Re: Jabber 14 Phone Services Not working outside of the domain and And

centrino1 · ‎01-21-2022

Dear All,

Thank you very much for taking the time to ready my post.

I have configured CUCM V14 , Unity Connection V14 , IMP V14 and AD 2019 for the LDAP.

All DNS A records and SRV Records were configured correctly.

All configurations and integrations has been done successfully also I am able to login to Jabber within the domain successfully and I get Phone Services , Voicemail and Instant Messaging. also CUCM and Directory Discovery is done properly within the domain.

My problems here when I login to Jabber from Windows outside of the domain and also Jabber on Android too.

I have googled the issue and read articles and admin guide about UDS/EDI/BDI . but there is no detailed configuration for EDI and BDI and I am not good with the XML files.

I have attached the logs and configuration from Jabber Android and the problems is the same for Jabber for Windows too. I tried to add some parameters from the UC Service profile but still didn't work.

All my cluster is V14 please help me to get the Phone Services working for Jabber Android and Jabber Windows outside of the domain. I appreciate all your great efforts.

I meant by that Normal workstations that are not joined to the domain but have the DNS Server (DC Controller) as the primary DNS server in the IP configuration and yes also the VPN users that has jabber.

Yes , I do have Anyconnect IOS vpn configured in place with a full internet tunnel and has the DNS server (DC controller) as the DNS Server also. I don't have a problem in the services discovery using SRV records but Phone services are not up despite I can ping to the CUCM Publisher IP. and I tested to ping from CUCM Publisher to the clients too works. I know its some parameters needed to be added for the jabber-config.xml in relation to BDI/EDI

I have attached my jabber-config and all logs

b.winter · ‎01-21-2022

If you would have taken a look, there are a lot of MRA posts here, where everybody suggests as first action of troubleshooting:

Take logs of Expressway C and E and upload it to the CSA tool from cisco https://cway.cisco.com/csa/.

It's a good tool, to give you an overview of possible problems and possible solution for them.

You can also upload Jabber PRT there.

It's not the community's job, to look up relevant posts for you and begin troubleshooting.

You can't just say: "I have a problem, please help". It's your job to look for information first and start troubleshooting.

What is your EXP version?

What is your domain?

You see any errors in EXP?

Is the integration of EXP correct?

Is it a new installation or already a running system?

Is it a Jabber version related problem (only specific to 14)? Or a problem with every version?

b.winter · ‎01-21-2022

Here you are:

It looks like your Jabber has no connectivity to CUCM.

centrino1 · ‎01-21-2022

Thanks for trying to help.

I have explained all the problems and I just needed the proper xml file to make it work

In the first post you were referring to MRA and expressway. I don't have any expressway in place.

I am just using Jabber on the network without joining domain or also through Anyconnect VPN with a full tunnel.

So the Expressway here is completely irrelevant

For the CUCM, Actually it does ping perfectly by Name and IP and I tested from CUCM to the user and both are pinging.

I know whats the problem but I don't know the solution.

I need the proper XML Parameters to be added to reach the CUCM thats it

Thanks for trying to help

b.winter · ‎01-21-2022

What you mean instead with "outside" domain? I guess 99 out of 100 people would assume you are using MRA.

Could you give an example? What is your "inside" domain and what is your "outside" domain.

What do you need the xml-file for? The only 2 entries you need (which I can spontaneously remember), if you use flexible JID are the following:

<Directory>
 <SipUri>mail</SipUri
 <UseSipUriToResolveContacts>true</UseSipUriToResolveContacts>
</Directory>

But this depends, what you have configured in your IMP: What is your IM Address scheme? (IMP --> Presence --> Settings --> Advanced Configuration)

If it's set to "Directory URI", then you need the above entries in the XML or in corresponding UC service in CUCM.

centrino1 · ‎01-21-2022

Thanks for your quick response.

What I meant inside and outside domain.

My domain is heshamcentrino.com

People outside domain means , its a normal laptop workstation not joined to the DC controller. However , It has DNS Server configured properly and also I am referring to Phones , Tablets that by all means not joined to the domain and will use anyconnect VPN to get CUCM Connectivity.

I have read in CUCM V12.6 and later. CUCM does encrypt the AD connection credentials and we must add that manually to the XML files. I think the problem here is that connection to AD --> CUCM outside of the domain

b.winter · ‎01-21-2022

Basically said, it has nothing to do, if your device has joined the domain or not. Just think about all the private devices, that you bring to work.

Regarding the AD:

The Jabber doesn't authenticate against AD, it's authenticating against CUCM. So, if you are able to login successfully "inside" your domain and also in the CUCM enduser page, I wouldn't think of a credentials problem in the first place.

What is the actual error message or behaviour you see in the client?

Does it give you an error message? Or are you able to login, but the services are not connecting?

centrino1 · ‎01-21-2022

Yes , I am able to login perfectly. I am able to get IM (Messaging) and Voicemail working without issues

but CUCM is not up

the error here is the following

Connection to Phone Service Failed and Error Code CJ:2100:2

Thats my problem. I know its something to be added to the XML Parameters for sure. I researched it very well

Ammar Saood · ‎01-23-2022

Hi,

Do the following:

There is no XML files in V14 that you need to upload on TFTP severs . There is Jabber UC services that you configure and attach it to the service profile.

Regarding your Q about parameters, suppose 10.10.10.10 is your IMP and 10.10.20.20 is your CUCM.

Add below attributes under phones section in your jabber UC profile.

You can read more about this in the link below.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/12_9/cjab_b_parameter-reference-guide-jabber-129/cjab_b_parameter-reference-guide-jabber-129_chapter_0101.html#CJAB_RF_C5F1E4DE_00

For troubleshooting,

please run this command on the PCs which are not in domain.

nslookup -q=srv _cisco-uds._tcp.heshamcentrino.com.

nslookup -q=srv _cuplogin._tcp.heshamcentrino.com

If it brings you the records, then try to ping those FQDNs such as cucm.heshamcentrino.com.

centrino1 · ‎01-24-2022

Hi Ammar,

Thank you very much for that. I have SRV records in place and all working perfect. I get the discovery working whether on PC's not joined domain or through Anyconnect VPN users so I have no problems in the SRV records at all.

From my understanding the CTI server is the CUCM IP and not IMP Server

here you are the document explaining that too

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/12_1/cjab_b_on-prem-deployment-121/cjab_b_on-prem-deployment-121_chapter_01000.pdf

I have done that UC Service Jabber-config and applied it but no luck still

here you are my screen shot.

b.winter · ‎01-24-2022

Why don't you use the other uc-services to configure the CUCM, IMP and CUC for the jabbers, instead of doing it via the xml?

You cannot use AD as a UDS server, because AD doesn't support UDS protocol. CUCM does. What do you use the AD for?

I would do the following:

Get rid of the CcmcipServer1 in XML

Get rid of the CtiServer1 in XML and add it via UC-service instead

Get rid of the TftpServer1, since Jabber already gets it via the SRV records

Get rid of the PresenceDomain, because normally you don't need that.

And depending on what you need the AD connection for, I would first get rid of all the related entries first and try to login. Have you LDAP authentication configured in CUCM / CUC?

centrino1 · ‎01-24-2022

I have tried that solution this didn't work as of now.

I will try to use @Roger Kallberg solution and see if this will work

Thanks to all of you :'( still not resolved

Ammar Saood · ‎01-24-2022

You have the whole Jabber profile configured incorrectly.

LDAP cannot be UDS. UDS service is offered by CUCM. CCMIMP profile is offered by IMP not CUCM.

CcmcipServer = IMP IP

CtiServer= CUCM IP

TFTP= CUCM IP-TFTP nodes

UDS SERVER = CUCM IP

also adjust these settings in your jabber UC services as well. If possible, also show your UC services page.

centrino1 · ‎01-24-2022

Hi I have added that parameter please have a look on my screen shot in the previous post but still no luck of the Phone services to be up in the machines not joined domain or even ANYCONNECT VPN Users despite the IM Service , Voicemail profile is working.

I could assure its not a network issue. I have made the any connect users and also the non-domain machines on the same VLAN as the CUCM but still not working. I thought it was a network or vlan issue.

I can assure to you. I am able to ping CUCM from the any connect users and non-domain machine also I went through CUCM OS Admin and was able to ping the users too. So no network or firewall issues at all

Roger Kallberg · ‎01-24-2022

I don't think that you'll need any special configuration in the Jabber configuration "file". This is the configuration we have, it never have included any of the suggested parameters and works perfectly for any client.

For mobile clients there are other settings required for them to work with the O365 environment.

With a working service discovery and proper UC services defined in CM you should not need to play around with these settings in the Jabber configuration.

Jabber 14 Phone Services Not working outside of the domain and Android