This explains How Jabber Client(JC) Login works, Types of JC login and how to troubleshoot JC login issues.
Jabber Client Login and Login Issues
Flow that the Jabber client uses to connect to services:
In this doc we are not discussing WebEx Messenger service.
Note: Expressway also called collab-edge(one of type of login request from jabber client) which you would see in coming slides.
>>Automatic Login: Here you just need to enter the userid@domainname , when you click on Continue, below requests are sent from Jabber client to DNS SRV(service Record).
First always Jabber client sends:
SRV_cisco-uds._tcp.example.com (example.com is domain name like cisco.com,ccie.com, changes from company to company what they have configured) to get the CUCM IP address. If DNS query fails(i.e in DNS SRV there was record for this service type), then Jabber client sends below.
SRV_cuplogin._tcp.example.com------> To get CUPS(presence server) IP.
If this fails, then below is sent.
SRV_collab-edge._tls.example.com------>Jabber client thinks that it is outside company network on WAN, so through internet it contacts VCS servers to contact Presence Servers.
>>If any one of the above succeeds(Jabber client sends http request to CUCM/CUPS IP), if the userid exists in CUCM/CUSP, then password would be prompted
If All fails, then we need to go for Manual Login(explained in coming slides)
>>Basically, in DNS SRV you define here for every “service type” of DNS query a resolution.
>>>Above shows, that a service record added for service _cisco-uds in DNS.
So here, when Jabber client request for SRV_cisco-uds._tcp.ccie.com, the DNS SRV sends the CUCM IP to Jabber client.
Also it sends the port number through which the Jabber needs to contact the CUCM Server.
Priority: If you are defining multiple CUCM IP, you can give priorities to each IP’s, based on priorities Jabber client contact those IP.
Weight: You mention values here, if you mentioned same priorities for CUCM IP’s. Inside same priorities CUCM IP’s, one with more weight would be preferred.
Once Jabber gets, the IP address, it sends http request to CUCM IP along with the port number.
>>Similarly we add here for service “_cuplogin” for CUPS IP.
For Manual Login, click on Advanced Settings:
-Automatic which is explained in previous slide(When Jabber starts initially for the first time after installation this is checked by default)
-Cisco IM & Presence: when this is clicked you can select “user the default server(in this case jabber always sends SRV_cuplogin._tcp.example.com request to DNS SRV) or you can select “user the following server” with CUPS server IP(so jabber client contacts CUPS server)
-WebEx Messenger: this is something managed Cisco cloud WebEx service, not discussed here.
- Cisco CM 8.x or 9.x(or later) : when this is clicked you can select “user the default server(in this case jabber always sends SRV_cisco-uds._tcp.example.com request to DNS SRV) or you can select “user the following server” with CUCM server IP (so jabber client contacts CUCM server)
The above service profile selected in the end user page, as above configs.
VM profile: VM options for jabber client
Directory profile: Jabber client contact this when there is contacts search in jabber client.
IM and presence Profile: contains Presence(CUPS) details.
++ Below shows Tomcat security logs from CUCM, how CUCM checks in LDAP and authenticates this user.
We can track this request from JC in logs with number 47(which is same for this user login process) and number keeps changing for other user login request.
2014-11-05 11:59:07,716 DEBUG [http-bio-443-exec-47] impl.AuthenticationLDAP - authenticateUserWithPassword: userName=nirmal2014-11-05 11:59:07,716 DEBUG [http-bio-443-exec-47] impl.AuthenticationLDAP - SearchUserDn for nirmal
2014-11-05 11:59:07,908 DEBUG [http-bio-443-exec-47] impl.AuthenticationLDAP - makeConnection: ldapURL=ldap://10.106.89.210:389
2014-11-05 11:59:07,916 DEBUG [http-bio-443-exec-47] impl.AuthenticationLDAP - searchUserDn: performing search with userBase=CN=users, DC=ccie, DC=com, filter=(&(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113522.214.171.1243:=2)))(sAMAccountName=nirmal)), constraints=javax.naming.directory.SearchControls@c201cb
2014-11-05 11:59:07,921 DEBUG [http-bio-443-exec-47] impl.AuthenticationLDAP - authenticateUserWithPassword: calling auth as dn search is successful for user nirmal and the dn is CN=Nirmal Issac, CN=users, DC=ccie, DC=com
2014-11-05 11:59:07,938 DEBUG [http-bio-443-exec-47] impl.AuthenticationLDAP - auth: successful for dn CN=Nirmal Issac, CN=users, DC=ccie, DC=com