Re: Jabber failed to login through MRA

Remon Adel · ‎09-12-2018

Dears

We have an issue with new deployment of MRA solution.

Expressway core and expressway edge (dual lan) v 8.11.1

When we try to login from outside it give us error message of wrong password and user name.

Also we test using CISCO TAC tool, we found no issue but failed to get edge-configuration .

When we checked Exp edge event logs we found that

2018-09-12T09:53:20.524+03:00	traffic_server[26571]: Event="Sending HTTP error response" Status="401" Reason="Unauthorized" Dst-ip="10.100.60.1" Dst-port="35716" UTCTime="2018-09-12 06:53:20,524"
2018-09-12T09:53:19.627+03:00	traffic_server[26571]: Event="Sending HTTP error response" Status="401" Reason="Unauthorized" Dst-ip="10.100.60.1" Dst-port="35714" UTCTime="2018-09-12 06:53:19,627"

As appeared dest ip is gateway of lan2 (firewall dmz interface ).

I think this IP must be the real ip device which I use for trying to connect through jabber.

Please Advice

R0g22 · ‎09-12-2018

Is the Jabber deployment new as well or just MRA ? Jabber login works internally ? Single domain or dual domain ? In addition to that have you tried a refresh server Ewy-C ?

Remon Adel · ‎09-12-2018

Dear
RMA is new deployment but jabber not new , we can login from internal network .
it's dual domain .
yes i tried to refresh exp-c but same issue .
Please check the attached logs of expressway Core and edge during issue .
Please note my real ip (IP of Andriod Phone which i used for test ) not appeared in logs ,but this ip (10.100.60.1 )appeared instead of it (this ip is belong DMZ interface of firewall which is gateway of exp-E)

https://drive.google.com/drive/folders/1VINSCwyZ62-GIhunhksV26NjIgmGoIl3?usp=sharing

Thanks

Ahmed Khalefa · ‎09-13-2018

Hello Remon ,
is there a strong reason to use 2 NICs on both ExpC and ExpE ? ..
also , i can see that you are using OauthLocal: On ... I always do the Access Control for MRA to use the CUCM/LDAP and set the "Authorize by OAuth token with refresh" to "off" ..

apparently , you have internal servers in 192.168.0.0/24 , DMZ on 10.100.30.0/24 , and you have External Zone on 10.100.60.0/24 ..
it would be something new for me to see a deployment with ExpC with 2 NICs ..

Thanks A lot,
Ahmed Salah

Remon Adel · ‎09-14-2018

Dear,

The issue has been solved , it was NAT issue on FW .
Ahmed , Expressway C has only one lan port not two.

Thanks

Ahmed Khalefa · ‎09-17-2018

Great ..
About ExpC , my bad .. though it was clear about that :

*c xConfiguration Ethernet 1 IP V4 Address: "10.100.30.13"
*c xConfiguration Ethernet 1 IP V4 StaticNAT Address:
*c xConfiguration Ethernet 1 IP V4 StaticNAT Mode:
*c xConfiguration Ethernet 1 IP V4 SubnetMask: "255.255.255.0"
*c xConfiguration Ethernet 1 IP V6 Address:
*c xConfiguration Ethernet 1 Speed: "Auto"
*c xConfiguration Ethernet 2 IP V4 Address: "192.168.0.100"
*c xConfiguration Ethernet 2 IP V4 StaticNAT Address:
*c xConfiguration Ethernet 2 IP V4 StaticNAT Mode:
*c xConfiguration Ethernet 2 IP V4 SubnetMask: "255.255.255.0"
*c xConfiguration Ethernet 2 IP V6 Address:
*c xConfiguration Ethernet 2 Speed: "Auto"

this might be the default auto-config one ..

Any way , Great that it worked .. :)