Solved: Re: Jabber cannot communicate with server after authentication.

Tareq Ali · ‎03-11-2021

Jabber cannot communicate with the server after authentication.

No Errors on logs on the C

2021-03-11T16:32:31.508+00:00 edgeconfigprovisioning: Level="INFO" Detail="Authenticated user successfully" Username="xyz" ClientId="81.130.172.17" TrackingID="4849d441-cf54-4225-b4de-b889f0bf3487" UTCTime="2021-03-11 16:32:31,507"

Expressway-E Logs

2021-03-11T16:32:28.787+00:00 traffic_server[27485]: Event="get_edge_sso" Detail="Access denied" Reason="Only legacy auth supported" Domain="xyz.uk" Src-ip="81.130.172.17" Src-port="61970" UTCTime="2021-03-11 16:32:28,787"
2021-03-11T16:32:28.771+00:00 traffic_server[27485]: Event="get_edge_sso" Detail="Access denied" Reason="Only legacy auth supported" Domain="xyz.uk" Src-ip="81.130.172.17" Src-port="61970" UTCTime="2021-03-11 16:32:28,770"

No Issues logging in with Jaber locally.

Tareq Ali · ‎03-19-2021

Our Jabber client is now working we had to disable SIP ALG on the checkpoint firewall for port 5061 for the jabber clients to register.

Thank you for your help and advice.

View solution in original post

Roger Kallberg · ‎03-11-2021

Check if this post match your situation. https://community.cisco.com/t5/unified-communications/cisco-mra-not-working-new-deployment/td-p/3824281

Tareq Ali · ‎03-11-2021

Hi Roger,

Thank you for your response unfortunately we have exhausted the suggestions in the post above.

Nithin Eluvathingal · ‎03-11-2021

Take logs from both E and C when trying to login and use it on CSA tool.

How to take logs explained on below link.

https://www.cisco.com/c/en/us/support/docs/unified-communications/expressway/213360-collect-expressway-vcs-diagnostic-log-fo.html

Can you provide bit more information regarding your expressway setup ?

Tareq Ali · ‎03-11-2021

Thank you Nithin,

We have a basic MRA setup 2 Domains Duel NIC on the Expressway-E, There are no alarms on either expressway. The Expressways are in a cluster across 2 different appliances.

We get the same error using an Andriod/iPhone or PC Jabber client the user authenticates successfully ( if we try the wrong password if fails) so we know the communication between the E and C is fine.

Local Jabber Client logs on fine no issues. Please see the topology attached.

Tareq Ali · ‎03-11-2021

Thank you for your suggestion Nithin, I will take logs from the C & E using the link you provided Diagnostic logging, and use it on the CSA tool.

Tareq Ali · ‎03-15-2021

The 2 issues highlighted last week from the log captures Reverse DNS not working & SIP domain missing have been resolved/fixed.

However, I still get the same identical issue Jabber cannot communicate with the server after authentication.

When I run the logs again and upload them to CSA

both the previous issues are clear, and it shows no issues.

Adam Pawlowski · ‎03-11-2021

The Jabber log should reveal why the client has decided to say cannot communicate with server. It could be a timeout , something with IMP or home cluster who knows. Jabber only responds to conditions so it should give you an angle to attack when troubleshooting .

Tareq Ali · ‎03-11-2021

Thank you the logs revealed 2 errors

Reverse DNS not working & SIP domain missing.

Nithin Eluvathingal · ‎03-11-2021

configure registration domains, on expressway.

https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-5/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-5-3.pdf

What DNS entries you made on internal DNS. Is this dual domain, means internal and external domain different.

Tareq Ali · ‎03-15-2021

The 2 issues highlighted last week from the log captures Reverse DNS not working & SIP domain missing have been resolved/fixed.

However, I still get the same identical issue Jabber cannot communicate with the server after authentication.

When I run the logs again and upload them to CSA

both the previous issues are clear, and it shows no issues.

Nithin Eluvathingal · ‎03-15-2021

As @Adam Pawlowski mentioned collect jabber logs, it will give more information. Are these users able to login jabber internally ?

Tareq Ali · ‎03-15-2021

Yes, they can log in locally with no issues.

Adam Pawlowski · ‎03-15-2021

Collect and examine the Jabber log file. It usually will log when it writes "Cannot communicate with server" in the log file, and you can see in adjacent lines what the problem may be, as there are a few of these. It could be an issue with CUP reachability, version control, home cluster setting on the UCM, etc. This logging should narrow it down.

Tareq Ali · ‎03-15-2021

Thanks Adam, I did re- capture the logs after fixing the DNS & SIP Domain they did not reveal any errors when uploading into the CSA tool.

The only error I can see in the event log is immediately after the user is authenticated..

edgeconfigprovisioning: Level="WARN" Detail="Service not found for edge config response" Service="_cuplogin" Domain="xyz.gov.uk" TrackingID="6cfdc1a8-4761-bf4a-faaeee68a862" UTCTime="2021-03-15 15:16:16,971"

I am not sure if this is relevant? as I didn't think this service was needed.