I was not asking about xmpp federation. Your client uses XMPP for presence and instant  messaging and it uses SASL which is an XMPP component of XMPP for authentication and signing in to your IM and P server. This case we are looking at had XMPP sign in error. Even if you are not doing XMPP federation you still need the XMPP component in the infrastructure to work.

I have not looked at your logs and as such  I don't know why you yours isn't working.

Sorry, I misunderstood because of the comment of kim.

My Jabber log files say the same as kims with the error :

2015-02-19 08:18:51,463 INFO  [0x00001200] [ts\adapters\imp\components\Login.cpp(90)] [imp.service] [IMPStackCap::Login::OnLoginError] - ****************************************************************
2015-02-19 08:18:51,463 INFO  [0x00001200] [ts\adapters\imp\components\Login.cpp(91)] [imp.service] [IMPStackCap::Login::OnLoginError] - OnLoginError: (data=0) LERR_JABBER_AUTH <17>: Authentication error with server e.g. resource bind, TLS, create session or SASL error
2015-02-19 08:18:51,463 INFO  [0x00001200] [ts\adapters\imp\components\Login.cpp(92)] [imp.service] [IMPStackCap::Login::OnLoginError] - ****************************************************************

As we didnt change anything besides the upgrade from 8.2 to 8.5.1, it is hard to find any failure, everything is up and running, just the login gets this error message.

I attached my log file from Cisco Jabber.

Tobias,

How many IM & P server do you have in your cluster?

Can you please collect the following log files and attach here..

Configure trace settings and set to debug (ensure you tick all on each log file) (there is a little box for select all)

Cisco XCP Connection Manager
Cisco XCP Router
Cisco XCP Authentication Service

We have two IM&P Servers in our cluster.

When I collected the log files with RTMT, it said there are no log files for Cisco XCP Authentification Service.

The log files go from 6:25am to 6:40am. I tried to connect through MRA at 6:36am.

Before that I enabled the settings you told me.

I hope that was correct :)

I need the XCP router authentication service logs. This is very key in troubleshooting authentication issues. The reason why you didn't get any  logs is that you didn't select the correct time when collecting the logs..

Please test again and select "relative range" set the relative range to 5 or 10 minutes depending on when you did the test. If the test was done within 5 minutes of collecting the logs then set it to 5 minutes etc..

What is the user id you are testing with?

I get the same error message. No logs for XCP Authentification Service.

My id for testing is to1016

Additional Information:

We have not the same setup as the OP, we only have one cluster with 2 IM&P Servers.

Also we have 1 Publisher and 1 Subscriber.

And we only have one Exp-E and Exp-C.

Tobias,

I have looked at the logs you provided and IM&P server keeps saying the user is invalid..

06:36:13.868 |036efb70| debug| mod_external.c:1223 e_AUTH NOT handled, calling cb _e_auth_set_cb
06:36:13.868 |036efb70| info| authreg.cpp:42 Someone tried to authenticate as an invalid user to1016@hs-woe.de

+++ And then IM&P sent this message to expwC +++

06:36:13.868 |05644b70| verbose| deliver.c:1169 DELIVER: type:8, host:cm-1_jsmcp-1.voip-ewe-1-hs-woe-de, packet:<route from='to1016@hs-woe.de/wbxconnect' to='cm-1_jsmcp-1_xmppd-1@cm-1_jsmcp-1.voip-ewe-1-hs-woe-de/VsjqvKhQmcGWh19GMVvQZA23117/(auth)' type='auth'><iq id='uid:54ec0dcd:00007511:00000001' type='error' xml:lang='en' xmlns='jabber:client'><query xmlns='jabber:iq:auth'><username>to1016</username>XXXXXXXXXXXXXXXXXXXXXXXXXX><resource>wbxconnect</resource><connection_properties xmlns='http://www.jabber.com/schemas/connectionprops.xsd'><x type='submit' xmlns='jabber:x:data'><field var='FORM_TYPE'><value>http://www.jabber.com/schemas/connectionprops.xsd</value></field><field type='text-single' var='peer-address'><value>80.187.109.72</value></field><field type='text-single' var='peer-port'><value>30073</value></field><field type='text-single' var='local-address'><value>139.13.178.12</value></field><field type='text-single' var='local-port'><value>5222</value></field><field type='text-single' var='logical-jid'><value>to1016@hs-woe.de/wbxconnect</value></field><field type='text-single' var='peer-certificate'><value/></field></x></connection_properties></query><error type='auth' code='401'><not-authorized xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></iq></route>
06:36:13.868 |05644b70| debug| deliver.c:510 delivering to component 'voip-ewc-1-hs-woe-de'

Questions..

1. Does this user work internally?

2. Can you create a user with a more conventional id i.e. Tobi1016

3. Have you tested with a user on voip-pre-2 cups server?

Yes the user is working internally, we sync the users from ldap into CUCM Pub.

All our users are on pre1 because when we split the users on both servers, they cannot see the online status of the users from the other server.

So all users are on pre-1.

And I cant create other users, sorry.

Have you restarted your XCP router service? If you have then I guess you will have to open a TAC case with cisco. Please update us and let us know how it goes

Okey, I didnt expect that to work, because I have restarted the service before, I just wanted to give it another try, and...it worked.

Restarted the XCP router on pre-1 and now its working again.

I dont really know why, but thats not the first time with cisco software ;)

Thank you for the help! Really appreciated it :)
 

Wao, that is great news!!!.

I am curios to see if we can get the xcp authentication logs now. Can you spare five minutes to do another test and collect the logs as I instructed earlier please?

Yep the collection of xcp authentification logs is now working.

You can see the authentification process in the auth-svc-1_00000013.log when you search for to1016.

I attached the files for you if you are interested.
 

Great work, thank you.

Even though I restart the intercluster sync agent on IM&P servers, the problem haven't sloved.