Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17697
Views
0
Helpful
14
Replies

your username or password is not correct - jabber

Willz
Level 1
Level 1

‎03-28-2018 02:45 AM - edited ‎03-17-2019 07:25 PM

Hi all,

The new employees (all after the first day deploy the Cisco Phone system) in my company having an issue with cisco jabber, they cann't login to Jabber (your username or password is not correct).

But it works well with all who's account was created at the first day the system deployed.

it means all the accounts created after the first day synced in AD, cannot login

and,

can see the new user in end user

in AD, user can login onto all computers

assigned presences to the users

user can login to end user page  

any suggestions? Thanks

0 Helpful
14 Replies 14

Mohammed al Baqari
Level 11
Level 11

‎03-28-2018 02:56 AM

Is this expressway deployment or not. Can you check the certificate in CUCM
and Expressway and see if any expired
0 Helpful

Willz
Level 1
Level 1
In response to Mohammed al Baqari

‎03-28-2018 07:32 PM

It's expressway, and less than 1Y, so I don't think it expired, Thanks,

0 Helpful

Maren Mahoney
VIP
VIP

‎03-29-2018 12:17 PM

Is it possible that the after-day-one users have a configuration difference from the day-one users? Double-check all of the settings:

Jabber CSF device is owned by the user

End User Account is associated with the Jabber CSF

End User Account has "Home Cluster" and enabled for Presence checked

End User has a "good" UC Service Profile

End User Account is part of "Standard End User" and "Standard CTI Enabled" groups

 

And, once you have double-checked everything I would suggest doing a "Reset Cisco Jabber" on the Jabber client before trying to log in again.

 

I don't mean to insult you by stating the obvious above, but it always seems like it's one checkbox on one of the 19 places you have to go in CUCM to set something up that ends up making it not work.

0 Helpful

Willz
Level 1
Level 1
In response to Maren Mahoney

‎03-29-2018 11:47 PM

Thanks, and actually the first thing I did is to check the configurations

and double confirmed, all the configurations correct.

 

0 Helpful

Maren Mahoney
VIP
VIP
In response to Willz

‎03-30-2018 05:33 AM - edited ‎03-30-2018 05:35 AM

OK. The next thing I would look for is whether Jabber is able to reach the UC systems and successfully identify/resolve the user against the system. And by that I mean:

 

On a fresh Jabber login (or after you do a Jabber Reset), you have to type in the user's name plus domain like "JackBlack@mycompany.com". Then Jabber queries DNS for services, and if it finds a _cisco-uds or _collab-edge record it will present the user with the password screen. If the Jabber client has been successful in reaching the server indicated the DNS (whether it is direct or through Expressway) and can resolve the name, the username on the password screen will show up as "JackBlack". But if the client is not able to reach the UC system to resolve the name, the username on the password screen will still show up as "JackBlack@mycompany.com".

 

So for your day two users, when they are asked for a password on the Jabber client what does the username look like?

0 Helpful

Willz
Level 1
Level 1
In response to Maren Mahoney

‎04-01-2018 06:50 PM

Both the users successful reached the server indicated the DNS, and show only the username not the company email address. but the one before can login with username and password, and the another one just show "your username or password is not correct"

0 Helpful

Maren Mahoney
VIP
VIP
In response to Willz

‎04-01-2018 10:44 PM

This indicates that the authentication problem is likely on the CUCM side. I'd say to pursue the questions posed by Slavik Bialik below.

0 Helpful

Slavik Bialik
Level 7
Level 7

‎04-01-2018 10:41 AM - edited ‎04-01-2018 10:43 AM

Hi Will,

Tell us please which authentication type you're using on your Expressway?

Go to Expressway-C server to: Configuration -> Unified Communications -> Configuration.

What is configured under those options?

  • Authentication path
  • Authorize by OAuth token with refresh
  • Authorize by user credential

Thanks.

 

BTW, is it working fine when those employees are trying to login from the internal network, without the Expressway service?

0 Helpful

Willz
Level 1
Level 1
In response to Slavik Bialik

‎04-01-2018 11:19 PM

Sorry, the expressway c server not be finished yet, still on testing, not online... so that will be the problem?

0 Helpful

Slavik Bialik
Level 7
Level 7
In response to Willz

‎04-01-2018 11:36 PM

Hi,

I thought they're using a softphone over MRA (Expressway) already.

By the way, can you login to your IM&P server and see that all services are up?

I had a problem with my IM&P lately that caused the same error when trying to login Jabber, and I found out eventually that "Sync Agent" service was down.

Better then that, you can go to IM&P and do: Diagnostics -> System Troubleshooter.

And it'll tell you if everything's OK or not.

0 Helpful

Willz
Level 1
Level 1
In response to Slavik Bialik

‎04-01-2018 11:50 PM

yes, I can login IM&P server.

the result:

1.Microsoft RCC application is currently toggled to inactive.

2.There are no Exchange presence gateways currently provisioned.

3.Invalid inter-cluster peers. The following TLS-enabled peers have not successfully exchanged security certificates: officeinanothercountry.mycompany.com

4.No external database server entries are currently provisioned.

5.No third-party compliance server entries are currently provisioned.

6.The Cisco XCP Directory service is not running.

7.213 user(s) have been identified as having an empty Directory URI value. This will not currently impact presence. However this should be fixed if you are planning to change the IM Address Scheme to Directory URI. Up to 10 of the impacted users are listed below:

 

0 Helpful

Slavik Bialik
Level 7
Level 7
In response to Willz

‎04-01-2018 11:55 PM

Waiiiiiiiiit a second!

Do you have inter-cluster configured between both IM&P servers? Do you have 2 (or more) different clusters with the same domain which you're trying to inter-connect? I think that's where you issue resides.

As you can see, it "screams": TLS-enabled peers have not successfully exchanged security certificates.

I think maybe your Tomcat certificates in your IM&P were expired, or maybe aren't trusted for some reason. Can you check that? 

Another thing... because I can guess that you're using inter-cluster on your IM&P and I'm guessing you have 2 clusters (or more), I bet that you also using ILS between the CUCM clusters. If so, please make sure that "Home Cluster" isn't selected on both clusters for the same users, because it'll definitely cause this issue. A user can be allocated to ONE cluster only. So if your new (or old) users for some reason have "Home Cluster" selected on both CUCM clusters, you must un-check the "Home Cluster" in the CUCMs which they're not located at. 

0 Helpful

Willz
Level 1
Level 1
In response to Slavik Bialik

‎10-11-2018 07:19 PM

checked the user allocated to only one cluster

But find a thing maybe cause the issue,

in end user settings, Enabled user for Unified CM IM and P, but in "presence Viewer for Users", showed"Presence Server assignment Unassigned" 

Screen Shot 2018-10-12 at 10.09.58 AM.png

Screen Shot 2018-10-12 at 10.10.14 AM.png

 

 

0 Helpful

luckeblack
Level 1
Level 1

‎03-19-2020 03:36 AM

I had similar issue. 

I found problem with Presence Grope HA out of sync etc.

Check Presence Groupe under System Menu, then check if End User is assigned to Presence Presence server. Menu under User Management.

0 Helpful
Customers Also Viewed These Support Documents