Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
28340
Views
0
Helpful
24
Replies

Cisco Jabber - You cannot login outside corporate network

Dean O'Meara
Level 1
Level 1

‎01-17-2017 07:48 AM - edited ‎03-17-2019 06:37 PM

Hi,

I am setting up a lab which has the below

CUCM
IMP
Expressway-C
Expressway-E

I am able to login to Jabber internally fine and make calls but when trying to login externally I am getting a message from the client, "You cannot login outside corporate network. Contact your admin"

When I look at the Expressway-E the error I get when trying to login is

httpd[30621]: web: Event="Security Alert" Src-ip="82.132.237.193" Src-port="34946" Detail="Possible Cross Site Scripting (XSS) attempt detected." UTCTime="2017-01-17 15:41:33"

Has anyone else experienced this & know of a fix?

Thanks

6 people had this problem
Labels:
0 Helpful
24 Replies 24

Jaime Valencia
Cisco Employee
Cisco Employee

‎01-17-2017 10:36 AM

I don't believe that is related to MRA, have you made sure all of the MRA configuration is configured as per the guides?

do you see any MRA related logs in the EXP-C?

HTH

java

if this helps, please rate
0 Helpful

Dean O'Meara
Level 1
Level 1
In response to Jaime Valencia

‎01-18-2017 12:58 AM

Hi,

Yes all configuration done as per the guides, I see no evidence of my attempt to login on Exp-c, I only see this error on Exp-E

0 Helpful

Jaime Valencia
Cisco Employee
Cisco Employee
In response to Dean O'Meara

‎01-18-2017 07:28 AM

OK, were those EXP-C/E freshly deployed for MRA?? or where they used for something before?

Any warnings on either server??

HTH

java

if this helps, please rate
0 Helpful

Steven Luton
Level 1
Level 1
In response to Jaime Valencia

‎01-24-2017 02:29 PM

I just deployed version 8.9.  I can sign in, but, sometimes, when I sign out, I get that message.  Then I can let a few minutes pass and I sign in successfully.  Never seen this error before.

0 Helpful

Dean O'Meara
Level 1
Level 1
In response to Steven Luton

‎02-07-2017 12:49 AM

I still have this same issue, I suspect this may have something to do with the VCS firmware level?

What version is everyone running who is experiencing this issue?

0 Helpful

ahmad_tamneh
Level 4
Level 4
In response to Dean O'Meara

‎03-16-2017 03:38 AM

8.8.2

0 Helpful

bannouraw
Level 1
Level 1
In response to ahmad_tamneh

‎05-25-2017 11:31 AM

Hi All,

I am also facing the same issue. When I login from the jabber from outside, it takes me to the Certificate page but after clicking on.Continue it replies :

Cannot communicate outside the corporate network.

All the configuration are verified they are fine.

Vcse is 8.9.2 

I don't understand where is the problem.

Please help guys with a solutions

Thank you for your support I advance

0 Helpful

Steven Luton
Level 1
Level 1
In response to bannouraw

‎05-25-2017 12:06 PM

Are you 100% sure your expressway e certificate is a SAN certificate and has all the needed names in the alternative name section?  It must contain the domain as an alternative name.  That's the only difference between a deployment that had this issue and the deployment, I did after, that didn't.

0 Helpful

bannouraw
Level 1
Level 1
In response to Steven Luton

‎05-25-2017 12:23 PM

Thank u for the response Steven.

Can you please tell me where will I get SAN certificate for VCS E??

Which names should be included in it

0 Helpful

Steven Luton
Level 1
Level 1
In response to bannouraw

‎05-25-2017 12:36 PM

Look at page 10 and 11 from this document, it explains what needs to be added as alternate names and provides a picture on how to fill out a CSR for it to be signed.

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-9/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-9.pdf

You specifically request a SAN certificate from your third party CA.  I recommend DigiCert, I have very little issues with them.

0 Helpful

bannouraw
Level 1
Level 1
In response to Steven Luton

‎05-25-2017 12:52 PM

Is this costing money??

0 Helpful

Steven Luton
Level 1
Level 1
In response to bannouraw

‎05-25-2017 12:55 PM

Yes.  The expressway e requires a 3rd party certificate.  Everything else can be signed by an internal CA, but the E server needs a 3rd party cert to work correctly.

0 Helpful

bannouraw
Level 1
Level 1
In response to Steven Luton

‎05-28-2017 04:01 AM

Hi All,

Today when I check in the event logs, I am getting below response :

edgeconfigprovisioning: Level="WARN" Service="ECS" Detail="Request failed" User="('username', 'gulf123')" Reason="Unable to determine home CUCM" Reason="UDS not available" UTCTime="2017-05-28 10:40:30,069

edgeconfigprovisioning: Level="WARN" Service="UDSManager" Detail="UDS lookup" Server="cucmadmin.gulfsls.com" Deployment="1" Reason="Reason="UC node not found" Name="cucmadmin.gulfsls.com"" UTCTime="2017-05-28 10:40:30,360"

Can anyone help what is this, and why it is giving this error??

 I need to make Jabber work by tomorrow. please help.

Regards

Zuher

0 Helpful

j.huizinga
Level 6
Level 6
In response to bannouraw

‎05-28-2017 08:35 AM

Maybe on the inside you have a different domain from the outside?

JH

0 Helpful
Customers Also Viewed These Support Documents