Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2645
Views
4
Helpful
6
Replies

Cannot login to Cisco Jabber 10.5.1 over Mobile and Remote Access

Tibor Marchyn
Level 1
Level 1

‎10-13-2014 08:51 AM - edited ‎03-17-2019 04:33 PM

Hi,

We have deployed sucessfully VCS Expressway-C and VCS Expressway-E with only 1 zone which is "Unified Communication Traversal" and is for Mobile and Remote Access only. VCS-C and VCS-E are communicating and in statuses everything is active and working. Also VCS-C can communicate with CUCM and CUP (both version 10.5).

Problem is when I deploy Cisco Jabber 10.5.1 on computer outside of LAN and without VPN it start communicating with VCS-E, ask me for accepting certificate (we have certificate only intenally generated on Windows CA) and after that it is trying to connect and after few seconds it will tell me that it can't communicate with server.

 

Did any of you had same problem or can you advice how to troubleshoot? In Jabber logs there is only something like "Cannot authenticate" error message, but when I startup VPN I can authenticate without any problems.

 

Thanks

1 person had this problem
Labels:
0 Helpful
6 Replies 6

Anthony Holloway
Cisco Employee
Cisco Employee

‎10-13-2014 11:29 AM

On Expressway-C are your HTTP Allow Lists setup properly?  By default, and auto discovered CUCM and IMP should be listed via IP and Hostname, but if not, you'll need to insert manually.

Also, you can look at the config file your Expressway-E would be handing out to Jabber via this method.

From the internet, browse to:

https://vcse.yourdomain.com:8443/Y29sbGFiLmNvbQ/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin


Where:

  • vcse is your Expressway-E hostname (or CNAME/A record)
  • yourdomain.com is your own domain
  • The first directory is your Base64 encoded domain name, remove and trailing equal signs (=)


The XML returned is basically the DNS SRV record information available as if internal for _cisco-uds and _cuplogin

TFTP DNS SRV is optional if you configured TFTP in IMP for your Legacy Clients.

 

0 Helpful

Tibor Marchyn
Level 1
Level 1
In response to Anthony Holloway

‎10-15-2014 08:48 AM

It looks like CUP server bug.

 

We had 10.5 RTM version. I have upgraded to UCSInstall_CUP_10.5.1.12900-2 after I've created this question and also renamed my VCS-E server hostname to match my CUP domain when clients are looking from outside.

Example: I had vcs-e.domain.com and I have renamed to vcs-e.cz.domain.com (as my CUP domain is cz.domain.com) and updated SRV records to match new hostname.

 

So I don't know if it was bug, or incompatibility between CUP 10.5 RTM and VCS 8.2.2 but now after these 2 changes I'm able to login with mobile and remote access normally. No change in configuration, just upgrade CUP and external hostname change of VCS-E.

 

Thanks all

josepaulopetry
Level 1
Level 1
In response to Tibor Marchyn

‎11-05-2014 09:30 AM

i had problems that after changing the hostname on Edge and matching it with DNS records it worked, so probably this configuration change fixed your issue.

0 Helpful

josepaulopetry
Level 1
Level 1

‎10-14-2014 07:46 AM

can you log in from inside your lan? using the same jabber account?

0 Helpful

Tibor Marchyn
Level 1
Level 1
In response to josepaulopetry

‎10-15-2014 08:44 AM

yes, without any problems

0 Helpful

stephenchuska
Level 1
Level 1
In response to Tibor Marchyn

‎11-04-2014 02:13 PM

What is logged under "Event logs" in VCS Expressway?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents