Thanks Jaime, I do see

BRIAN O'LOUGHLIN · ‎05-10-2017

Recently, using Jabber via MRA stopped working. There is a log entry in the Expressway Edge Server saying that it actively denied the authentication request:

traffic_server[3167]: Event="Sending HTTP error response" Status="401" Reason="Unauthorized" Dst-ip="public IP address" Dst-port="47696" UTCTime="2017-05-10 13:14:48,110"

I have a DX650 at the house registered over MRA and there are no issues with that. It continues to work fine.

I have no issues using Jabber internally and all users are affected.

Any ideas would be appreciated.

Thanks

Jaime Valencia · ‎05-10-2017

Are you using the same credentials with Jabber as you're with the DX650?

HTH

java

if this helps, please rate

BRIAN O'LOUGHLIN · ‎05-11-2017

Yes, I am.

Jaime Valencia · ‎05-11-2017

Then you'd need to look at logs from CUCM, both expressways and a PRT to find out what login information Jabber is sending, and if that's the right information.

HTH

java

if this helps, please rate

BRIAN O'LOUGHLIN · ‎05-13-2017

Thanks Jaime, I do see something interesting in the PRT:

Discovery
Discovery Outcome	Failure: FAILED_EDGE_AUTHENTICATION
Domain Controller	The specified domain either does not exist or could not be contacted.

The certificate check is failing as well. We recently moved over to Cisco Meeting Server and I think we may have missed migrating something.

Jaime Valencia · ‎05-13-2017

CMS has nothing to do with MRA login, are you using different domains internally and externally?

HTH

java

if this helps, please rate

BRIAN O'LOUGHLIN · ‎05-15-2017

After some additional checking, I see the authentication URL is fine, and the firewall is sorting traffic and directing to the appropriate server. On the CEC, I'm seeing this error:

edgeconfigprovisioning: Level="WARN" Service="ECS" Detail="Request failed" User="('username', 'brian@h.com')" Reason="Unable to determine home CUCM" unknown user UTCTime="2017-05-15 17:58:19,054"

I think I have it figured out. I found that SSO was turned off in Expressway Core. Not sure how that happened, but I re-enabled it and the issue seems to be resolved.

BRIAN O'LOUGHLIN · ‎05-15-2017

Unfortunately, the issue persists. It definitely worked for 3 consecutive logins, but the problem has resumed.

BRIAN O'LOUGHLIN · ‎05-16-2017

Update:If I'm interpreting what I'm seeing correctly, what I have found at this point is that Expressway-C is not getting an authentication response from CUCM. I restarted the publisher, and while it was restarting, authentication is apparently working against the subscriber server. Jabber of MRA is working again as of right now. I'm not sure this is resolved yet, but wanted to update anyone interested on what I've found so far.

Varundeep Chhatwal · ‎05-14-2017

Hello

Please check how many clusters do yo have. Please notice that you can assign 1 user to only 1 home cluster. if you have multiple cluster with ILD configured and made this user enable for "home cluster" for all of them then it will fail.

Here 401 error points to the authentication issue. I agree you must be entering correct username and password but look fore the settings for this user on CUCM.

Jabber Authentication failure via MRA