Hola Jaime,

Of course i checked for the same behavior in previous threads, but no luck :(

I just noticed that if i downgrade jabber to any version previous than 10.6 it starts working.

Any ideas?

N.B: What do you mean with FIPS? 

Anyone guys?

JAime , you were right,

Hi guys,

I managed to resolve the login problem.

Once i disabled FIPS mode on my Windows 8.1 PC , i was able to login using jabber 10.6.X versions.

US Federal Government Requirements

• FIPS 140-2 - You can use Cisco Jabber for Windows in compliance with FIPS (Federal Information Processing Standard, Publication 140-2) to ensure compliance with the standards for information security and encryption. When you set your Operating System to run in FIPS mode, Jabber detects FIPS mode and also runs in it. For more information, see the Security chapter in the Cisco Jabber 10.6 Planning Guide.

Regards

I am having the same issue but Windows 10, tried to manually import the server certs and still not accepting them. How do you disable FIPS in windows 10 or where did you get your instructions for windows 8.1?

a. Click Start, type regedit in the start search box and hit enter.

b. In the registry editor navigate to

HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled

c. This registry value reflects the current FIPS setting. If this setting is enabled, the value is 1. If this setting is disabled, the value is 0.

d. To disable it double click on the file and select 0.

Please note that we've had some users that had AnyConnect VPN client set to enforce FIPS, and it will override and re-enable this registry setting (along with local security policy) upon reboot.  I've posted about this on Microsoft forums as well.  As others have noted the root issue is that the certificates aren't FIPS compliant.  However, if you are trying to disable FIPS...

AnyConnect can have FIPS enforcement turned on, if that is the case AnyConnect Local Policy File overrides Windows policy FIPS settings and will always re-enable this following reboot.  To disable FIPS AnyConnect enforcement, need to change a parameter in the AnyConnect Local Policy XML file (Consider the ramifications here):

1.    Go here:  C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client
2.    In Notepad, Edit the AnyConnect Local Policy File “AnyConnectLocalPolicy.xml”
3.    Set the “FipsMode>false</FipsMode>” to false

Can read more about this on the Cisco AnyConnect Secure Mobility Client Administrator Guide, find the section "Enabling FIPS and Additional Security in the Local Policy"

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac09localpolicy.html#pgfId-1109683

Ok Java, it's FIPS and we can disable it through GPO or whatever the way.

But we have dozens of clients that have deployed clusters of CUCM with the default certificate.

Shall we go to them one by one to convince them to regenerate certificates of their production CUCM so they can continue using Jabber ? Is this the logic ?

Shall we convince them to deactivate FIPS from the Domain Controller ? Is this what is expected ?

This is unfair really. For one moment Jabber has been easy to deploy and to be adopted by customers.

But here Jabber regained its deserved name "Personal Communicator" with all its bugs and its hell to deploy.

I'm just the messenger here, I don't know why they changed it, if you want to take this up to the Jabber team, engage with your AM so you can provide them this feedback, and possibly, their logic behind this.