cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
4217
Views
5
Helpful
13
Replies
Highlighted
Enthusiast

Jabber MRA login failed

Hi ,

This is new deployment. Jabber couldn't login from Internet using MRA.  During the login process it's able to get the certificate from EDGE.

Problem occurred during the authentication process. Client shown the error as" Can't communicate with Server". Expressway sending the the 503 Service unavailable to Client.

Expressway Version: 8.7

Event Log:

 Event="Sending HTTP error response" Status="503" Reason="Service Unavailable" Dst-ip="94.76.48.253" Dst-port="31932" UTCTime="2016-07-14 06:37:05,469"
Event="oauthcb" Detail="SSO access denied" Reason="SSO Disabled" Src-ip="94.76.48.253" Src-port="31932" UTCTime="2016-07-14 06:37:05,468"

Expressway logs for Error

 ThreadID="139917890758400" Module="cm-1.XXXXXXXXX" Level="INFO " CodeLocation="SASLManager.cpp:198" Detail="Failed to query auth component for SASL mechanisms"

I have already tried with restarting the XCP Router service in IM&P Server but no luck 

Thanks in Advance !!!

13 REPLIES 13
Highlighted
Rising star

Is jabber working properly

Is jabber working properly from internal network ?

For above error in expressway try below:

From Expressway-C, go to Configuration > Unified Communications > IM&P Servers. Select the check box next to each IM&P server and click Refresh servers.

Note: If this does not fix the issue, the XCP Router on the IM&P server also must be restarted.

http://www.cisco.com/c/en/us/support/docs/unified-communications/expressway/118798-technote-cucm-00.html

Suresh

Highlighted
Enthusiast

Hi Suresh,

Hi Suresh,

I have tried this already but no luck.

Thanks

Highlighted
Rising star

Okay, are all required ports

Okay, are all required ports opened at firewall?

Are all zone showing registered in Exp c&e ?

Is NAT reflection is configured on firewall ?

If all okay then can you attach diagnostic logs (take tcpdump while logging) from Exp c&e ?

Suresh

Highlighted
Enthusiast

Hi Suresh,

Hi Suresh,

All the require ports are opened in firewall. 

UC SSH Tunnel and Traversal Zones are active. This is Dual NIC deployment ( NAT Enabled in Expressway-E). Please find the attached log.

Thanks in Advance

Highlighted
Rising star

Just I have checked attached

Just I have checked attached logs but they are not fully captured, as per logs I can see couple of issues here.

1.  TraversalClient Peer 1 Address is not set properly on Exp-C, it should point to public IP address of Exp-E. Can you attach snap shot traversal client zone of Exp-C (specially where peer address is mentioned, at bottom of the page)

2. I'm not able to discover _collab-edge._tls.JUFEXWYE01.cio.gov.bh SRV from public network, have you set SRV & A records correctly at public DNS ?

3. As I have asked earlier, have you configured NAT reflection at firewall ?

Suresh

Highlighted
Enthusiast

Hi Suresh,

Hi Suresh,

Thanks for your efforts.

1) In this deployment , we have dual NIC in Expressway -E. 1 NIC will communicate with Expressway - C another NIC will communicate with internet.

I hope in this scenario, no need to point the Public IP in traversal Zone and NAT Reflection

2) _collab-edge srv record configured properly. Jabber client able to detect the MRA service from outside.

Do you suspects any other points ?

Thanks in advance....

Highlighted
Rising star

Yes, you are right. 

Yes, you are right. 

Can you attach diagnostic logs but pls make sure "tcpdump" is checked while collecting logs, so we can see pcap capture once.

Suresh

Highlighted
Enthusiast

Hi Suresh,

Hi Suresh,

Sure. I will get back to you shortly.

Highlighted

Hello,

Hello,

Did you fix the issue? I have exactly the same issue in the same scenario...

Thanks.

Highlighted
Enthusiast

Hi Eduardo,

Hi Eduardo,

Unfortunately didn't get the opportunity to work on the specific setup to continue the troubleshooting...

Thanks

Highlighted

Hi,

Hi,

We fixed the issue. The problem was in the DNS side, we need add this SRV entry to Internal DNS couse we have multidomain:

_cisco-uds._tcp.publicdomain.com

priority = 10

weight = 10

port = 8443

SRV hostname = CUCM.internaldomain.com

Highlighted
Beginner

Try to go through the

Try to go through the troubleshooting process in this article by William Bell, see where it fails:

http://www.netcraftsmen.com/cisco-mobile-remote-access-troubleshooting-basic-connectivity/

Highlighted
Beginner

Hi Sri

Hi Sri

Is it Single or Multiple Domain Deployment 

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey