cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

509
Views
0
Helpful
5
Replies
R A Beginner
Beginner

Jabber failed to login through MRA

Dears

We have an issue with new deployment of MRA solution. 

Expressway core and expressway edge (dual lan) v 8.11.1

 

When we try to login from outside it give us error message of wrong password and user name. 

 

Also we test using CISCO TAC tool,  we found no issue but failed to get edge-configuration .

 

When we checked Exp edge  event logs we found that 

2018-09-12T09:53:20.524+03:00 traffic_server[26571]: Event="Sending HTTP error response" Status="401" Reason="Unauthorized" Dst-ip="10.100.60.1" Dst-port="35716" UTCTime="2018-09-12 06:53:20,524"
2018-09-12T09:53:19.627+03:00 traffic_server[26571]: Event="Sending HTTP error response" Status="401" Reason="Unauthorized" Dst-ip="10.100.60.1" Dst-port="35714" UTCTime="2018-09-12 06:53:19,627"

 

As appeared  dest ip is gateway of lan2  (firewall dmz interface ).

I think this IP must be the real ip device which I use for trying to connect through jabber. 

 

Please Advice 

Everyone's tags (1)
5 REPLIES 5
Cisco Employee

Re: Jabber failed to login through MRA

Is the Jabber deployment new as well or just MRA ? Jabber login works internally ? Single domain or dual domain ? In addition to that have you tried a refresh server Ewy-C ?

Nipun Singh Raghav
"We cannot solve our problems with the same thinking we used when we created them"
Highlighted
R A Beginner
Beginner

Re: Jabber failed to login through MRA

Dear
RMA is new deployment but jabber not new , we can login from internal network .
it's dual domain .
yes  i tried to refresh exp-c but same issue .
Please check the attached logs of expressway Core and edge during issue .
Please note my real ip (IP of Andriod Phone which i used for test ) not appeared in logs ,but this ip (10.100.60.1 )appeared instead of it (this ip is belong DMZ interface of firewall which is gateway of exp-E)

https://drive.google.com/drive/folders/1VINSCwyZ62-GIhunhksV26NjIgmGoIl3?usp=sharing

Thanks

Beginner

Re: Jabber failed to login through MRA

Hello Remon ,
is there a strong reason to use 2 NICs on both ExpC and ExpE ? ..
also , i can see that you are using OauthLocal: On ... I always do the Access Control for MRA to use the CUCM/LDAP and set the "Authorize by OAuth token with refresh" to "off" ..

apparently , you have internal servers in 192.168.0.0/24 , DMZ on 10.100.30.0/24 , and you have External Zone on 10.100.60.0/24 ..
it would be something new for me to see a deployment with ExpC with 2 NICs ..

Thanks A lot,
Ahmed Salah
R A Beginner
Beginner

Re: Jabber failed to login through MRA

Dear,

The issue has been solved , it was NAT issue on FW .
Ahmed , Expressway C has only one lan port not two. 

Thanks

 

Beginner

Re: Jabber failed to login through MRA

Great ..
About ExpC , my bad .. though it was clear about that :

*c xConfiguration Ethernet 1 IP V4 Address: "10.100.30.13"
*c xConfiguration Ethernet 1 IP V4 StaticNAT Address:
*c xConfiguration Ethernet 1 IP V4 StaticNAT Mode:
*c xConfiguration Ethernet 1 IP V4 SubnetMask: "255.255.255.0"
*c xConfiguration Ethernet 1 IP V6 Address:
*c xConfiguration Ethernet 1 Speed: "Auto"
*c xConfiguration Ethernet 2 IP V4 Address: "192.168.0.100"
*c xConfiguration Ethernet 2 IP V4 StaticNAT Address:
*c xConfiguration Ethernet 2 IP V4 StaticNAT Mode:
*c xConfiguration Ethernet 2 IP V4 SubnetMask: "255.255.255.0"
*c xConfiguration Ethernet 2 IP V6 Address:
*c xConfiguration Ethernet 2 Speed: "Auto"

this might be the default auto-config one ..

Any way , Great that it worked .. :)
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards