cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5607
Views
20
Helpful
13
Replies

XMPP connection error after reserving PCCE 12.5 lab

Hi there,

 

Previously, I was working with the PCCE 12.0 lab, this time I reserved the PCCE 12.5 lab but now I am not able to establish XMPPClient connection to finesse for notifications, I am getting the below exception on login.

 

Please advise what else I need to configure?


Exception in thread "main" fin-xxx-x-xx.berlin.icm:5222 Exception: XMPPError connecting to fin-xxx-x-xx.berlin.icm:5222.; : remote-server-error(502)
-- caused by: XMPPError connecting to fin-xxx-x-xx.berlin.icm:5222.: remote-server-error(502) XMPPError connecting to fin-xxx-x-xx.berlin.icm:5222.
-- caused by: java.net.ConnectException: Connection timed out: connect
at org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection.java:592)
at org.jivesoftware.smack.XMPPConnection.connect(XMPPConnection.java:1010)
at project1.SampleXMPPClient.login(SampleXMPPClient.java:64)
at project1.SampleXMPPClient.main(SampleXMPPClient.java:116)
Nested Exception:
XMPPError connecting to fin-xxx-x-xx.berlin.icm:5222.: remote-server-error(502) XMPPError connecting to fin-xxx-x-xx.berlin.icm:5222.
-- caused by: java.net.ConnectException: Connection timed out: connect
at org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection.java:565)
at org.jivesoftware.smack.XMPPConnection.connect(XMPPConnection.java:1010)
at project1.SampleXMPPClient.login(SampleXMPPClient.java:64)
at project1.SampleXMPPClient.main(SampleXMPPClient.java:116)
Nested Exception:
java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.Socket.connect(Socket.java:529)
at java.net.Socket.connect(Socket.java:478)
at org.jivesoftware.smack.proxy.DirectSocketFactory.createSocket(DirectSocketFactory.java:45)
at org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection.java:557)
at org.jivesoftware.smack.XMPPConnection.connect(XMPPConnection.java:1010)
at project1.SampleXMPPClient.login(SampleXMPPClient.java:64)
at project1.SampleXMPPClient.main(SampleXMPPClient.java:116)
Process exited with exit code 1.

1 Accepted Solution

Accepted Solutions

Hi,

 

In 12.5, Finesse disabled the insecure 5222 port by default. You have two options:

 

1. Use the CLI utils finesse set_property webservices enableInsecureOpenfirePort true to enable the insecure port: https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/finesse/finesse_1251/admin/guide/cfin_b_1251-administration-guide/cfin_b_1251-administration-guide_appendix_01111.html#reference_3019ECC1ED3421DB3F35F3612A0DA5DD 

 

2. Switch to using 5223, but this requires you to deal with certificates.

 

Thanx,

Denise

View solution in original post

13 Replies 13

In addition to the above, please check the implemented connection configurations below:

 

ConnectionConfiguration config = new ConnectionConfiguration(hostname, 5222,"proxy.eu.jabber.org");

 

config.setDebuggerEnabled(true);
config.setSASLAuthenticationEnabled(true);
config.setReconnectionAllowed(false);

connection = new XMPPConnection(config);

 

subscriptionManager = new PubSubManager(connection, "pubsub." + hostname);

 

try
{
connection.connect();
connection.login(username, passwd, resource);
System.out.println("Successfully Connected");
} catch (XMPPException e)
{
System.out.println("Error during xmpp connection" +
e.getMessage());
throw e;
}

 

@dekwan: your prompt support is required on this issue.

thanks

Hi,

 

In 12.5, Finesse disabled the insecure 5222 port by default. You have two options:

 

1. Use the CLI utils finesse set_property webservices enableInsecureOpenfirePort true to enable the insecure port: https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/finesse/finesse_1251/admin/guide/cfin_b_1251-administration-guide/cfin_b_1251-administration-guide_appendix_01111.html#reference_3019ECC1ED3421DB3F35F3612A0DA5DD 

 

2. Switch to using 5223, but this requires you to deal with certificates.

 

Thanx,

Denise

Hello Denise,

 

Thanks for the feedback.

 

I went to the first approach, enabled the insecure port, and restarted the finesse Notification Service and Tomcat, image attached as well for reference (CLI-commands.png). Now, I can connect to XMPP but am not able to log in to finesse from my application or postman but I can log in with the same user from the finesse Agent desktop.

