Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Highlighted
Community Member

Jabber idbroker.webex.com certificate request during the first start

Hello, dear support community.
I have CUCM, IMP 10.5 installed. SSO is configured.

A couple of users complain that for some reason their jabber clients pop-up a notification about certificate for idbroker.webex.com with possible actions, - accept, decline and show the certificate (as it is usual when a certificate is untrusted). It is issued by HydrantID SSL ICA G2.

Just too accept this cert and forget about this for the next logins is not a big deal.

 

However, I didn't configure any external connections to webex or other cloud services.
That is why my concerns are why some of jabber clients try to connect idbroker.webex.com ?

and how do prevent/disable it ?

Service Profile is configured only with local services (CTI, IMP, Directory) but it is not assigned to any users.

jabber-config file is almost empty:

<config version="1.0">
<Client>
<Persistent_Chat_Enabled>true</Persistent_Chat_Enabled>
</Client>
<Directory>
<DirectoryServerType>UDS</DirectoryServerType>
</Directory>
<Policies>
<Disallowed_File_Transfer_Types>.exe;.msi</Disallowed_File_Transfer_Types>
<EnableSIPURIDialling>true</EnableSIPURIDialling>
</Policies>
</config>

 

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Super Bronze

Re: Jabber idbroker.webex.com certificate request during the first start

As part of Service Discovery Jabber checks WebEx Messenger (the SaaS alternative to IM&P) to see if the domain is provisioned in the cloud. If not it then looks for DNS SRV records for on-premises gear.

You can disable that check using the installer flag EXCLUDED_SERVICES=WEBEX
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_9/cjab_b_on-premises-deployment-for-cisco-jabber/cjab_b_on-premises-deployment-for-cisco-jabber_chapter_010000.html

Assuming they haven’t deprecated it, Jabber used to also check for a DNS TXT record to see if a domain had a non-standard Service Discovery configuration. I haven’t seen this mentioned in the last few years though.
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/iPad/9_x/JABP_BK_J3C828CB_00_jabber-for-ipad-admin_chapter_01000.html#JABP_TK_C2E228F0_00

PS- Jabber also sends Usage telemetry to Cisco so they know which features users are/aren’t using. You might be tempted to say they don’t need that; however, I have seen them pull features out of Jabber multiple times over the years claiming that telemetry shows no one is using it. I suggest leaving it enabled. If you’re really set on cutting Jabber off from “the cloud”:
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/10_5/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber_chapter_01.html#CJAB_RF_C87CBDFA_00
4 REPLIES
VIP Super Bronze

Re: Jabber idbroker.webex.com certificate request during the first start

As part of Service Discovery Jabber checks WebEx Messenger (the SaaS alternative to IM&P) to see if the domain is provisioned in the cloud. If not it then looks for DNS SRV records for on-premises gear.

You can disable that check using the installer flag EXCLUDED_SERVICES=WEBEX
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_9/cjab_b_on-premises-deployment-for-cisco-jabber/cjab_b_on-premises-deployment-for-cisco-jabber_chapter_010000.html

Assuming they haven’t deprecated it, Jabber used to also check for a DNS TXT record to see if a domain had a non-standard Service Discovery configuration. I haven’t seen this mentioned in the last few years though.
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/iPad/9_x/JABP_BK_J3C828CB_00_jabber-for-ipad-admin_chapter_01000.html#JABP_TK_C2E228F0_00

PS- Jabber also sends Usage telemetry to Cisco so they know which features users are/aren’t using. You might be tempted to say they don’t need that; however, I have seen them pull features out of Jabber multiple times over the years claiming that telemetry shows no one is using it. I suggest leaving it enabled. If you’re really set on cutting Jabber off from “the cloud”:
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/10_5/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber_chapter_01.html#CJAB_RF_C87CBDFA_00
Community Member

Re: Jabber idbroker.webex.com certificate request during the first start

Hello, Jonathan.
You are right - I have already disabled EXCLUDED_SERVICES=WEBEX and it helped.
However, it is odd a little bit, because only several jabber clients faced this exactly request during jabber initiation. DNS and version of jabber are the same for any working stations within a company.
Why do you think others didn't experience the same behavior ?

VIP Super Bronze

Re: Jabber idbroker.webex.com certificate request during the first start

My only guess is those clients’ operating system (ie Windows, macOS, etc) did not trust the issuing Certificate Authority for some reason.

Community Member

Re: Jabber idbroker.webex.com certificate request during the first start

Yes, it looks like this is a problem.
I guess the question why some work stations don't accept certificates is to MS Admins.
Thank you.
1295
Views
5
Helpful
4
Replies
CreatePlease to create content