10-17-2022 01:00 PM - edited 10-19-2022 09:00 AM
This article describes some steps to follow in order to troubleshoot Push Notifications not working from the Server and Client perspective.
Cisco recommends that you have knowledge of these topics:
The information in this document is based on these software and hardware versions:
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Refer to the official Push Notification Deployment guideline for implementations of the deployment.
Important! Keep in mind that there are limitations on which versions do Push Notifications are supported.
Remember that the CUCM and IM&P (if used) required access to the public network to reach the Apple/Google Cloud to be able to send and receive push notifications. Thus, keep in mind that the following ports are required to be opened:
- TCP 443 between the CUCM and IM&P with the Cisco Cloud
- TCP 5223 from Jabber to Apple Cloud (Fallback port: TCP 443)
- TCP 9966 from CUCM Publisher to the rest of the CUCM Subscriber nodes.
Run these commands on all the CUCM and IM&P nodes via the Command Line Interface (CLI) to confirm that connectivity to the Cisco Cloud is successful.
- utils network connectivity fos-a.wbx2.com 443admin:utils network connectivity fos-a.wbx2.com 443
Connection to fos-a.wbx2.com 443 port [tcp/https] succeeded!
Service accessible
admin:utils network connectivity idbroker.webex.com 443
Connection to idbroker.webex.com 443 port [tcp/https] succeeded!
Service accessible
admin:utils network connectivity push.webexconnect.com 443
Connection to push.webexconnect.com 443 port [tcp/https] succeeded!
Service accessible
If you are using a proxy server, read the Proxy Support for Cloud Collaboration section in the deployment guide.
The username and password are not mandatory for Proxy usage, although it is highly recommended to avoid any security breaches.
Common issues in the APNS flow are usually caused by missing or expired certificates.
Refer to the Certificates for Cloud Connection section of the deployment guide for more information.
In some instances you might encounter an error saying: The resource lock platform.api.network.address is currently locked by process 29775@sgp-cm1(NetMessageDispatch-80). Please try again later. When trying to upload the Tomcat-trust certificate. See the image below.
A restart of the DRF Master service requires to be performed.
"Push Notification/Activation Code Onboarding Settings cannot be configured as a valid certificate is not present in trust store. Either upload the certificates manually or check the check box to have Cisco manage the Cisco Cloud Service CA Certificates. For HTTPS proxy make sure the valid certificates are present for tomcat and tomcat trust store"
Check the following:
- WebEx certificate [wbx] is not missing nor expired.
- GoDaddy certificate is not missing or expired.
- Hydrant certificate is not missing or expired.
- If your goal is to make Cisco manage the Cisco Cloud Service CA Certificates, review your network, firewall and proxy settings, as those might be blocking the download of the certificates.
In the Push Notification Logs you might see an error like this in case there is a network issue:
2020-10-02 00:25:13,668 ERROR [http-bio-443-exec-23] utilities.CloudOnboarding - Service validation Error:
org.apache.http.conn.ConnectTimeoutException: Connect to fos-a.wbx2.com:443 [fos-a.wbx2.com/13.59.223.243] failed: connect timed out
Once the certificates have been uploaded correctly, keep in mind that the Cisco Tomcat and Cisco Push Notification Services require to be restarted in all the CUCM nodes, and the Cisco Tomcat service in all the IM&P nodes. These actions do not disrupt the workflow of the system, you will just face issues with the web GUI and possible log in errors from the Jabber while the Tomcat service is restarting.
Afterwards, proceed with the Generate Voucher action and continue with the process to enable Push Notifications.
Many problems start at the beginning of the implementation, specifically in the Cisco Cloud Onboarding webpage.
2022-09-28 07:24:26,596 ERROR [Timer-4132] xmlframework.XCPConfigMgr - 400 Bad Request: invalid_request, unsupported_grant_type, invalid_client, invalid_refresh_token, tokenlimit_reached 2022-09-28 07:24:26,603 ERROR [Timer-4132] xmlframework.XCPConfigMgr - PNS : FetchAndStoreAccessToken : Did not get a valid 200 response value for accessToken. 2022-09-28 07:34:26,607 INFO [Timer-4133] utilities.CloudOnboarding - TRACKING ID:::::::FOS_0a2e0098-1582-4f82-91b1-2cb3cfb97251 2022-09-28 07:34:26,857 ERROR [Timer-4133] utilities.TomcatTrustManager - checkServerTrusted:entered 2022-09-28 07:34:26,864 ERROR [Timer-4133] utilities.TomcatTrustManager - checkServerTrusted:entered 2
It is common to track the call from the CallManager Traces before looking into the Jabber logs, to confirm that the CUCM sent the call invite to the cloud.
Look for the CI in the CUCM traces like in the excerpt below.
30695118.001 |15:03:46.684 |AppInfo |PushNotify::wait_SsPushNotifyReq() Sending PNReq for trackingID = CUCMCallP_a9869065-b4e8-4eb5-a9aa-d239a2ea7b0b_deploy:onprem_clusterinfo:PIMCO-CUCM-NewportBeach-2, pushId = 2-221133330
PushNotify::wait_SsPushNotifyReq() Sending PNReq for trackingID = CUCMCallP_e7486baa-0127-43a3- 8711-cb2ab4ffeb2f_deploy:onprem_clusterinfo:StandAloneCluster-1 , CI = 28845312
queueMessage() message:{"messagetype":"REQUEST_PUSH_NOTIFICATION","TYPE":"incomingcall","REF":","28845312,"DEVICETOKEN":" 7da51a8aee1f469267e53398c9d7cc1187a9999e9dc7a2140c3d195acddf79b5 ","KEY":"-21DDpT0RwyA4G5cApJleqE6L2pmQaVXTThLQCtjpY","ALGO":"A256GCM","APNS","TRACKINGID":"CUCMCallP_e7486baa-0127-43a3-8711
cb2ab4ffeb2f_deploy:onprem_clusterinfo:StandAloneCluster-1}
{"MESSAGETYPE":"RESPONSE_PUSH_NOTIFICATION","TRACKINGID":"CUCMCallP_e7486baa 0127 43a3 8711-
cb2ab4ffeb2f_deploy:onprem_clusterinfo:StandAloneCluster1","STATUS":"200","TEXT":""}
[ConfigService-ConfigStoreManager] [getValue] - key : [enablevoipsocket ] skipLocal : [0] value: [false] success: [true] configStoreName: [TftpConfigStore]
[UI.Action.System] [-[JabberIOSAppDelegate application:didFinishLaunchingWithOptions:]] iOS system(not user) launch jabber at background
[UI.Action.System] [-[YLCVoipPushManagerpushRegistry:didReceiveIncomingPushWithPayload:forType:]] - jabber receive push message. payload.type: PKPushTypeVoIP , for type: PKPushTypeVoIP, Cisco Tracking ID: CUCMCallP_e7486baa 0127-43a3-8711-cb2ab4ffeb2f_deploy:onprem_clusterinfo:StandAloneCluster-1, teams trackingId:(null)
xcpconfig: Packet from Router<message xmlns="jabber:client" from="iOSuser@domain.com/jabber_1 1 1 1" to="xcpconfigmgr.imp-domain-com" id="a6efdc94-1486-489e-a76b-b9e021"><publish xmlns="http://protocols.cisco.com/push:?><subscriber service= "APNS">7da51a8aee1f469267e53398c9d7cc1 187a9999e9dc7a2140c3d195acddf79b5</subscriber><session>124e4c86-dbaO-4f06-86dd-328b27bb04b5</session><notify type="chat" from=lIuser@domain.com/jaber_2222" to="iOSuser@domain.com" id="257eee24:46f7:4168:9350:940cad203fa3" ... body="APNS Test Message" /><encrypt alg="A256GCM">...
xmlframework.PushXMPP - <message xmlns="jabber:client" from="iOSuser@domain.com/jabber_1111" to="xcpconfigmgr.imp12papns-domain-com" id="a6efdc94-1486-489e-a76b-b9e021ffc0d6"><publish xmlns="http:// protocols.cisco.com/push:2"><subscriber service="APNS">7da51a8aee1f469267e53398c9d7cc1187a9999e9dc7a2140c3d195acddf79b5</subscriber><session>124e4c86-dba0-4f06-86dd-328b27bb04b5</session><notify type="chat" from=" user@domain.com/jaber_2222" to="iOSuser@domain.com" id="257eee24:46f7:4168:9350:940cad203fa3" ... body="APNS Test message " /><encrypt alg="A256GCM">NUkF98dgr3_K8PlGqaY0pbXnCe1aCc5QpUcKbJhy6s</encrypt></publish></message>
xmlframework.PushXMPP - PNS: onPacket: Sending packet to: https://push.webexconnect.com/jabber/apns/prod
xmlframework.PushPacketHandler - PNS: pushCall: Sending Push Notification for packet with Cisco Tracking ID: IMPXCPConfigMgr_a6efdc94-1486-489e-a76b-b9e021ffc0d6 ... fa3_deploy:onprem
xmlframework.PushPacketHandler - PNS: Push Successful, received successful response code from REST . Cisco Tracking ID: IMPXCPConfigMgr_a6efdc94-1486-489e-a76b-b9e021ffc0d6 _... fa3_deploy:onprem
[IMPServices InstantMessageConversationServiceImpl] [IsPushEnabled ] - <PUSH> IS_PUSH_ENABLED: 1
Pushpacket received with TrackingID
-[-[YLCVoipPushManagerpushRegistry:didReceiveIncomingPushWithPayload:forType:]] - jabber receive push message.payload.type:PKPushTypeVoIP, for type: PKPushTypeVoIP, Cisco-Tracking ID: IMPXCPConfigMgr_a6efdc94 1486-489e-a76b-b9e021ffc0d6_ ... fa3_deploy:onprem, teams trackingId:(null)
Recv :<message iOSuser@domain.com" notify="1" subtype="mdm:rcvd" to="iOSuser@domain.com/jabber_1111" type=" chat" uuid ="9f2cf74c-9848-481b-90e7-4f8fd27809ab"><delay from="domain.com" stamp="2019-06-6T17:02:34.962258Z" xmlns=" urn:xmpp:delay message from="user@domain.com/jaber_2222" id="257eee24:46f7:4168:9350:940cad203fa3" to="iOSuser@domain.com" type="chat"
xml:lang en "><body>******</body></ thread>connect30079</thread> ...
In order to verify that APNS is working, perform the next steps.
Step 1. Use an iPhone or Android device with Jabber running in the foreground.
Step 2. Confirm in the CUCM Administration web page > Devices > Phones > TCT or BOT that the device is registered.
Step 3. Close the Jabber application in the cellphone. Wait some time and then check in the Phones menu that the device is unregistered.
Step 4. Make a call and wait a few seconds. The phone should get registered and the call should start ringing in the cellphone.
No version dependant
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: