Solved: we are using jabber well now

sadojs3535 · ‎10-10-2014

I have cucm 10.5 and expressway 8.2

I don't use TLS connection. just tried to join expressway and cucm .

I can register jabber for iphone on IM & P at inside.

cucm and IM&P statues is good .

and than I changed my network to outside network on my phone wife.

jabber for iphone is registered on cucm . but IM & P is not..

so I restart a Jabber app. and try again. it doesn't work everything.

outside DNS

srv record : _collab-edge._tls.domain.com

_sip._tcp.domain.com

_sips._tcp.domain.com

_sips._tls.domain.com

inside DNS

srv record: _cuplogin._tcp.domain.com

_cisco-uds._tcp.domain.com

vcs-c

1.CSR / upload certificate signed CA / and x.509 of root CA

2.traversal zone ( type=unified communications traversal)

vcs-e

1.CSR / upload certificate signed CA / and x.509 of root CA

2.traversal zone ( type=unified communications traversal)

status - unified communications

everything is good !!!

this is logs of vcs-e

2014-10-10T17:06:51+09:00	sshdpfwd[32043]: Received disconnect from 203.228.204.1: 11: disconnected by user
2014-10-10T17:06:50+09:00	sshdpfwd[32030]: Event="sshd" Module="openssh" Level="INFO" Detail="User child is on pid 32043" UTCTime="2014-10-10 08:06:50"
2014-10-10T17:06:50+09:00	sshdpfwd[32030]: Event="sshd" Module="openssh" Level="INFO" Detail="Accepted publickey for pfwd from xxx.xxx.xxx.xxx port 12209 ssh2: RSA+cert 8e:20:23:4d:5e:07:b9:89:84:3e:6c:10:58:66:47:cb" UTCTime="2014-10-10 08:06:50"
2014-10-10T17:06:50+09:00	sshdpfwd[32030]: Event="sshd" Module="openssh" Level="INFO" Detail="Authorized by X509(rsa) : CN=vcsc.daeshin.com,OU=cisco,O=cisco,L=cisco,ST=cisco,C=kr" UTCTime="2014-10-10 08:06:50"
2014-10-10T17:06:40+09:00	sshdpfwd[32030]: Event="sshd" Module="openssh" Level="INFO" Detail="Connection from xxx.xxx.xxx.xxx port 12209 on xxx.xxx.xxx.xxx port 2222" UTCTime="2014-10-10 08:06:40"
2014-10-10T17:06:40+09:00	sshdpfwd: Event="sshd" Module="openssh" Level="INFO" Detail="sshdpfwd run in non-FIPS mode" UTCTime="2014-10-10 08:06:40"
2014-10-10T17:06:40+09:00	sshdpfwd[32030]: Event="sshd" Module="openssh" Level="INFO" Detail="Set /proc/self/oom_score_adj to 0" UTCTime="2014-10-10 08:06:40"

vcs-c

2014-10-10T17:08:51+09:00	ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 64953.8, received 39595.1" UTCTime="2014-10-10 08:08:51"
2014-10-10T17:08:51+09:00	ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4672, received 2848 bytes, in 0.1 seconds" UTCTime="2014-10-10 08:08:51"
2014-10-10T17:08:51+09:00	ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to vcse.daeshin.com ([xxx.xxx.xxx.xxx]:2222)." UTCTime="2014-10-10 08:08:51"
2014-10-10T17:08:40+09:00	ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'xxx.xxx.xxx.xxxnot in list of known hosts." UTCTime="2014-10-10 08:08:40"
2014-10-10T17:08:40+09:00	ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 35525 for remote forward to localhost:8443" UTCTime="2014-10-10 08:08:40"

is this problem ? RSA+cert host key for IP address 'xxx.xxx.xxx.xxxnot in list of known hosts

Ayodeji Okanlawon · ‎10-10-2014

Did you use FQDN in your expressway-e and c configuration? Was the CSR generated based on the hostname or IP address?

Did you use hostname in your traversal zone configuration or IP?

Have you tested using jabber for windows?

Please rate all useful posts

View solution in original post

sadojs3535 · ‎10-30-2014

we are using jabber well now .

It was my mistake. when I installed IM&P for joining to CUCM , I configured domain name(cup.domain.com) for domain field of IM&P on CUCM. so IM&P was configured "cup.domain.com" by that configuration.

I reconfigured that to "domain.com" and then I am using well.

View solution in original post

Ayodeji Okanlawon · ‎10-10-2014

Did you use FQDN in your expressway-e and c configuration? Was the CSR generated based on the hostname or IP address?

Did you use hostname in your traversal zone configuration or IP?

Have you tested using jabber for windows?

Please rate all useful posts

sadojs3535 · ‎10-10-2014

I am using hostname.

I already have test. jabber for android and jabber for windows

Ayodeji Okanlawon · ‎10-10-2014

Can you send your jabber for windows logs?

Please rate all useful posts

sadojs3535 · ‎10-10-2014

thank you for your help

Ayodeji Okanlawon · ‎10-10-2014

I have looked at your logs and the problem looks to be in your service profile configuration..

Here is Jabber trying to login to presence server

Signing into Presence Server. Server: cup.daeshin.com, login mode: ON_PREM, result: 0

- [XmppSDK.dll]: #0, CXmppClient::onStreamEvent ,CXmppClient::onStreamEvent, SessionState_Authentication

--

--
[IMPStackCap::Login::OnLoginStateChanged] - eState: ConSessionState_Authentication: <2>
2014-10-10 18:39:22,554 INFO [0x00001e34] [ets\adapters\imp\components\Login.cpp(0)] [imp.service] [IMPStackCap::Login::OnLoginStateChanged] - Exit

++++Here we see the connection disconnecting.+++++

[sets\adapters\imp\components\Log.cpp(32)] [JabberWerx] [IMPStackCap::Log::log] - [XmppSDK.dll]: #0, CXmppClient::onDisconnect
2014-10-10 18:39:22,585 INFO [0x00001e34] [etutils\NetworkEventReporterImpl.cpp(49)] [csf.netutils] [netutils::NetworkEventReporterImpl::hintNetworkInterfaceMightHaveDropped] - Event Label:jabberwerxcpp.disconnect

++++Jabber then spits out authentication error+++

2014-10-10 18:39:23,646 DEBUG [0x00001e34] [ts\adapters\imp\components\Login.cpp(88)] [imp.service] [IMPStackCap::Login::OnLoginError] - Entry
2014-10-10 18:39:23,646 INFO [0x00001e34] [ts\adapters\imp\components\Login.cpp(90)] [imp.service] [IMPStackCap::Login::OnLoginError] - ****************************************************************
2014-10-10 18:39:23,646 INFO [0x00001e34] [ts\adapters\imp\components\Login.cpp(91)] [imp.service] [IMPStackCap::Login::OnLoginError] - OnLoginError: (data=0) LERR_JABBER_AUTH <15>: Authentication error with server e.g. resource bind, TLS, create session or SASL error
2014-10-10 18:39:23,646 INFO [0x00001e34] [ts\adapters\imp\components\Login.cpp(92)] [imp.service] [IMPStackCap::Login::OnLoginError] - ****************************************************************

The reason I think this is happening is because ein your service profile configuration, you have configured your IM and P with hostname, however because your jabber client is outside it cant resolve that hostname. Try and change the Im and P service profile to have ip address of your IM and P server.

Please rate all useful posts

sadojs3535 · ‎10-10-2014

I changed Service profile. but its same..

should I change ip address of IM & P on sip trunk ?

I am using FQDN of IM& P on sip trunk.

Ayodeji Okanlawon · ‎10-10-2014

Did you reset Jabber after changes..Jabber caches config. If you are on Jabber 9.7, go to jabber CSF folder and delete it. You will find the CSF folder in

c:\users\usernae\\AppData\Roaming\Cisco\Unified Communications\Jabber\CSF\

Then test again... send logs again

Please rate all useful posts

sadojs3535 · ‎10-13-2014

this is the log file and all of the xml file.

CUCM

sip trunk : IP address

UC service : IP address

IM and Presence

Presence Gateway : host name

Ayodeji Okanlawon · ‎10-13-2014

Have to deleted the CSF folder. Jabber is still using the hostname..

2014-10-13 17:46:43,741 INFO [0x000022c8] [ters\imp\commands\LoginCommands.cpp(162)] [imp.service] [IMPStackCap::LoginCommands::SignOn] - ****************************************************************
2014-10-13 17:46:43,741 INFO [0x000022c8] [ters\imp\commands\LoginCommands.cpp(163)] [imp.service] [IMPStackCap::LoginCommands::SignOn] - Signing into Presence Server. Server: cup.daeshin.com, login mode: ON_PREM, result: 0
2014-10-13 17:46:43,741 DEBUG [0x00001d18] [netutils\src\edge\EdgeUtilsImpl.cpp(118)] [csf.edge] [edge::EdgeUtilsImpl::transformHttpUrl] - About to transform with original Url: https://cup.daeshin.com:8443
2014-10-13 17:46:43,741 INFO [0x000022c8] [ters\imp\commands\LoginCommands.cpp(164)] [imp.service] [IMPStackCap::LoginCommands::SignOn] - ****************************************************************

Please rate all useful posts

sadojs3535 · ‎10-13-2014

I tried to change hostname of cucm and cup to ip address.

and tried again.

Ayodeji Okanlawon · ‎10-14-2014

Ok, I can see that its using ip address now..

"Signing into Presence Server. Server: 172.16.1.22, login mode: ON_PREM, result: 0"

How is your expressway E configured? is it dual interface? Does your MRA Traversal zone point to the DNS name of the expressway E (which should resolve to the public ip address of expressway e)..

If you are using a single interface, you need to disable the second nic on your expressway-e

You need to configure NAT reflexion for expressway to be able to reach the public IP of expressway-e

Try and restart your presence server.

FYI, you don't need to change the hostname of cucm and presence server to ip. Its just your service profile (where you define your services that should have ip address)

Please rate all useful posts

sadojs3535 · ‎10-14-2014

thank you for your answer.

we are using expressway-E with Public ip address.

so I think we don't need to do NAT configuration.

and also using MRA Traversal zone point to the DNS name of the expressway E.

if you want to see our system, I can tell you our anyconnect account.

could you tell me your E-mail address ?

Ayodeji Okanlawon · ‎10-14-2014

You definitely NAT configuration. ok here is my email (deji_ok@hotmail.co.uk)

Please rate all useful posts

sadojs3535 · ‎10-30-2014

we are using jabber well now .

It was my mistake. when I installed IM&P for joining to CUCM , I configured domain name(cup.domain.com) for domain field of IM&P on CUCM. so IM&P was configured "cup.domain.com" by that configuration.

I reconfigured that to "domain.com" and then I am using well.

cucm 10.5 and expressway 8.2 !! how can I join ? RSA+cert host key ?