Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6356
Views
5
Helpful
6
Replies

Cisco Finesse Not Able to Login after Upgrade to 11.6.1 ES02

Flo.Matalis
Level 1
Level 1

‎06-09-2018 09:25 AM - edited ‎03-14-2019 06:14 PM

Hi Experts,

 

I just upgraded our UCCX from 10.6.1 to 11.6.1 ES02, however, when trying to login to Finesse, I am getting below error:

 

https://:8445/desktop/container/j_security_check?realm_error=axl_generic_error&username=XXXX


"Authorization failed. Contact your system administrator."

 

All of the services are up and licenses have been uploaded. Authentication is working as tried to login to ucm user portal and able to login successfully. Tried to restart CCX Notification Services and Finesse Tomcat but still getting the error.

 

Am I missing something?

 

Also, just to confirm, am I able to use CAD on version 11.6.1?

 

Thanks in advance!

 

Regards,

Florence

Labels:
0 Helpful
6 Replies 6

Ratheesh Kumar
VIP Alumni
VIP Alumni

‎06-09-2018 10:28 AM

Hi there

Can you check the data/jtapi sync and do a resync. Do you have failover UCCX ? Can you initiate one more restart

No, from 11.0 onwards it’s just Finesse.

Hope this helps

Cheers
Rath!

***Please rate helpful posts***
0 Helpful

Flo.Matalis
Level 1
Level 1
In response to Ratheesh Kumar

‎06-10-2018 05:41 AM

Thanks Rath for your reply. Found out that it was due to the Tomcat certificate. Issue has been resolved!
0 Helpful

CCIE7700
Level 1
Level 1
In response to Flo.Matalis

‎01-07-2019 03:21 PM

Just to clarify, as I ran into this as well. My customers Call Manager Tomcat Certs were self-signed and expired.  I renewed them to fix the problem.   The UCCX Tomcat cert was from a CA, and was valid.

0 Helpful

gabriel.caclin
Level 4
Level 4
In response to Flo.Matalis

‎06-14-2019 12:54 AM

I have exactly the same issue just after re-generating the Tomcat cert of CUCM/IMP (signed with the same CA as before).

Then no onw was able to log on to Finesse, with the same error message.

As the tomcat certs are not self signed, and coming from the same CA as before, I initiate a restart of UCCX to see what's going on....

0 Helpful

gabriel.caclin
Level 4
Level 4
In response to gabriel.caclin

‎06-14-2019 02:56 AM - edited ‎06-14-2019 05:28 AM

Nothing better, It is hitting this bug CSCvo69307

Same as Unity Connection when it involves CUCM 12.5.

If you are running tomcat in multisan, then you have to set the extension OID.2.5.29.17 to Critical: false (I absolutely have no idea how to do it on a Windows CA).

However a solution can be signing the tomcat certs individually without SAN at all (even parent domain).

 

I am surprised that this bug causes complete outage of UCCX for the agent, and is only flagged as an Enhancement, with 21 cases attached to it at this time. No procedure on how generating the cert without these constraints, no fix or ES, nothing in the admin or install guide warning for this, that's a shame.

wsteahr01
Level 1
Level 1
In response to gabriel.caclin

‎07-11-2019 03:09 AM

Just hit this bug tonight while doing a CUCM upgrade to 12.5 SU1 and UCCX upgrade to 11.6.2. ES04. Took my TAC agent around 2 hours to figure it out (no blame, its a weird one). My issue presented as an AXL error when trying to login to the admin pages. I'm sure Finesse would have had the same issue as described earlier in this thread. 

 

Hopefully the customer's CA knows how to sign the keys properly if we send them the bug notes.. Weird issue for sure! 

0 Helpful
Customers Also Viewed These Support Documents