Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11989
Views
10
Helpful
10
Replies

Finesse login fails to load

Go to solution
Stuart C
Level 1
Level 1

‎05-31-2018 06:28 AM - edited ‎03-15-2019 06:38 AM

Hi All, 

 

Hope someone can help here.  I have an issue with all users not being able to log into finesse.  When you enter credentials and hit sign in, it just sits there and never loads.  I restarted Cisco finesse tomcat.  After I restarted it, the user briefly got "incorrect login credentials" before it just goes back to not loading at all, with no error message.

I have looked at certificates on UCCX and they're all in date.  I've taken Cisco Finesse logs from RTMT but they show nothing to do with my login.  When I try to use the "sign in with persistent logging" this shows no output either.  Chrome, IE and Firefox have been tested and they all do the same, nothing loads.

 

Any ideas?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Chakshu Piplani
Cisco Employee
Cisco Employee
In response to Stuart C

‎05-31-2018 08:08 AM

That might very well be the issue.

Please regenerate the tomcat certificates on CUCM.

 

you can use CLI :

set cert regen tomcat

 

which will generate a self signed certificate.

If you are using a CA signed, you will need to get it re-generated from the signing auth.

 

HTH

Chuck

View solution in original post

10 Replies 10

Go to solution
Chakshu Piplani
Cisco Employee
Cisco Employee

‎05-31-2018 08:02 AM

Have you tried restarting the "Cisco Unified CCX Notification Service" ?

0 Helpful

Go to solution
Stuart C
Level 1
Level 1
In response to Chakshu Piplani

‎05-31-2018 08:05 AM

Hi,
We restarted the whole server as it had been up over 500+ days, but this didn’t make a difference. Are there any certs on CUCM that may affect it as I did spot a tomcat cert that was out of date?
Thanks
0 Helpful

Go to solution
Chakshu Piplani
Cisco Employee
Cisco Employee
In response to Stuart C

‎05-31-2018 08:08 AM

That might very well be the issue.

Please regenerate the tomcat certificates on CUCM.

 

you can use CLI :

set cert regen tomcat

 

which will generate a self signed certificate.

If you are using a CA signed, you will need to get it re-generated from the signing auth.

 

HTH

Chuck

Go to solution
Stuart C
Level 1
Level 1
In response to Chakshu Piplani

‎05-31-2018 08:13 AM

Yes the certificate on CUCM is a self-signed cert. So I can just regenerate this?
0 Helpful

Go to solution
Chakshu Piplani
Cisco Employee
Cisco Employee
In response to Stuart C

‎06-01-2018 04:01 AM

Yes you can regenerate them.

You can also regenerate them through the OS administration page.

Security->Certificate management

Open the expired tomcat cert and hit "Regenerate"

 

Restart Cisco Tomcat on the affected node.

CLI:

utils service restart Cisco Tomcat

 

Try agent login.

 

Keep me posted

HTH

Chuck

 

0 Helpful

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame
In response to Chakshu Piplani

‎06-03-2018 10:06 AM - edited ‎06-03-2018 10:22 AM

With respect Chakshu, I feel this is somewhat wreckless advise. In my opinion, the entire topic of certificate regeneration/renewal on CUCM is a bit radioactive because of the ITL. Yes, I know that Tomcat isn’t involved in the ITL but many people don’t and that disclaimer/clarification seems important before telling someone to regenerate certificates (ie, “be careful not to touch CallManger cert without first understanding IT/TVS”). All of that aside, we also don’t know if that cert has been manually trusted anywhere else in the OP’s environment, GPO to avoid buying CA-Signed certs for Jabber to name one example.

 

If there is a cert problem the Tomcat security logs would show a clear error to that effect.

 

My guess is the first or second AXL server defined in CCX isn’t responding properly. I suggest verifying that the CUCM Publisher is listed first and then possibly restarting that service on CUCM.

0 Helpful

Go to solution
Stuart C
Level 1
Level 1
In response to Jonathan Schulenberg

‎06-04-2018 01:10 AM

Hi,
Which service are you referring to please?
Thanks
0 Helpful

Go to solution
Stuart C
Level 1
Level 1
In response to Chakshu Piplani

‎06-21-2018 02:01 AM

Just to close down the post.  It was indeed the expired TOMCAT self-signed certificate that was causing the finesse login to fail. 

 

Symptom was: After entering login credentials to finesse login page, the page fails to load anything, you just see the page waiting to load.  No error is returned.  If you restart Finesse TOMCAT service, you briefly get an "invalid username or password" message before the symptom goes back to not loading anything at all.

 

Thanks

Go to solution
Ratheesh Kumar
VIP Alumni
VIP Alumni

‎05-31-2018 08:22 AM

Hi there

Just curious to know are you entering the credentials correctly. Finesse login is really case sensitive, while CUCM is not. Please make sure that the agent user id is entered correctly as in CUCM/LDAP (if its an LDAP for instance if username is CiscoAgent, please try entering the "C" and "A entered as upper case.

 

 

Hope this Helps
 
Cheers
Rath!

***Please rate helpful posts***

 

 

 

 

 

0 Helpful

Go to solution
twedell
Level 1
Level 1

‎10-20-2021 04:48 PM

Just in case any one else comes across this issue and can't solve it with certs or googling, we found that our antivirus solution (Sophos Central) was blocking access to the login page. Once we added our Finesse URLs to the exclusion list for web monitoring, all was well.

0 Helpful
Customers Also Viewed These Support Documents