05-10-2017 06:41 AM - edited 03-17-2019 06:50 PM
Recently, using Jabber via MRA stopped working. There is a log entry in the Expressway Edge Server saying that it actively denied the authentication request:
traffic_server[3167]: Event="Sending HTTP error response" Status="401" Reason="Unauthorized" Dst-ip="public IP address" Dst-port="47696" UTCTime="2017-05-10 13:14:48,110"
I have a DX650 at the house registered over MRA and there are no issues with that. It continues to work fine.
I have no issues using Jabber internally and all users are affected.
Any ideas would be appreciated.
Thanks
05-10-2017 07:15 AM
Are you using the same credentials with Jabber as you're with the DX650?
05-11-2017 01:51 PM
Yes, I am.
05-11-2017 02:13 PM
Then you'd need to look at logs from CUCM, both expressways and a PRT to find out what login information Jabber is sending, and if that's the right information.
05-13-2017 01:07 AM
Thanks Jaime, I do see something interesting in the PRT:
Discovery | |
Discovery Outcome | Failure: FAILED_EDGE_AUTHENTICATION |
Domain Controller | The specified domain either does not exist or could not be contacted. |
The certificate check is failing as well. We recently moved over to Cisco Meeting Server and I think we may have missed migrating something.
05-13-2017 08:23 AM
CMS has nothing to do with MRA login, are you using different domains internally and externally?
05-15-2017 01:55 PM
After some additional checking, I see the authentication URL is fine, and the firewall is sorting traffic and directing to the appropriate server. On the CEC, I'm seeing this error:
edgeconfigprovisioning: Level="WARN" Service="ECS" Detail="Request failed" User="('username', 'brian@h.com')" Reason="Unable to determine home CUCM" unknown user UTCTime="2017-05-15 17:58:19,054"
I think I have it figured out. I found that SSO was turned off in Expressway Core. Not sure how that happened, but I re-enabled it and the issue seems to be resolved.
05-15-2017 03:48 PM
Unfortunately, the issue persists. It definitely worked for 3 consecutive logins, but the problem has resumed.
05-16-2017 10:51 PM
Update:If I'm interpreting what I'm seeing correctly, what I have found at this point is that Expressway-C is not getting an authentication response from CUCM. I restarted the publisher, and while it was restarting, authentication is apparently working against the subscriber server. Jabber of MRA is working again as of right now. I'm not sure this is resolved yet, but wanted to update anyone interested on what I've found so far.
05-14-2017 03:51 AM
Hello
Please check how many clusters do yo have. Please notice that you can assign 1 user to only 1 home cluster. if you have multiple cluster with ILD configured and made this user enable for "home cluster" for all of them then it will fail.
Here 401 error points to the authentication issue. I agree you must be entering correct username and password but look fore the settings for this user on CUCM.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide