Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Mobile and Remote Access via Cisco VCS - Jabber can't log in

Hello everybody,

I'm during a configuration of Mobile and Remote Access via Cisco VCS. Even though a status of my configuration on both VCSs in "Status->Unified Communications" looks OK, I still can't log in successfully using Jabber 9.7.1 client. I've checked logs on my VCS expressway and I probably localized a problem.

Event Log:

2014-05-17T17:12:58+02:00traffic_server[1282]: Event="Sending HTTP error response" Status="400" Reason="Bad Request" Dst-ip="Jabber_IP_Address" Dst-port="59415" UTCTime="2014-05-17 15:12:58,695"
2014-05-17T17:12:36+02:00sshdpfwd[7425]: Received disconnect from NAT_router_IP: 11: disconnected by user
2014-05-17T17:12:36+02:00sshdpfwd[7423]: Event="sshd" Module="openssh" Level="INFO" Detail="User child is on pid 7425" UTCTime="2014-05-17 15:12:36"
2014-05-17T17:12:36+02:00sshdpfwd[7423]: Event="sshd" Module="openssh" Level="INFO" Detail="Accepted publickey for pfwd from NAT_router_IP port 40968 ssh2" UTCTime="2014-05-17 15:12:36"
2014-05-17T17:12:36+02:00sshdpfwd[7423]: Event="sshd" Module="openssh" Level="INFO" Detail="Authorized by X509(rsa) : CN=...,OU=...O=...,L=...,ST=...,C=..." UTCTime="2014-05-17 15:12:36"
2014-05-17T17:12:36+02:00sshdpfwd[7423]: Event="sshd" Module="openssh" Level="INFO" Detail="Connection from NAT_router_IP port 40968" UTCTime="2014-05-17 15:12:36"
2014-05-17T17:12:36+02:00sshdpfwd: Event="sshd" Module="openssh" Level="INFO" Detail="sshdpfwd run in non-FIPS mode" UTCTime="2014-05-17 15:12:36"
2014-05-17T17:12:36+02:00sshdpfwd[7423]: Event="sshd" Module="openssh" Level="INFO" Detail="Set /proc/self/oom_score_adj to 0" UTCTime="2014-05-17 15:12:36"
2014-05-17T17:12:18+02:00traffic_server[1282]: Event="Sending HTTP error response" Status="400" Reason="Bad Request" Dst-ip="Jabber_IP_Address" Dst-port="59391" UTCTime="2014-05-17 15:12:18,449"

 

Network log:

2014-05-17T17:12:58+02:00traffic_server[1282]: UTCTime="2014-05-17 15:12:58,695" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="439" Dst-ip="Jabber_IP_Address" Dst-port="59415" Msg="HTTP/1.1 400 Bad Request"
2014-05-17T17:12:58+02:00traffic_server[1282]: UTCTime="2014-05-17 15:12:58,695" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="439" Src-ip="Jabber_IP_Address" Src-port="59415" Msg="POST https:///EPASSoap/service/v80 HTTP/1.1"

 

It seems to me as there's a missed CUPS IP address in POST request (POST https:///EPASSoap/service/v80 HTTP/1.1).

Thanks for any help!

kozooh

 

P.S. Confidential content is replaced by Jabber_IP_address and NAT_router_IP.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

yes, I have configured the

yes, I have configured the SRV Records inside as described in the guide (_cuplogin and _cisco-uds)

 

I got it to work today.

Check if you can resolve your Expressway E hostname from public DNS. Jabber Client is requesting from outside _collab-edge._tls.domain.com (beside all others). Most likely you have that covered, pointing to an A record which then points to your Expressway E. But after Jabber client gets the answer, it then requests the hostname of Expressway E (which was different than public A record im my case).

I added that and it worked.

Alternatively, add Expressway E hostname with public IP in your hosts file.

 

regards, Dave

23 REPLIES
New Member

I have the same problem -

I have the same problem - with the same messages in the log.

 

Also: On Expressway C under Status - Unified Communications, I can see provisioned sessions.

On the bottom is a link to view them. I can see there multiple entries for my one (and only) external test user.

However, this user never was able to go online with his jabber client from outside. From inside - no problem.

 

Would appriciate any help - I'm stuck for days on this topic.

Dave

New Member

Hi David! "Nice" to hear I'm

Hi David!

 

"Nice" to hear I'm not alone with this problem. Could you tell me if you've configured any internal DNS records as it's stated in the config guide?

 

Kind regards

New Member

yes, I have configured the

yes, I have configured the SRV Records inside as described in the guide (_cuplogin and _cisco-uds)

 

I got it to work today.

Check if you can resolve your Expressway E hostname from public DNS. Jabber Client is requesting from outside _collab-edge._tls.domain.com (beside all others). Most likely you have that covered, pointing to an A record which then points to your Expressway E. But after Jabber client gets the answer, it then requests the hostname of Expressway E (which was different than public A record im my case).

I added that and it worked.

Alternatively, add Expressway E hostname with public IP in your hosts file.

 

regards, Dave

New Member

Thank you Dave, apart from

Thank you Dave, apart from some others DNS issues I had, you hit the nail on the head! This all domain's stuff could be a real pain in the neck...

To troubleshoot these problems, I do recommend to run Wireshark on your internal DNS server and check requests which one receives. For instance, I've no idea why, I got requests about SRV record _cisco-phone-tftp._tcp.example.com 0 0 69 cftp.example.com on my internal DNS! After I added it pointing to my CUCM, everything works like a charm.

 

Kind regards, kozooh

New Member

Hi all, I'm having the same

Hi all, 

I'm having the same issue here, just wandering if you ever got to the bottom of it. 

I have followed all the steps but I'm getting Status=400 error.

 

Thanks

New Member

Hi there,Could you post some

Hi there,

Could you post some logs where the problem arises? (Please remember to anonymize any confidential data like public IP addresses and domain names.)

 

Kind regards

New Member

Hi, thanks for your reply.

Hi, thanks for your reply. 

Please see below the logs from my Expressway-E

Event Log 
2015-08-04T14:06:37+01:00 traffic_server[24579]: Event="Sending HTTP error response" Status="400" Reason="Bad Request" Dst-ip="Jabber_Remote_IP" Dst-port="10006" UTCTime="2015-08-04 13:06:37,622"
2015-08-04T14:06:08+01:00 traffic_server[24579]: Event="Sending HTTP error response" Status="400" Reason="Bad Request" Dst-ip="Jabber_Remote_IP" Dst-port="10000" UTCTime="2015-08-04 13:06:08,595"
 
Network log
2015-08-04T14:06:37+01:00 traffic_server[24579]: UTCTime="2015-08-04 13:06:37,622" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="7" Dst-ip="Jabber_Remote_IP" Dst-port="10006" Msg="HTTP/1.1 400 Bad Request"
2015-08-04T14:06:37+01:00 traffic_server[24579]: UTCTime="2015-08-04 13:06:37,621" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="7" Src-ip="Jabber_Remote_IP" Src-port="10006" Msg="POST https:///EPASSoap/service/v80 HTTP/1.1"
New Member

Have you run Wireshark on a

Have you run Wireshark on a PC with the remote Jabber to check if all domain names and SRVs are correctly resolved?

 

Please also check that your DNS records are configured as stated here: https://supportforums.cisco.com/sites/default/files/attachments/discussion/jabber_mra_multi_domain_deployment.pdf It's tailored for multidomain deployments but you can easily adapt it to a single domain configuration as well.

New Member

Thanks for the document. Very

Thanks for the document. Very helpful. 

I have run Wireshark and dns and SRV seem to be working fine. 

Quick question: If I go into Jabber Advanced Settings, and manually enter the Cisco IM&P address (which is the address of my Expressway-E), should it work?

New Member

Unfortunatelly no, you need

Unfortunately no, you need to login using user@domain.com and Jabber will automatically find Expressway-E address. In Jabber as an account type choose "Cisco IM & Presence" and "default server" option.

As for https:///EPASSoap/service/v80 HTTP/1.1, I recalled that a missing CUCM hostname will appear in this URL (between https:// and /) if you set Hostname in Cisco Unified OS Administration->Settings->IP->Ethernet. Also make sure that a domain name and DNS servers are set correctly in CUCM. I don't think if it's the issue but you could give it a try.

New Member

DNS has been configured on

DNS has been configured on CUCM as well as a host name and domain name. Still shows up as https:///EPASSoap/service/v80 HTTP/1.1.

I'm trying to log in using jabber@domain.com, but still says "Cannot communicate with the server". And also getting the same error logs on Expe.

Looking a my wireshark trace, I can see that I do have communication with the Expe

 

New Member

Does reuests reach Expressway

Do reuests reach Expressway-C? If so, there's a problem between Exp-C and CUCM. You can check if Expressway-C is able to resolve all SRVs (and A records as well), to do that just go to Maintenance->Tools->Network utilities->DNS lookup, set query type to SRV and check if all internal SRVs are resolved correctly.

You can also turn on debugging DNS on Exp-C. In order to do that go to Maintenance->Diagnostics->Advanced->Network Log configuraton and set network.dns to debug. It will show up in Network Log which DNS Exp tries to resolve.

If status of MRA in Status->Unified Communications shows everything's all right then I'm pretty sure it's some DNS issue.

New Member

Does the communication

Does the communication between Exp-c and CUCM have to be with TLS? Is it mandatory? Just to rule out some options I would like to disable if I can.

I will try the guidelines you gave me. 

 

Thanks again.

 

New Member

No, it's not necessary,

No, it's not necessary, Expressway-C will create a TCP zone automatically and that's ok. Are you deploying the single or multi domain deployment? If multi, then remember to add both internal and external domain on Expressway-C.

New Member

It's only a single domain

It's only a single domain deployment. 

I will try again later today and will let you know. 

 

Thanks for the help so far.. 

New Member

Hi, I have a same problem but

Hi,

 

I have a same problem but I don't underground very well the DNS record must I put in DNS interne and externe, can you please write an exemple with exactaly record h _collab-edge._tls  _cisco-uds._tcp and _cuplogin._tcp.

Thank you very match for your help 

 

New Member

You should configure your

You should configure your internal DNS server with _cisco-uds._tcp and _cuplogin._tcp records. That's what Jabber looks for at the beginning (cisco-uds record) to find out if it's outside or inside a corporate's network.

Here's an example of both records:
_cisco-uds._tcp.example.com. SRV 10 10 8443 cucm.example.com.
_cuplogin._tcp.example.com. SRV 10 10 8443 cups.example.com.

 

You should configure your public DNS server with _collab-edge._tls record. That's what Jabber looks for if it doesn't find aforementioned records. If found collab-edge record then it knows it's outside a corporate's network.

Here's an example of the record:
_collab-edge._tls.example.com. SRV 10 10 8443 vcs-e.example.com.

 

You also need _sips._tcp record on your public DNS server which is used for general deployment (you probably have configured one yet).

Here's an example of the record:
_sips._tcp.example.com. SRV 10 10 5061 vcs-e.example.com.

 

Should you have any problems, please refer to Unified Communications Mobile and Remote Access via Cisco VCS Deployment Guide and don't hesitate to ask.

 

Regards, kozooh
Please rate useful posts.

New Member

 Thank you very much

 

Thank you very much kozooh147

it exactly what I want. I try and I  will make a return

 

Amine 

New Member

Hi kozooh147,  I know is a

Hi kozooh147, 

 

I know is a very basic thing for a DNS admin, but I am not wink

Can you please check and validat the exemple in my Attachment picture

 

Thank you very much kozooh147, 

 

Amine 

New Member

Looks OK, be sure you are

Looks OK, be sure you are able to resolve Expresswat.lab.local to an IP address.

New Member

Thank you a lot  kozooh147I

Thank you a lot  kozooh147wink

I tested in internal nework,  it work fine yes I am very happy 

 

 

 

 

 

New Member

Hi, Can you please advise if

Hi,

 

Can you please advise if you have to use an Email address as the user name?

 

I have a customer who is using login names to sign into Jabber for windows on the internal network however, if this is like lync where by you must using a sip URI/email address to login then do I need to update the login id?

If  I use an email address then I assume the @domain.com would provide the lookup for the _collab... record.

Any assistance would be great as I cannot login with the user ID externally using VCS-C and E with UC enabled records and firewall ports.

 

Thanks

Cisco Employee

You need to log in with your

You need to log in with your JID, userID@domain, so the RHS is used to lookup the SRVs for _collab-edge and _sips.

Once they're found and stored, for that particular user, you only use the userID.

If you try to log with other user, even from the same domain, JID is required again.

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
3125
Views
5
Helpful
23
Replies
CreatePlease to create content