cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Blog-Cisco Community Wins Lithy 2018 Award

21976
Views
45
Helpful
17
Replies
Beginner

Webex Error 23 after upgrade to 2.5 MR5

Hello,

 

after upgrade of WebEX2.5 to MR5 all user encounter error 23 - setup was unsuccessful when trying to log in to webex. Only connection via productivity tools or temporary application works.

 

Reinstalling Webex tools does not help at all.

 

Do you have any recommendations?

 

Regards,

Lukasz.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hi Lukasz, this bug is

Hi Lukasz, this bug is different. The bug you referenced is related to CWMS SSL certs.

 

However, the issue you were seeing is related to an expired VeriSign SSL intermediate cert on the client's PCs which is being used to validate certificates used to sign WebEx dll files. This is not the same cert used for CWMS SSL configuration, but something that IE and Windows normally pull automatically from the internet and update in their trust stores. 

The workaround is to do the following:

  1. Download this SSL cert from Verisign:   https://knowledge.verisign.com/library/VERISIGN/ALL_OTHER/Certificates/Code2010/VeriSign_Class_3_Code_Signing_2010_CA.cer

  2. Download this certificate to the affected PC(s).

  3. From IE open "Internet Option” dialog box and under “Content" click on “Certificates".

  4. Import this certificate as "Intermediate Certificate Authorities”.

  5. Test to see if this resolves your issue.

 

This issue happens on PCs that don’t have internet access and therefore are unable to receive updated certificates automatically.

 

I hope this clarifies it a little bit more.

-Dejan

17 REPLIES
Highlighted
Cisco Employee

Hello Lukasz, What is the

Hello Lukasz,

 

What is the size of your system (50, 250, 800, or 2000)?

Do you have High Availability?

What type of use management are you using (Directory Integration via CUCM/AXL > LDAP, local user profiles, or SSO via SAML)?

Are you having an issue only with log in via WebEx Site URL?

At this time, there are no known issues with authentication on 2.5 MR5 so we would need to investigate further.

-Dejan

Beginner

Hello,Size is 250, no

Hello,

Size is 250, no internet reverse proxy.

Directory integration, as you said: CUCM/AXL -> LDAP (+LDAP authentication). No SSO. No HA.

Issues exists only when using URL. Everything works fine via productivity tools, also works if you connect via url, but using Java or "temporary" method. 

It looks like the problem exist only when using Cisco WebEX Meeting application (at least it looks that way).

 

Regards,

Lukasz.

Cisco Employee

Hi Lukasz, I just need to

Hi Lukasz,

 

I just need to ensure I understand the issue entirely. Please, let me know which of these statements is correct:

1. A profiled user goes to WebEx Site URL, enters their e-mail and password, and they get error 23 ?

2. A profiled user clicks on Join WebEx meeting link in the e-mail notification, and when they try to authenticate they get error 23 ?

3, A guest user click on Join WebEx meeting link in the e-mail notification, and when the meeting client starts to load the system reports error 23 ?

4. Something else happens?

 

Can you also include the screen show of the screen when the issue is observed?

 

Thank you.

- Dejan

Beginner

Hi, sorry if I was not clear.

Hi, sorry if I was not clear. It happens not during login, but when user joins meeting, when browser is showing "just a moment, we are setting up your meeting" - thats the point when error appears. If you do not use browser, but productivity tools, everything works fine.

 

Regards,

Lukasz.

Cisco Employee

Thank you for clarifying this

Thank you for clarifying this for me, Lukasz. 

 

Can you confirm if this is happening to every user or you have users that don't experience the issue?

What version of browsers are you using?

What version of Operating System are you using?

Also, what is the exact version of Cisco WebEx Meetings Server client used by affected users?

Thank you.

-Dejan

Beginner

Every user. Browser or OS

Every user. Browser or OS seems irrelevant.

Browser versions are: FF 26.0 and IE 11.0.9

Client is: 29.13.10.10182

 

Regards,

Lukasz.

Beginner

Hello, I have just restored

Hello,

 

I have just restored the system from the older version, the funny thing is that, after the revert connecting to meetings still did not work. So, I have removed the Cisco Webex Meeting plugin 29.13.10.10182 and installed the old version 29.9.2.10085 and it started working again.

 

so it's 100% related to the plugin in MR5.

 

Regards,

Lukasz.

Cisco Employee

Hi Lukasz, I am also checking

Hi Lukasz,

 

I am also checking some other cases with the same error, and we seen it on 2.5 MR4 as well (only 1 report of the issue), but no solution is available yet as in most end users there was something related to the environment that was causing this. 

I'll monitor the  other case being worked out to see if there is any solid breakthrough. We have many customers using 2.5 MR4 and MR5 and we had only one customer reporting this issue to TAC (and now you as well). It is most likely the combination of the new plug in and specifics in the environment.

 

I'll keep you posted.

-Dejan

Beginner

Thank you Dejan.I'm looking

Thank you Dejan.

I'm looking forward to any news, since I would like to perform an upgrade in the future (for SSO mainly).

 

Regards,

Lukasz.

Cisco Employee

Hi Lukasz,Our team is still

Hi Lukasz,

Our team is still investigating this issue. I assume since you reverted back you haven't experienced this issue again. I will keep you posted of any updates in regards to this issue and the possible resolution.

-Dejan

Cisco Employee

Hi Lukasz,In another customer

Hi Lukasz,

In another customer we worked with on the same symptom you've experienced here, it was identified that there was an issue with error: Error 23 means IDS_SECURITY_TAMPERED.

It means there is something wrong with the integrity check of a Webex .dll file. 
Most typically this means there could be a problem with any certificate in the certificate path used to verify the digital signature on the file.

In that one customer's case, the issue was related to expired/revoked intermediate signing certificate from Verisign (which is used to digitally sign Webex .dll files)

This is typically seen on PCs that don’t have internet access and therefore are unable to receive updated certificates automatically.

The fix for this customer was to download the certificate manually and install it as Intermediate Certificate on affected PCs.

In this one customer's case, this was the link to download the relevant certificate from VeriSign:  https://knowledge.verisign.com/library/VERISIGN/ALL_OTHER/Certificates/Code2010/VeriSign_Class_3_Code_Signing_2010_CA.cer

 

With a valid certificate, this was the action plan to execute:

1. Download certificate to affected PC(s).
2. From IE open "Internet Option” dialog box and under “Content" click on “Certificates".
3. Import certificate as "Intermediate Certificate Authorities”.

 

I hope this will be of help.

-Dejan

Beginner

Thank you for explanation

Thank you for explanation Dejan.

It looks like it's the bug referenced under:

CSCuu48189

Regards,

Lukasz

Cisco Employee

Hi Lukasz, this bug is

Hi Lukasz, this bug is different. The bug you referenced is related to CWMS SSL certs.

 

However, the issue you were seeing is related to an expired VeriSign SSL intermediate cert on the client's PCs which is being used to validate certificates used to sign WebEx dll files. This is not the same cert used for CWMS SSL configuration, but something that IE and Windows normally pull automatically from the internet and update in their trust stores. 

The workaround is to do the following:

  1. Download this SSL cert from Verisign:   https://knowledge.verisign.com/library/VERISIGN/ALL_OTHER/Certificates/Code2010/VeriSign_Class_3_Code_Signing_2010_CA.cer

  2. Download this certificate to the affected PC(s).

  3. From IE open "Internet Option” dialog box and under “Content" click on “Certificates".

  4. Import this certificate as "Intermediate Certificate Authorities”.

  5. Test to see if this resolves your issue.

 

This issue happens on PCs that don’t have internet access and therefore are unable to receive updated certificates automatically.

 

I hope this clarifies it a little bit more.

-Dejan

Beginner

Re: Hi Lukasz, this bug is

Hi Dejan,

I have the same issue on CWMS 2.6 , as you mentioned this issue only happened on PCs  that have no internet access permission. but this is our company rule. these users cannot access internet but they need to access our internal CWMS to join WebEx meeting.

 

I imported the CA ( Certum CA ) into affected PC follow the steps you mentioned below. but it's not help. Is there any other solutions that can resolve this issue ?  Thanks a lot.

 

 

CreatePlease to create content
Ask the Expert- DMVPN on Cisco routers