 

From any application, I am getting the below response after invoking login API.

 

DEBUG - URL = http://fin-xxx-x-xx.berlin.icm/finesse/api/User/XXXXX
DEBUG - xml body = <User><state>LOGIN</state><extension>1001</extension></User>
DEBUG - Response Code===> 301
DEBUG - Response body===> <html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>

</body>

</html>

 

From the postman, I am still getting the state as LOGOUT after invoking LOGIN, it should return NOT_READY, please check the attached snap (postman-resp.png).

 

Please advise.

 

Regards,

Muhammad Arslan

 

Hello Denise,

 

For the above issue, 301 Moved Permanently, we are redirecting the request to the Location URL given by the ResponseHeader Message. But upon sending the request to Location URL, we are getting the below exception.

 

Spoiler
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.SSLSocketImpl.checkEOF(Unknown Source)
at sun.security.ssl.SSLSocketImpl.checkWrite(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at java.io.FilterOutputStream.close(Unknown Source)

 

I have also tried to turn off the certificate trust validation using CLI but the same issue. 

 

utils finesse set_property webservices trustAllCertificates false

 

Can you please advise, from where we can get the SSL certificate to import?

 

Regards,

Muhammad Arslan

Hi,

 

Thanks for the feedback, actually we are using the same port 8445 and we are getting this exception.

 

 

Location: https://FIN-xxx-x-xx.berlin.icm:8445/finesse/api/User/123000

 

From postman, after disable SSL certification verification, I can invoke the LOGIN request at the above URL successfully but from our application, we are getting java exception as already explained above.

 

 

Can you please advise, from where we can download the certificates and where we have to import them?

 

Thanks & Regards,

Muhammad Arslan

 

 

Hi,

 

Sorry, I missed that part of the question. You can download it from the OS admin page: https://FQDN of Finesse server:8443/cmplatform under Security->Certificate Management. 

 

You can also download the cert from your browser after going to https://FQDN of Finesse server:8445/desktop

 

These are instructions to import certs, but might be useful in figuring out the location of the certs if the above isn't enough info:

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/finesse/finesse_1251/admin/guide/cfin_b_1251-administration-guide/cfin_b_1251-administration-guide_appendix_010000.html#task_B371D94D0962259AF62E16486F1F2E3E

 

Thanx,

Denise

Hi,

 

thanks for sharing this.

 

Just for confirmation, as per the link you shared above, do I need to do the same steps, first Export Self-signed live data certificates and then Import the certificate to Finesse servers?

 

And the same certificate I will import to my JVM, right?

 

Kindly also advise, is there any java version compatibility issue with finesse, I am using java 7.

 

Thanks & Regards,

Muhammad Arslan

Hi,

 

No, you do not need to import the live data certs. I just shared that link with you so you see where the location of the certs are. You want the Finesse tomcat cert from the Certificate Management. Like I said earlier, you can also download it from your browser.

 

As far as java compatibility, you are interacting with Finesse via REST API and XMPP so Java version is independent.

 

Thanx,

Denise

Hi, 

 

Thanks a lot for helping.

 

I have downloaded the self-signed tomcat-trust certificate for my server (from OS Admin) and imported it using keytool command and it is also under cacerts list but still, I am getting the same exception.

 

Command: keytool -import -alias "finesseca" -file "C:\Users\USER\Downloads\FIN-xx-x-xx.berlin.icm.pem" -keystore cacerts

 

Also tried after import FIN-xx-x-xx.berlin.icm.der certificate file.

 

Exception:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)

 

 

Regards,

Muhammad Arslan

 

 

Hi,

 

My only suggestion (which is probably not a great one), is to call one of the GET APIs (SystemInfo?) on your browser and downloading the cert that way. This way you know it is the one specifically for the APIs.

 

Also, is there a way to disable SSL cert verification from your client?

 

Thanx,

Denise

 

 

Hello Denise,

 

The issue has been fixed by importing the certificate to the exact JRE Keystore, I was importing it to a different JRE version.

 

Thanks & Regards,

Muhammad Arslan

Cool. I'm glad you were able to resolve your issue.

 

Thanx,

Denise

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: