged] - eState: ConSessionState_Authentication: <2>
2014-10-10 18:39:22,554 INFO [0x00001e34] [ets\adapters\imp\components\Login.cpp(0)] [imp.service] [IMPStackCap::Login::OnLoginStateChanged] - Exit
++++Here we see the connection disconnecting.+++++
[sets\adapters\imp\components\Log.cpp(32)] [JabberWerx] [IMPStackCap::Log::log] - [XmppSDK.dll]: #0, CXmppClient::onDisconnect
2014-10-10 18:39:22,585 INFO [0x00001e34] [etutils\NetworkEventReporterImpl.cpp(49)] [csf.netutils] [netutils::NetworkEventReporterImpl::hintNetworkInterfaceMightHaveDropped] - Event Label:jabberwerxcpp.disconnect
++++Jabber then spits out authentication error+++
2014-10-10 18:39:23,646 DEBUG [0x00001e34] [ts\adapters\imp\components\Login.cpp(88)] [imp.service] [IMPStackCap::Login::OnLoginError] - Entry
2014-10-10 18:39:23,646 INFO [0x00001e34] [ts\adapters\imp\components\Login.cpp(90)] [imp.service] [IMPStackCap::Login::OnLoginError] - ****************************************************************
2014-10-10 18:39:23,646 INFO [0x00001e34] [ts\adapters\imp\components\Login.cpp(91)] [imp.service] [IMPStackCap::Login::OnLoginError] - OnLoginError: (data=0) LERR_JABBER_AUTH <15>: Authentication error with server e.g. resource bind, TLS, create session or SASL error
2014-10-10 18:39:23,646 INFO [0x00001e34] [ts\adapters\imp\components\Login.cpp(92)] [imp.service] [IMPStackCap::Login::OnLoginError] - ****************************************************************
The reason I think this is happening is because ein your service profile configuration, you have configured your IM and P with hostname, however because your jabber client is outside it cant resolve that hostname. Try and change the Im and P service profile to have ip address of your IM and P server.
10-10-2014 08:24 PM
I changed Service profile. but its same..
should I change ip address of IM & P on sip trunk ?
I am using FQDN of IM& P on sip trunk.
10-10-2014 08:36 PM
Did you reset Jabber after changes..Jabber caches config. If you are on Jabber 9.7, go to jabber CSF folder and delete it. You will find the CSF folder in
c:\users\usernae\\AppData\Roaming\Cisco\Unified Communications\Jabber\CSF\
Then test again... send logs again
10-13-2014 01:54 AM
10-13-2014 03:53 AM
Have to deleted the CSF folder. Jabber is still using the hostname..
2014-10-13 17:46:43,741 INFO [0x000022c8] [ters\imp\commands\LoginCommands.cpp(162)] [imp.service] [IMPStackCap::LoginCommands::SignOn] - ****************************************************************
2014-10-13 17:46:43,741 INFO [0x000022c8] [ters\imp\commands\LoginCommands.cpp(163)] [imp.service] [IMPStackCap::LoginCommands::SignOn] - Signing into Presence Server. Server: cup.daeshin.com, login mode: ON_PREM, result: 0
2014-10-13 17:46:43,741 DEBUG [0x00001d18] [netutils\src\edge\EdgeUtilsImpl.cpp(118)] [csf.edge] [edge::EdgeUtilsImpl::transformHttpUrl] - About to transform with original Url: https://cup.daeshin.com:8443
2014-10-13 17:46:43,741 INFO [0x000022c8] [ters\imp\commands\LoginCommands.cpp(164)] [imp.service] [IMPStackCap::LoginCommands::SignOn] - ****************************************************************
10-13-2014 06:24 PM
10-14-2014 01:03 AM
Ok, I can see that its using ip address now..
"Signing into Presence Server. Server: 172.16.1.22, login mode: ON_PREM, result: 0"
How is your expressway E configured? is it dual interface? Does your MRA Traversal zone point to the DNS name of the expressway E (which should resolve to the public ip address of expressway e)..
If you are using a single interface, you need to disable the second nic on your expressway-e
You need to configure NAT reflexion for expressway to be able to reach the public IP of expressway-e
Try and restart your presence server.
FYI, you don't need to change the hostname of cucm and presence server to ip. Its just your service profile (where you define your services that should have ip address)
10-14-2014 02:14 AM
thank you for your answer.
we are using expressway-E with Public ip address.
so I think we don't need to do NAT configuration.
and also using MRA Traversal zone point to the DNS name of the expressway E.
if you want to see our system, I can tell you our anyconnect account.
could you tell me your E-mail address ?
10-14-2014 02:16 AM
You definitely NAT configuration. ok here is my email (deji_ok@hotmail.co.uk)
10-30-2014 08:37 PM
we are using jabber well now .
It was my mistake. when I installed IM&P for joining to CUCM , I configured domain name(cup.domain.com) for domain field of IM&P on CUCM. so IM&P was configured "cup.domain.com" by that configuration.
I reconfigured that to "domain.com" and then I am using well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide