Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

cucm 10.5 and expressway 8.2 !! how can I join ? RSA+cert host key ?

I have cucm 10.5 and expressway 8.2

I don't use TLS connection. just tried to join expressway and cucm .

I can register jabber for iphone on IM & P at inside.

cucm and IM&P statues is good .

and than I changed my network to outside network on my phone wife.

jabber for iphone is registered on cucm . but IM & P is not..

so I restart a Jabber app. and try again.  it doesn't work everything.

 

outside DNS

srv record : _collab-edge._tls.domain.com

                   _sip._tcp.domain.com

                  _sips._tcp.domain.com

                  _sips._tls.domain.com

inside DNS

srv record: _cuplogin._tcp.domain.com

                 _cisco-uds._tcp.domain.com

 

vcs-c

1.CSR / upload certificate signed CA / and x.509 of root CA

2.traversal zone ( type=unified communications traversal)

 

vcs-e

1.CSR / upload certificate signed CA / and x.509 of root CA

2.traversal zone ( type=unified communications traversal)

 

status - unified communications

everything is good !!!

 

this is logs of vcs-e

 

2014-10-10T17:06:51+09:00sshdpfwd[32043]: Received disconnect from 203.228.204.1: 11: disconnected by user
2014-10-10T17:06:50+09:00sshdpfwd[32030]: Event="sshd" Module="openssh" Level="INFO" Detail="User child is on pid 32043" UTCTime="2014-10-10 08:06:50"
2014-10-10T17:06:50+09:00sshdpfwd[32030]: Event="sshd" Module="openssh" Level="INFO" Detail="Accepted publickey for pfwd from xxx.xxx.xxx.xxx port 12209 ssh2: RSA+cert 8e:20:23:4d:5e:07:b9:89:84:3e:6c:10:58:66:47:cb" UTCTime="2014-10-10 08:06:50"
2014-10-10T17:06:50+09:00sshdpfwd[32030]: Event="sshd" Module="openssh" Level="INFO" Detail="Authorized by X509(rsa) : CN=vcsc.daeshin.com,OU=cisco,O=cisco,L=cisco,ST=cisco,C=kr" UTCTime="2014-10-10 08:06:50"
2014-10-10T17:06:40+09:00sshdpfwd[32030]: Event="sshd" Module="openssh" Level="INFO" Detail="Connection from xxx.xxx.xxx.xxx port 12209 on xxx.xxx.xxx.xxx port 2222" UTCTime="2014-10-10 08:06:40"
2014-10-10T17:06:40+09:00sshdpfwd: Event="sshd" Module="openssh" Level="INFO" Detail="sshdpfwd run in non-FIPS mode" UTCTime="2014-10-10 08:06:40"
2014-10-10T17:06:40+09:00sshdpfwd[32030]: Event="sshd" Module="openssh" Level="INFO" Detail="Set /proc/self/oom_score_adj to 0" UTCTime="2014-10-10 08:06:40"

 

vcs-c

2014-10-10T17:08:51+09:00ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 64953.8, received 39595.1" UTCTime="2014-10-10 08:08:51"
2014-10-10T17:08:51+09:00ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4672, received 2848 bytes, in 0.1 seconds" UTCTime="2014-10-10 08:08:51"
2014-10-10T17:08:51+09:00ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to vcse.daeshin.com ([xxx.xxx.xxx.xxx]:2222)." UTCTime="2014-10-10 08:08:51"
2014-10-10T17:08:40+09:00ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'xxx.xxx.xxx.xxxnot in list of known hosts." UTCTime="2014-10-10 08:08:40"
2014-10-10T17:08:40+09:00ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 35525 for remote forward to localhost:8443" UTCTime="2014-10-10 08:08:40"

 

 

is this problem ? RSA+cert host key for IP address 'xxx.xxx.xxx.xxxnot in list of known hosts

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Super Bronze

Did you use FQDN in your

Did you use FQDN in your expressway-e and c configuration? Was the CSR generated based on the hostname or IP address?

Did you use hostname in your traversal zone configuration or IP?

Have you tested using jabber for windows?

Please rate all useful posts "The essence of christianity is not the enthronement but the obliteration of self --William Barclay"
New Member

we are using jabber well now

we are using jabber well now .

 

It was my mistake. when I installed IM&P for joining to CUCM , I configured domain name(cup.domain.com) for domain field of IM&P on CUCM. so IM&P was configured "cup.domain.com" by that configuration.

I reconfigured that to "domain.com" and then I am using well.

16 REPLIES
VIP Super Bronze

Did you use FQDN in your

Did you use FQDN in your expressway-e and c configuration? Was the CSR generated based on the hostname or IP address?

Did you use hostname in your traversal zone configuration or IP?

Have you tested using jabber for windows?

Please rate all useful posts "The essence of christianity is not the enthronement but the obliteration of self --William Barclay"
New Member

I am using hostname.I don't

I am using hostname.

I already have test.  jabber for android and jabber for windows

VIP Super Bronze

Can you send your jabber for

Can you send your jabber for windows logs?

Please rate all useful posts "The essence of christianity is not the enthronement but the obliteration of self --William Barclay"
New Member

thank you for your help

thank you for your help

VIP Super Bronze

I have looked at your logs

I have looked at your logs and the problem looks to be in your service profile configuration..

Here is Jabber trying to login to presence server

Signing into Presence Server. Server: cup.daeshin.com, login mode: ON_PREM, result: 0

 

 - [XmppSDK.dll]: #0, CXmppClient::onStreamEvent ,CXmppClient::onStreamEvent, SessionState_Authentication

--

--
[IMPStackCap::Login::OnLoginStateChanged] - eState: ConSessionState_Authentication: <2>
2014-10-10 18:39:22,554 INFO  [0x00001e34] [ets\adapters\imp\components\Login.cpp(0)] [imp.service] [IMPStackCap::Login::OnLoginStateChanged] - Exit
 

++++Here we see the connection disconnecting.+++++

[sets\adapters\imp\components\Log.cpp(32)] [JabberWerx] [IMPStackCap::Log::log] - [XmppSDK.dll]: #0, CXmppClient::onDisconnect
2014-10-10 18:39:22,585 INFO  [0x00001e34] [etutils\NetworkEventReporterImpl.cpp(49)] [csf.netutils] [netutils::NetworkEventReporterImpl::hintNetworkInterfaceMightHaveDropped] - Event Label:jabberwerxcpp.disconnect

++++Jabber then spits out authentication error+++

2014-10-10 18:39:23,646 DEBUG [0x00001e34] [ts\adapters\imp\components\Login.cpp(88)] [imp.service] [IMPStackCap::Login::OnLoginError] - Entry
2014-10-10 18:39:23,646 INFO  [0x00001e34] [ts\adapters\imp\components\Login.cpp(90)] [imp.service] [IMPStackCap::Login::OnLoginError] - ****************************************************************
2014-10-10 18:39:23,646 INFO  [0x00001e34] [ts\adapters\imp\components\Login.cpp(91)] [imp.service] [IMPStackCap::Login::OnLoginError] - OnLoginError: (data=0) LERR_JABBER_AUTH <15>: Authentication error with server e.g. resource bind, TLS, create session or SASL error
2014-10-10 18:39:23,646 INFO  [0x00001e34] [ts\adapters\imp\components\Login.cpp(92)] [imp.service] [IMPStackCap::Login::OnLoginError] - ****************************************************************

The reason I think this is happening is because ein your service profile configuration, you have configured your IM and P with hostname, however because your jabber client is outside it cant resolve that hostname. Try and change the Im and P service profile to have ip address of your IM and P server.

Please rate all useful posts "The essence of christianity is not the enthronement but the obliteration of self --William Barclay"
New Member

I changed Service profile.

I changed Service profile. but its same.. 

should I change ip address of IM & P on sip trunk ?

I am using FQDN of IM& P on sip trunk.

 

VIP Super Bronze

Did you reset Jabber after

Did you reset Jabber after changes..Jabber caches config. If you are on Jabber 9.7, go to jabber CSF folder and delete it. You will find the CSF folder in

c:\users\usernae\\AppData\Roaming\Cisco\Unified Communications\Jabber\CSF\

Then test again... send logs again

Please rate all useful posts "The essence of christianity is not the enthronement but the obliteration of self --William Barclay"
New Member

this is the log file and all

this is the log file and all of the xml file.

 

CUCM

sip trunk : IP address

UC service : IP address

IM and Presence

Presence Gateway : host name

 

VIP Super Bronze

Have to deleted the CSF

Have to deleted the CSF folder. Jabber is still using the hostname..

2014-10-13 17:46:43,741 INFO  [0x000022c8] [ters\imp\commands\LoginCommands.cpp(162)] [imp.service] [IMPStackCap::LoginCommands::SignOn] - ****************************************************************
2014-10-13 17:46:43,741 INFO  [0x000022c8] [ters\imp\commands\LoginCommands.cpp(163)] [imp.service] [IMPStackCap::LoginCommands::SignOn] - Signing into Presence Server. Server: cup.daeshin.com, login mode: ON_PREM, result: 0
2014-10-13 17:46:43,741 DEBUG [0x00001d18] [netutils\src\edge\EdgeUtilsImpl.cpp(118)] [csf.edge] [edge::EdgeUtilsImpl::transformHttpUrl] - About to transform with original Url: https://cup.daeshin.com:8443
2014-10-13 17:46:43,741 INFO  [0x000022c8] [ters\imp\commands\LoginCommands.cpp(164)] [imp.service] [IMPStackCap::LoginCommands::SignOn] - ****************************************************************

Please rate all useful posts "The essence of christianity is not the enthronement but the obliteration of self --William Barclay"
New Member

I tried to change hostname of

I tried to change hostname of cucm and cup to ip address.

and tried again.

 

 

VIP Super Bronze

Ok, I can see that its using

Ok, I can see that its using ip address now..

"Signing into Presence Server. Server: 172.16.1.22, login mode: ON_PREM, result: 0"

How is your expressway E configured? is it dual interface? Does your MRA Traversal zone point to the DNS name of the expressway E (which should resolve to the public ip address of expressway e)..

If you are using a single interface, you need to disable the second nic on your expressway-e

You need to configure NAT reflexion for expressway to be able to reach the public IP of expressway-e

Try and restart your presence server.

FYI, you don't need to change the hostname of cucm and presence server to ip. Its just your service profile (where you define your services that should have ip address)

 

Please rate all useful posts "The essence of christianity is not the enthronement but the obliteration of self --William Barclay"
New Member

thank you for your answer.we

thank you for your answer.

we are using expressway-E with Public ip address.

so I think we don't need to do NAT configuration.

and also using MRA Traversal zone point to the DNS name of the expressway E.

if you want to see our system, I can tell you our anyconnect account.

could you tell me your E-mail address ?

 

VIP Super Bronze

You definitely NAT

You definitely NAT configuration. ok here is my email (deji_ok@hotmail.co.uk)

Please rate all useful posts "The essence of christianity is not the enthronement but the obliteration of self --William Barclay"
New Member

we are using jabber well now

we are using jabber well now .

 

It was my mistake. when I installed IM&P for joining to CUCM , I configured domain name(cup.domain.com) for domain field of IM&P on CUCM. so IM&P was configured "cup.domain.com" by that configuration.

I reconfigured that to "domain.com" and then I am using well.

Hi, Could you please let me

Hi,

 

Could you please let me know how the issue was resolved ?

 

Cheers,

Raaj.

New Member

Hicould you tell me more

Hi

could you tell me more about how to resolved the issue?

I had met the same issue.

 

2249
Views
15
Helpful
16
Replies
CreatePlease login to create content