Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Login failed through VCS-e, VCS-c is ok

Hello All.

I have now read so many threads about this issue and i have tried all that I could find.

But still i get:

"Wrong username,domain,and/or Password"

When i try to login to Movi thourgh VCS-e.

Some of the things done:

-Traversal zone with Check credentials

-Sip Proxy enabled on VCS-e

-removed Provisoning key from VCS-e

-Added Public SIP server address to TMS config template.

-Tried several tips on search rules from VCS-e to VCS-c.

What am I missing?

Any advice would be greatly appricated.

Thank you,

Alexander

Everyone's tags (4)
2 ACCEPTED SOLUTIONS

Accepted Solutions

Login failed through VCS-e, VCS-c is ok

Hi Alex,

collect the diagnostic logs and check for subscribe message. see what is happening on VCS-E when it receives the intial reply.

Thanks

Alok

Re: Login failed through VCS-e, VCS-c is ok

If your idea is to register the jabber to VCS-C and not VCS-E, then the local zone match you created is not required. you can simply delete this. and proxy setting is proper.

Please can you modify the traversal search rule on VCS-E from regex to something like any to any alias and test again.

it should works after this as per my udnerstanding

Rgds

Alok

24 REPLIES

Re: Login failed through VCS-e, VCS-c is ok

Did you study the Authenticating Devices Deployment Guide?

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Authenticating_Devices_Deployment_Guide_X7-2.pdf

It would also help the community if you included VCS software version and a brief overview of your deployment, TMS version, provisioning type; TMSPE or Legacy Agent and how are you trying to authenticate; local database, towards AD etc etc.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.
New Member

Login failed through VCS-e, VCS-c is ok

Thank you.

I will look at this guide also and see if it helps me.

My enviroment as of today:

-Legacy Agent

-TMS 13.1.2

-VCS-c X7.1

-VCS-e X7.2.1

Authenteication is done to TMS.

I have Public IP on my VCS-e DNS a reccord for this both inernal and external

Traversal Zone is Active and good.

Login failed through VCS-e, VCS-c is ok

Just be aware even though you may allow your users to register to VCS-E when external to your local network, i.e. at home etc, authentication should be done on the VCS-C for both internal and external users, not the VCS-E.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.
New Member

Login failed through VCS-e, VCS-c is ok

Hello again.

That is what i am trying to do.

however, when i try to log in to movi while on my inetrnal network it is OK.

As soon as I try externally i get the "wrong username" message.

Login failed through VCS-e, VCS-c is ok

...and that's where  the Authenticating Devices Deployment Guide comes into the picture.

/jens 

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.

Login failed through VCS-e, VCS-c is ok

Hi Alex,

collect the diagnostic logs and check for subscribe message. see what is happening on VCS-E when it receives the intial reply.

Thanks

Alok

New Member

Login failed through VCS-e, VCS-c is ok

Hello.

That solved the wrong username issue.

When I looked at the logs i finnaly understood that the login request was not getting to the VCS-c.

Then i found in the logs that it did not match any of my search patterns.

I identified it to be a smal typo in one of my regex statements.

However.

Now i do get a "Login failed due to registration failure. If the problem presist contact IT support."

When i look at the local jabber logs on my computer i see the following:

Signaling User notification: Failed to register - If the problem persist, contact IT support.   (404 Not found) Check your provisioning configuration, make sure the SIP domain on the VCS and in Movi is configured correctly and that the VCS is accessible over TLS and/or TCP.

SIP domain is correct on VCS-c, TMS and in Jabber.

VCS-e is connected directly to the internet with a public IP. no NAT.

As soon as i swithc to my internal network i can login trhough the VCS-c.

Anyone of you that can point me in a direction of where to look?

Thank you again.

-Alex

New Member

Login failed through VCS-e, VCS-c is ok

From the VCSe Debug I was able to identify the following message:

SIPMSG:

|SIP/2.0 404 Not found

Via: SIP/2.0/TLS 10.0.1.46:52243;branch=z9hG4bK4d7b1efe9394977fdb4c7a9245250532.1;received=62.92.90.10;rport=38115;ingress-zone=DefaultZone

Call-ID: 7163f6823ac7f26d@10.0.1.46

CSeq: 9001 REGISTER

From: <>username.movi@domain.com>;tag=314e3758d09ddab7

To: <>username.movi@domain.com>;tag=a8808c3b0eef1efd

Server: TANDBERG/4120 (X7.2.1)

Warning: 399 193.90.120.31:5061 "Policy Response"

Content-Length: 0

Before this I see the SIP Subscribe, SIP OK messages.

The SIP message before this is the REGISTER.

Don't know if this helps...

Re: Login failed through VCS-e, VCS-c is ok

The "Policy Response" indicates you have an incorrect zone authentication and/or registration policy.

This is what I'm using on my VCS-E and VC-C - and it works.

(I'm authentication towards AD on the VCS-C, provisioning is TMSPE)

DefaultZone:

Authentication policy: Do not check credentials

Default SubZone:

Registration policy: Allow

Authentication policy: Do not check credentials

Traversal SubZone:

Authentication policy: Do not check credentials

On VCS-C:

Default SubZone:

Registration policy: Allow

Authentication policy: Check Credentials

DefaultZone:

Authentication policy: Check Credentials

Traversal SubZone:

Authentication policy: Check Credentials

Accept proxied registrations: Allow

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.
New Member

Login failed through VCS-e, VCS-c is ok

Hello.

I tried with your settings but get the same issue.

And registraion policy is set to None.

Any other ideas?

Re: Login failed through VCS-e, VCS-c is ok

I just updated with my VCS-C settings. Compare and try, I guess

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.

Re: Login failed through VCS-e, VCS-c is ok

Alexander,

what is your setup? single nic, dual nic ?

what are this ip-addresses?

193.90.120.31

62.92.90.10

10.0.1.46

i think you need to check the forum. search for jabber issues in telepresence forum you will see lot of replies.

Rgds

alok

New Member

Login failed through VCS-e, VCS-c is ok

193.90.120.31 - VCSe

62.92.90.10 - PC where Jabber is logging in from.

10.0.1.46 - This i acutally don't know.

Login failed through VCS-e, VCS-c is ok

you said before 404 message there is a REGISTER message . can you paste that message here?

Also what kind of search rules you have on VCS-E an VCS-C

Rgds

Alok

New Member

Re: Login failed through VCS-e, VCS-c is ok

Thank you for helping on this.

SIPMSG:

|REGISTER sip:fmcti.com SIP/2.0

Via: SIP/2.0/TLS 10.0.1.46:52243;branch=z9hG4bK4d7b1efe9394977fdb4c7a9245250532.1;received=62.92.90.10;rport=38115

Call-ID: 7163f6823ac7f26d@10.0.1.46

CSeq: 9001 REGISTER

Contact: ;+sip.instance=""

From: <>username.movi@domain.com>;tag=314e3758d09ddab7

To: <>username.movi@domain.com>

Max-Forwards: 70

Route: <193.90.120.31:5061>

Allow: INVITE,ACK,CANCEL,BYE,INFO,OPTIONS,REFER,NOTIFY

User-Agent: TANDBERG/774 (MCX 4.6.3.17194) - Windows

Expires: 3600

Supported: replaces,100rel,timer,gruu

Content-Length: 0

VCS-E search rulse:

PriorityStateRule nameProtocolSourceAuthentication requiredModePattern typePattern stringPattern behaviorOn matchTarget
40EnabledTraversal ZoneAnyAnyNoAlias pattern matchRegex(?!domain.com)([^@]*)ReplaceContinueVCS
40EnabledTraversal Zone - full URIAnyAnyNoAlias pattern matchRegex(.+)@domain.com.*LeaveContinueVCS
150EnabledDNS Search RuleAnyAllZonesNoAlias pattern matchRegex(?!.*@%localdomains%.*$).*LeaveContinueDNSZone

VCS-C search rules:

PriorityStateRule nameSourceAuthentication requiredModePattern typePattern stringPattern behaviorOn matchTarget
48EnabledLocal Zone - No domainAnyNoAlias pattern matchRegex(.+)@domain.com.*ReplaceContinueLocalZone
50EnabledLocal Zone - full URIAnyNoAlias pattern matchRegex(.+)@domain.com.*LeaveContinueLocalZone
100EnabledTraversal ZoneAnyNoAny alias


ContinueVCS
100EnabledExternal IP SearcAnyNoAny IP address


ContinueVCS

I have called the traversal zone for VCS on both VCS-C and VCS-E.

New Member

Re: Login failed through VCS-e, VCS-c is ok

I also checked the debug log on VCS-C and there i don't see the 404 error.

The last message there is a SIP OK message.

Re: Login failed through VCS-e, VCS-c is ok

Where do you want your jabber to register?

I don't see a search rule for local zone match on the VCS-E.  can you create a search rule for local zone match a default rule any to any alias rule.

your idea is to register the jabber on VCS-E right ?

Rgds

Alok

New Member

Re: Login failed through VCS-e, VCS-c is ok

I added this to VCS-E

38Enabledvcs defaultAnyAnyNoAny alias


ContinueLocalZone

The idea is to proxy the registration to the VCS-C using the VCS-E for users outside our network.

Re: Login failed through VCS-e, VCS-c is ok

after adding the rule does your registration works ?

Also can you let me know if you have sip domain configured on VCS-E? and under sip configuration have you set proxy registration?

Rgds

Alok

New Member

Re: Login failed through VCS-e, VCS-c is ok

Still not working.

SIP Registration proxy mode: Proxy to known only

No SIP domains configured on VCS-E.

-alex

Re: Login failed through VCS-e, VCS-c is ok

If your idea is to register the jabber to VCS-C and not VCS-E, then the local zone match you created is not required. you can simply delete this. and proxy setting is proper.

Please can you modify the traversal search rule on VCS-E from regex to something like any to any alias and test again.

it should works after this as per my udnerstanding

Rgds

Alok

New Member

Re: Login failed through VCS-e, VCS-c is ok

It works!

I added a "Any to Any" search rule with lowest priority pointing to the traversal zone.

And that was it.

Can I just leave it this way or do you recommend me to modify the search?

Thank you so much!!

-alex.

Re: Login failed through VCS-e, VCS-c is ok

Alex,

see the registration message from jabber.

|REGISTER sip:fmcti.com SIP/2.0  -- asking domain to register

Via: SIP/2.0/TLS 10.0.1.46:52243;branch=z9hG4bK4d7b1efe9394977fdb4c7a9245250532.1;received=62.92.90.10;rport=38115

Call-ID: 7163f6823ac7f26d@10.0.1.46

CSeq: 9001 REGISTER

Contact:  ;+sip.instance=""

From: <>username.movi@domain.com>;tag=314e3758d09ddab7

To: <>username.movi@domain.com>

Max-Forwards: 70

Route: <193.90.120.31:5061>

Allow: INVITE,ACK,CANCEL,BYE,INFO,OPTIONS,REFER,NOTIFY

User-Agent: TANDBERG/774 (MCX 4.6.3.17194) - Windows

Expires: 3600

Supported: replaces,100rel,timer,gruu

Content-Length: 0

so you should have a search rule to pass this to VCS-control in your case.

Rgds

Alok

New Member

Re: Login failed through VCS-e, VCS-c is ok

Thank you again.

-alex

643
Views
0
Helpful
24
Replies
CreatePlease to create content