07-28-2016 12:29 PM - edited 03-17-2019 06:16 PM
Hello,
I'm setting up an MRA deployment with a single Expressway-E and single Expressway-C. I've followed the CVD guide for Collaboration Edge with BE6000. Zones are set up and active, SRV records are in place and verified from the outside, certificates are installed, and a Secure Traversal Test from Expressway-C returns a success. However, from the Jabber client, I get "Your username or password is not correct".
The Jabber client log is attached
Expressway-E error: traffic_server[8591]: Event="Sending HTTP error response" Status="401" Reason="Unauthorized" Dst-ip="174.197.10.60" Dst-port="3609" UTCTime="2016-07-28 19:13:32,946"
The Jabber client works internally using the same username/password.
Any help on how to determine the cause of this would be helpful. Thanks in advance.
Ben
07-28-2016 01:44 PM
Hey Ben,
If you haven't done so yet, you might try running a client cert check between the C and E (both ways). I have seen where zones are up and traversal test passes but client check fails due to certificate issues and does not allow login. Not sure that's the issue here but one thing to check.
Jake
07-28-2016 02:36 PM
Jake,
The client cert check fails on the CRL check but I'm not using CRL checking in my configuration. The strings do match on this check.
Valid Certificate: Invalid: unable to get certificate CRL, please ensure that you have uploaded a CRL for the CA that signed this client certificate
Thanks,
Ben
07-28-2016 02:44 PM
Interesting, I was getting that same error even with CRL checking off as well and login was failing. What's your EXP version? Locally or CA-signed certs (if CA, which vendor)?
07-28-2016 02:46 PM
Version 8.5.2
Edge has a GoDaddy CA signed cert
Core has a cert from an internal CA
07-28-2016 03:00 PM
We had issues with GoDaddy cert on our E. To test we used an internal CA cert on it and ended up manually uploading CRL (even though it was set to off). Once client cert checks passed, everything worked. One thing to be aware of - before you upgrade, make sure you have an install file for 8.5.2 which does not seem to be available anymore. If you need to restore, you won't be able to do so without it (to my knowledge). 8.5.2 has a bug that causes no ringback on audio calls. Best of luck.
07-28-2016 01:49 PM
I just gave a quick look in jabber logs. It was able to find exe-e successfully through collab edge but the portion in logs which is throwing error has been truncated. Jabber will ask for its edge config once it is able to exe-e and from there is only it is getting 401 forbidden error. Please make sure you have enabled home cluster option on end user page for this user.
07-28-2016 02:47 PM
Thanks Varundeep,
I went back and made sure that the home cluster option was already enabled.
Ben
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide