cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
28340
Views
0
Helpful
24
Replies

Cisco Jabber - You cannot login outside corporate network

Dean O'Meara
Level 1
Level 1

Hi,

I am setting up a lab which has the below

CUCM
IMP
Expressway-C
Expressway-E

I am able to login to Jabber internally fine and make calls but when trying to login externally I am getting a message from the client, "You cannot login outside corporate network. Contact your admin"

When I look at the Expressway-E the error I get when trying to login is

httpd[30621]: web: Event="Security Alert" Src-ip="82.132.237.193" Src-port="34946" Detail="Possible Cross Site Scripting (XSS) attempt detected." UTCTime="2017-01-17 15:41:33"

Has anyone else experienced this & know of a fix?

Thanks

24 Replies 24

Jaime Valencia
Cisco Employee
Cisco Employee

I don't believe that is related to MRA, have you made sure all of the MRA configuration is configured as per the guides?

do you see any MRA related logs in the EXP-C?

HTH

java

if this helps, please rate

Hi,

Yes all configuration done as per the guides, I see no evidence of my attempt to login on Exp-c, I only see this error on Exp-E

OK, were those EXP-C/E freshly deployed for MRA?? or where they used for something before?

Any warnings on either server??

HTH

java

if this helps, please rate

I just deployed version 8.9.  I can sign in, but, sometimes, when I sign out, I get that message.  Then I can let a few minutes pass and I sign in successfully.  Never seen this error before.

I still have this same issue, I suspect this may have something to do with the VCS firmware level?

What version is everyone running who is experiencing this issue?

8.8.2

Hi All,

I am also facing the same issue. When I login from the jabber from outside, it takes me to the Certificate page but after clicking on.Continue it replies :

Cannot communicate outside the corporate network.

All the configuration are verified they are fine.

Vcse is 8.9.2 

I don't understand where is the problem.

Please help guys with a solutions

Thank you for your support I advance

Are you 100% sure your expressway e certificate is a SAN certificate and has all the needed names in the alternative name section?  It must contain the domain as an alternative name.  That's the only difference between a deployment that had this issue and the deployment, I did after, that didn't.

Thank u for the response Steven.

Can you please tell me where will I get SAN certificate for VCS E??

Which names should be included in it

Look at page 10 and 11 from this document, it explains what needs to be added as alternate names and provides a picture on how to fill out a CSR for it to be signed.

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-9/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-9.pdf

You specifically request a SAN certificate from your third party CA.  I recommend DigiCert, I have very little issues with them.

Is this costing money??

Yes.  The expressway e requires a 3rd party certificate.  Everything else can be signed by an internal CA, but the E server needs a 3rd party cert to work correctly.

Hi All,

Today when I check in the event logs, I am getting below response :

edgeconfigprovisioning: Level="WARN" Service="ECS" Detail="Request failed" User="('username', 'gulf123')" Reason="Unable to determine home CUCM" Reason="UDS not available" UTCTime="2017-05-28 10:40:30,069

edgeconfigprovisioning: Level="WARN" Service="UDSManager" Detail="UDS lookup" Server="cucmadmin.gulfsls.com" Deployment="1" Reason="Reason="UC node not found" Name="cucmadmin.gulfsls.com"" UTCTime="2017-05-28 10:40:30,360"

Can anyone help what is this, and why it is giving this error??

 I need to make Jabber work by tomorrow. please help.

Regards

Zuher

Maybe on the inside you have a different domain from the outside?

JH