cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays
3883
Views
5
Helpful
6
Replies
Flo.Matalis
Beginner

Cisco Finesse Not Able to Login after Upgrade to 11.6.1 ES02

Hi Experts,

 

I just upgraded our UCCX from 10.6.1 to 11.6.1 ES02, however, when trying to login to Finesse, I am getting below error:

 

https://:8445/desktop/container/j_security_check?realm_error=axl_generic_error&username=XXXX


"Authorization failed. Contact your system administrator."

 

All of the services are up and licenses have been uploaded. Authentication is working as tried to login to ucm user portal and able to login successfully. Tried to restart CCX Notification Services and Finesse Tomcat but still getting the error.

 

Am I missing something?

 

Also, just to confirm, am I able to use CAD on version 11.6.1?

 

Thanks in advance!

 

Regards,

Florence

6 REPLIES 6
Ratheesh Kumar
Collaborator

Hi there

Can you check the data/jtapi sync and do a resync. Do you have failover UCCX ? Can you initiate one more restart

No, from 11.0 onwards it’s just Finesse.

Hope this helps

Cheers
Rath!

***Please rate helpful posts***

Thanks Rath for your reply. Found out that it was due to the Tomcat certificate. Issue has been resolved!

Just to clarify, as I ran into this as well. My customers Call Manager Tomcat Certs were self-signed and expired.  I renewed them to fix the problem.   The UCCX Tomcat cert was from a CA, and was valid.

I have exactly the same issue just after re-generating the Tomcat cert of CUCM/IMP (signed with the same CA as before).

Then no onw was able to log on to Finesse, with the same error message.

As the tomcat certs are not self signed, and coming from the same CA as before, I initiate a restart of UCCX to see what's going on....

Nothing better, It is hitting this bug CSCvo69307

Same as Unity Connection when it involves CUCM 12.5.

If you are running tomcat in multisan, then you have to set the extension OID.2.5.29.17 to Critical: false (I absolutely have no idea how to do it on a Windows CA).

However a solution can be signing the tomcat certs individually without SAN at all (even parent domain).

 

I am surprised that this bug causes complete outage of UCCX for the agent, and is only flagged as an Enhancement, with 21 cases attached to it at this time. No procedure on how generating the cert without these constraints, no fix or ES, nothing in the admin or install guide warning for this, that's a shame.

Just hit this bug tonight while doing a CUCM upgrade to 12.5 SU1 and UCCX upgrade to 11.6.2. ES04. Took my TAC agent around 2 hours to figure it out (no blame, its a weird one). My issue presented as an AXL error when trying to login to the admin pages. I'm sure Finesse would have had the same issue as described earlier in this thread. 

 

Hopefully the customer's CA knows how to sign the keys properly if we send them the bug notes.. Weird issue for sure! 

Content for Community-Ad

Spotlight Awards 2021