Solved: Jabber MRA Login

mmaamm238 · ‎05-07-2020

Hello

Dear all

We are deploying Jabber MRA in Multi-domain mode.

When I want to login, I enter <Username>@<Domain> and it goes through finding services and asks password.

After that it shows cannot locate server.

But when I login locally and then change the network to internet it reconnects and phone services works but not IM.

How can I troubleshoot this problem?

Thank you

mmaamm238 · ‎05-22-2020

Now the problem solved.

After converting to single domain and many checks and changes, Last day we found that port 5222 is not open. Then I found "External LAN Interface" in expressway-edge is incorrect. I changed it and restarted the expressway-edge and it fixed.

I don't know whether this problem is the only problem or the last problem.

Anyway thank you very much

View solution in original post

Jaime Valencia · ‎05-07-2020

Does everything work fine internally?

Do you have all the SRVs required in place?

Do you see any errors/warning in either expressway?

Have you reviewed a PRT and expressway logs?

HTH

java

if this helps, please rate

mmaamm238 · ‎05-07-2020

Dear Jaime

Yes, everything work fine internally.

I think SRV records are correct.

I checked expressway logs. Nothing special.

In expressway core I see a lot of GET and POSTs to CUCM and IMP.

In wireshark I see 3 TCP RST from expressway edge to client at the end.

What is the next step?

mmaamm238 · ‎05-08-2020

I attached the expressway core event log.

What do you think?

AbuAkif Riyaz · ‎05-12-2020

Hi
Can you get the Jabber logs
Jabber -> Report Problem -> Sign in/Sign out

Thanks
Riyaz
Rate Useful Post If it resolve your issue

mmaamm238 · ‎05-16-2020

Dear Mohamed

I attached the jabber logs.

Thank you

sudaggar · ‎05-12-2020

you have mentioned multi domain. Are those all domains belongs to single CUCM cluster or do you have multi cluster environment.

So if different clusters using different domain, you can point collab-edge.tls request in SRV record to one cluster and configure cluster view under advanced features pointing towards other cluster.

And in end user select home cluster for that user (to get the details of user, to which cluster it belongs).

mmaamm238 · ‎05-16-2020

Dear Sudaggar

It is single cluster but the domain on internet is different form local domain.

Vaijanath Sonvane · ‎05-17-2020

Hi,

Do you have correct root and server certificates installed on Expressway-C and Expressway-E. From logs, I see error related to Invalid Certificates. And also, logs analysis shows below misssing SAN values with required actions:

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.

mmaamm238 · ‎05-21-2020

Dear Vaijanath

The support team say they did it but it did not fixed.

sudaggar · ‎05-19-2020

This is usually related to XMPP authentication not performing correctly due to a XCP service not running. Please check all services on IM&Presence server and they're running.

If they are running, restart XCP Router and Presence Engine from IM&Presence server.

Regards

mmaamm238 · ‎05-21-2020

Dear Sudaggar

I restarted XCP Router and Presence Engine services.

I attached the services page.

Ayodeji Okanlawon · ‎05-19-2020

Based on the jabber PRT logs, the issue is around XMPP configuration.

Do you have the PTR record configured on internal DNS server for expressway-e server IP address to resolve to expressway-e hostname?

In Summary, your deployment needs a lot of improving

external domain:tavanir.org.ir
internal domain:iepd.ir

++ root CA for expwe not in client trust store ++

You should use a public CA to sign your expressw-e certs so your clients are not seeing cert errors like this

2020-05-16 22:55:28,656 DEBUG [0x000034c4] [rc\cert\win32\Win32CertVerifier.cpp(152)] [csf.cert.win32] [csf::cert::Win32CertVerifier::verifyCertificate] - Certificate validation response is 'invalid'
2020-05-16 22:55:28,656 DEBUG [0x000034c4] [rc\cert\common\BaseCertVerifier.cpp(171)] [csf.cert.] [csf::cert::BaseCertVerifier::doVerifyCertificate] - Result of platform cert verification: [UNTRUSTED_ROOT]

++ cluster configured with IP address ++

Your CUCM cluster should be using FQDN not IP address for best user experience:

2020-05-16 22:55:28,901 INFO [0x000034c4] [ces\impl\ucm-config\UdsProvider.cpp(108)] [csf.config] [csf::ucm90::UdsProvider::configureHomeUdsQuery] - UdsProviderData for home UDS query: homeUdsUrl: https://Sub1.IEPD.ir:8443/cucm-uds/user/MASKED_USERNAME, udsServersUri: https://Sub1.IEPD.ir:8443/cucm-uds/servers, ucmVersion: 11.5.1, homeUdsDomain: IEPD.ir, udsServersList: [10.32.120.150, 10.32.120.151, ], homeUdsServersList: [https://10.32.120.150:8443/cucm-uds/user/MASKED_USERNAME, https://10.32.120.151:8443/cucm-uds/user/MASKED_USERNAME, ]

++ Here is the error with XMPP connection ++

My response above is a a common issue with this part of the deployment. To accurately know what is going on, we are going to need expressway-e/expressway-c diagnostic logs

2020-05-16 22:55:33,453 INFO [0x0000417c] [src\jabberutils\src\systemutils.cpp(676)] [SystemUtils] [jabberutils::SystemUtils::isNetworkConnectionAvailable] - NetworkConnectionAvailable = 1
2020-05-16 22:55:33,453 DEBUG [0x0000417c] [osticsplugin\healthinfoobserver.cpp(260)] [DiagnosticsPlugin] [HealthInfoObserver::RefreshConnectionStatus] - Refreshing connection status for Presence to value Not connected
2020-05-16 22:55:33,453 DEBUG [0x0000417c] [lugin\healthitemsdatastructures.cpp(116)] [DiagnosticsPlugin] [HealthItem::AddUpdateSubItem] - Setting Status: status of Presence to Not connected

Please rate all useful posts

mmaamm238 · ‎05-21-2020

Dear Ayodeji

How can I get the diagnostic logs?

lpellegr · ‎05-21-2020

Yes, diagnostic logs can help. Issues might be different, from DNS to SSH tunnel between Expressway-C and Expressway-E. Go to Maintenance->Diagnostics->Diagnostic Logging->Start new log and then login with Jabber