We have CWMS 1.5 MR on premise. with HA
Since today morning we are getting error message while joing the meeting. ( its intermittently occurs)
"This meeting cannot be continued as the meeting site certificate cannot be validated. Please contact administrator of meeting site for support"
After that we did one test meeting it didn't occurred!
However we are unable to understand cause
Can you please help to understand? Any information will be appreciated.
oh gosh, cwms , cwms . . . . it just goes on and on. I can see I’m not the only one being tormented by this product. I don’t know why Cisco won’t release guides on reading the logs for this product. By the way, if you have not tried to read the logs, try to download the logs for a short time frame and see what the server will download for you: it will be bigger than encyclopaedia Britannica. I just gave up trying to read them. I don’t even know what each log folder has to offer. . .. . what a pain L
so many ‘Monkey see’, ‘Monkey do’ guides out there that don’t really help you in real life when you are trying to support a product.
Sorry for delay reply,
Here is a solution and pointer that help you to resolve this issue,
Explanation : The certificate installed in the CWMS system might not have contain intermediate certificates. Most of end points like normal PC are capable of looking up certificate chain and download the required intermediate certificates, this doesn’t seem to be supported in Android and hence the error.
Resolution : Install the certificate in CWMS along with the intermediate certificate, so that the intermediate certificates are offered by CWMS to the PC, or android devices directly.
Steps to overcome or resolve : Please get the original CSR that was used to generate your current certificate. Once you have the CSR, we should be able to get the original private key. Once you have the private key, build the certificate as below and import it to CWMS,
CWMS Entity certificate
Intermediate Certificate #1
Intermediate Cert #2
If import fails, you have to re-generate the CSR and re-generate the certificate using the new CSR and import it to CWMS along with the intermediate certificate to resolve the issue.
Note IMP - before doing this activity you will need maintenance window for CWMS and need to take snapshot as safety if issue is still there.
1. if certificate reimport activity complete successfully and still issue is there with low frequency then kindly check within your proxy team cause most of time few proxy servers can block verifying pc to CWMS site certificate.
best way to check from scheduling meeting from internet and try to reproduce issue.
Make sure the internet machine/laptop/device will not have any kind of policy, restriction set.
it just can be normal home user PC.
2. If you are face same issue again, please run the procedure below.
Run “wbxtracer.exe” from http://www.webex.co.in/support/downloads.html before you start or join meeting.
• Once you run wbxtracer.exe, utility will automatically start collecting log of facing issue.
• Wait till you join and end meeting
• Once your meeting get end open WebEx tracer from taskbar and press Ctrl + S
• Save log file to your local machine, and share this with TAC if you have CASE opened so they can investigate further.
(My Personal view ---->>
*** Cheers to Cisco as they help me to solve this issue at very best level.
Still I would suggest take help from TAC as the Engg, have better command on CWMS and its design, how it work etc....
I managed to get round this issue. Our company has a wildcard certificate from my CWMS I simply imported that certificate and it resolved this issue. As I understand it the wildcard needs to cover the domain name used in your webex URL.
E.g. if your webex site URL is webex.companyabc.com, your wildcard would cover *.companyabc.com
Hope that helps.
I had the same issue while connecting through VPN and believe we have found the cause. BTW from inside the company everything works.
The issue is that the server certificate checks the CRL list (defined in certificate) which is on host that I can not access through VPN.
I have contacted the customer to allow it and will see if that resolves the issue but I believe it should.