03-06-2012 08:53 AM - edited 03-17-2019 02:15 PM
I have the Cisco TelePresence VCS Starter Pack version 7.0.1. This is a single NIC option and is configured on a public IP with no firewall and no NAT. It is accessible through the public IP. I believe that I have just about everything setup correctly as I am able to register my h.323 devices to the unit and make outgoing calls. I have not attempted to receive a call, but that step is later in my process.
My current issue is attempting to register a MOVI or JABBER client. I have setup users in the VCS with Movi device accessibility. I have also configured the user in my allow list with the same username and password. I have installed Movi and Jabber (2 separate computers) and configured them to point to the FQDN of my VCS in both the Internal and External VCS settings, and I have my SIP domain listed as well. When I click sign in, I get the message Login failed, Unable to connect to server. I know that I am communicating with the VCS, because if I put in the incorrect username or password, I get a incorrect username/password message instead. I say this because there is no record ov my communication attempt on the VCS in any of the logs, even with the logging set to 4. During the login attempt, I do see that the correct IP address is being attempted, so this is not a DNS issue. TCP, TLS and the proper ports are listed as on in the SIP conifguration.
My only guess now is that there is some dialing rule or zone rule or something that is not found in the hundreds of pages of documentation that I have read over the past 2 days that I am missing. Please help.
Thanks,
Solved! Go to Solution.
03-07-2012 06:16 AM
Hi Donald
I have had a quick look at your config, and you have a transform that will prevent provisioning requests. This transform will strip off the SIP domain of request to the provisioning server, and thus this will fail.
I can see that some of your search rules may re-append the domain, but before I look closer into that, I would recommend you to disable this transform and give it another try.
*c xConfiguration Transform 1 Description: ""
*c xConfiguration Transform 1 State: Enabled
*c xConfiguration Transform 1 Priority: 1
*c xConfiguration Transform 1 Pattern String: "(.+)@sipdomain.*"
*c xConfiguration Transform 1 Pattern Type: Regex
*c xConfiguration Transform 1 Pattern Behavior: Replace
*c xConfiguration Transform 1 Pattern Replace: "/1
Regards
Ola Dallokken
03-06-2012 01:36 PM
Hi Donald
Could you verify that your 'Default Zone' has the authentication setting 'Check Credentials', and that user credentials are created in the local database for the user accounts?
The provisioning request from the Movi/Jabber client needs to be authenticated in order to be provisioned.
Regards,
Ola E. Dallokken
03-06-2012 01:43 PM
Default Zone has the authentication setting as "Check Credentials". User credentials are created and I can confirm this because if I put the incorrect username or password in the Movi client, I get a different error message stating that my username or password or SIP domain are incorrect. When the user credentials are correct in the Movi client, I simply get the error Login failed, Unable to connect to server.
03-06-2012 01:59 PM
OK,
I would recommend you to open a TAC case for this issue since this may include some more extensive troubleshooting, but I can have a quick look at your configuration if you could send me the xconf and xstat from the VCS in a private message?
To obtain the logs, please do the following:
1. SSH to the VCS, log in as admin.
2. Execute the following (make sure to log the session output to a file, by using Putty for instance)
xconf
xstat
regards
Ola E. Dallokken
03-06-2012 11:42 PM
Hi Donald,
Can you force the MOVI or Jabber client to use the TCP and check the login.
Its very important to check if you have a firewall with SIP packet inspection ON?
Thanks
Alok
07-16-2013 03:51 PM
THANK YOU and THANK YOU Olla
I wish I would have found you sooner - the check credentials for my default zone as per your answer and all my problems were solved. Two days of banging my head against the wall.
THANK YOU
Zeecil
03-07-2012 01:19 AM
Donald,
have you made sure to configure a cluster name on the VCS, and verified that your Movi client PC is able to resolve this cluster name FQDN to the IP address of the VCS, for example via nslookup?
Regards
Andreas
03-07-2012 05:34 AM
Andreas,
When I click sign in and the Internal and External servers are populated with the FQDN of the cluster, the correct IP address appears briefly on the client as it shows the status of the connection attempt. Therefore, I believe that the A record is setup and correct. I am abe to log into the unit using the cluster FQDN as this unit is completely outside of our firewall and I have to log in with the public IP address.
I also have the following SRV records. Maybe I am missing something here?
_h323cs._tcp.sipdomain, pri low, weight 0, port 1720, target=cluster A record
_h323ls._udp.sipdomain, pri low, wegith 0, port 1719, target=cluster A record
_sip._tcp.sipdomain, pri low, weight 0, port 5060, target=cluster A record
_sip._udp.sipdomain, pri low, weight 0, port 5060, target=cluster A record
_sips._tcp.sipdomain, pri low, weight 0, port 5061, target=cluster A record
Please also note that I am able to dial between hardware devices in our office. This is only an issue with the Movi client or possibly with the SIP protocol as the hardware devices are configured to use h.323.
03-07-2012 06:16 AM
Hi Donald
I have had a quick look at your config, and you have a transform that will prevent provisioning requests. This transform will strip off the SIP domain of request to the provisioning server, and thus this will fail.
I can see that some of your search rules may re-append the domain, but before I look closer into that, I would recommend you to disable this transform and give it another try.
*c xConfiguration Transform 1 Description: ""
*c xConfiguration Transform 1 State: Enabled
*c xConfiguration Transform 1 Priority: 1
*c xConfiguration Transform 1 Pattern String: "(.+)@sipdomain.*"
*c xConfiguration Transform 1 Pattern Type: Regex
*c xConfiguration Transform 1 Pattern Behavior: Replace
*c xConfiguration Transform 1 Pattern Replace: "/1
Regards
Ola Dallokken
03-07-2012 06:49 AM
Finally some progress. I have disabled the rule mentioned above and I am now getting the error message Login failed due to registration failure. I can also see the connection attempts in the Event log for the first time. My user is setup as follows:
Username bud.veltman
Display Name Bud Veltman
FindMe ID bud.veltman@sipdomain
Movi Device On URI bud.veltman.movi@sipdomain
Ex90 Device on URI bud.veltman.ex90@sipdomain
Registration allow list - bud.veltman
Local Authentication Database - bud.veltman with same password
Default Zone - Check Credentials
Default Subzone - Allow - Do not check Credentials - Have tried Treat as authenticated and Check Credentials
What am I missing?
03-07-2012 07:22 AM
I got it. I am connected. My Registration Allow was set to exact and I changed the setting to Prefix. Thanks for everyone's help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide