Showing results for 
Search instead for 
Did you mean: 
Walkthrough Wednesdays
Tibor Marchyn

Cannot login to Cisco Jabber 10.5.1 over Mobile and Remote Access


We have deployed sucessfully VCS Expressway-C and VCS Expressway-E with only 1 zone which is "Unified Communication Traversal" and is for Mobile and Remote Access only. VCS-C and VCS-E are communicating and in statuses everything is active and working. Also VCS-C can communicate with CUCM and CUP (both version 10.5).

Problem is when I deploy Cisco Jabber 10.5.1 on computer outside of LAN and without VPN it start communicating with VCS-E, ask me for accepting certificate (we have certificate only intenally generated on Windows CA) and after that it is trying to connect and after few seconds it will tell me that it can't communicate with server.


Did any of you had same problem or can you advice how to troubleshoot? In Jabber logs there is only something like "Cannot authenticate" error message, but when I startup VPN I can authenticate without any problems.



Anthony Holloway
Cisco Employee

On Expressway-C are your HTTP Allow Lists setup properly?  By default, and auto discovered CUCM and IMP should be listed via IP and Hostname, but if not, you'll need to insert manually.

Also, you can look at the config file your Expressway-E would be handing out to Jabber via this method.

From the internet, browse to:


  • vcse is your Expressway-E hostname (or CNAME/A record)
  • is your own domain
  • The first directory is your Base64 encoded domain name, remove and trailing equal signs (=)

The XML returned is basically the DNS SRV record information available as if internal for _cisco-uds and _cuplogin

TFTP DNS SRV is optional if you configured TFTP in IMP for your Legacy Clients.


It looks like CUP server bug.


We had 10.5 RTM version. I have upgraded to UCSInstall_CUP_10.5.1.12900-2 after I've created this question and also renamed my VCS-E server hostname to match my CUP domain when clients are looking from outside.

Example: I had and I have renamed to (as my CUP domain is and updated SRV records to match new hostname.


So I don't know if it was bug, or incompatibility between CUP 10.5 RTM and VCS 8.2.2 but now after these 2 changes I'm able to login with mobile and remote access normally. No change in configuration, just upgrade CUP and external hostname change of VCS-E.


Thanks all

i had problems that after changing the hostname on Edge and matching it with DNS records it worked, so probably this configuration change fixed your issue.


can you log in from inside your lan? using the same jabber account?

yes, without any problems

What is logged under "Event logs" in VCS Expressway?

Content for Community-Ad

Spotlight Awards 2021